From a59e360a0c039e72a087992f29dcbeedbdda7a40 Mon Sep 17 00:00:00 2001 From: Sertac Ozercan Date: Tue, 19 Mar 2024 21:38:50 +0000 Subject: [PATCH 1/5] chore: bump to go 1.22 bookworm Signed-off-by: Sertac Ozercan --- .github/workflows/license-lint.yaml | 2 +- .github/workflows/release-pr.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scan-vulns.yaml | 2 +- .github/workflows/workflow.yaml | 12 +- .go-version | 2 +- .golangci.yaml | 2 +- Dockerfile | 2 +- Tiltfile | 2 +- apis/config/v1alpha1/zz_generated.deepcopy.go | 1 - .../unversioned/zz_generated.deepcopy.go | 1 - .../v1alpha1/zz_generated.deepcopy.go | 1 - .../v1beta1/zz_generated.deepcopy.go | 1 - .../unversioned/zz_generated.deepcopy.go | 1 - apis/mutations/v1/zz_generated.deepcopy.go | 1 - .../v1alpha1/zz_generated.deepcopy.go | 1 - .../v1beta1/zz_generated.deepcopy.go | 1 - apis/status/v1beta1/zz_generated.deepcopy.go | 1 - .../syncset/v1alpha1/zz_generated.deepcopy.go | 1 - build/tooling/Dockerfile | 6 +- config/crd/bases/_.yaml | 3 +- .../bases/config.gatekeeper.sh_configs.yaml | 28 +- ...nsion.gatekeeper.sh_expansiontemplate.yaml | 113 +- .../bases/match.gatekeeper.sh_matchcrd.yaml | 183 +- .../bases/mutations.gatekeeper.sh_assign.yaml | 753 +++---- .../mutations.gatekeeper.sh_assignimage.yaml | 246 +-- ...utations.gatekeeper.sh_assignmetadata.yaml | 654 +++--- .../mutations.gatekeeper.sh_modifyset.yaml | 726 +++---- ...s.gatekeeper.sh_constraintpodstatuses.yaml | 25 +- ...eper.sh_constrainttemplatepodstatuses.yaml | 28 +- ...eeper.sh_expansiontemplatepodstatuses.yaml | 28 +- ...atus.gatekeeper.sh_mutatorpodstatuses.yaml | 33 +- .../bases/syncset.gatekeeper.sh_syncsets.yaml | 20 +- config/rbac/role.yaml | 2 - config/webhook/manifests.yaml | 2 - gator.Dockerfile | 2 +- .../crds/assign-customresourcedefinition.yaml | 494 ++++- .../assignimage-customresourcedefinition.yaml | 162 +- ...signmetadata-customresourcedefinition.yaml | 425 +++- .../crds/config-customresourcedefinition.yaml | 20 +- ...intpodstatus-customresourcedefinition.yaml | 20 +- ...atepodstatus-customresourcedefinition.yaml | 20 +- ...siontemplate-customresourcedefinition.yaml | 82 +- ...atepodstatus-customresourcedefinition.yaml | 20 +- .../modifyset-customresourcedefinition.yaml | 482 ++++- ...torpodstatus-customresourcedefinition.yaml | 24 +- .../syncset-customresourcedefinition.yaml | 15 +- .../gatekeeper-manager-role-clusterrole.yaml | 1 - .../gatekeeper-manager-role-role.yaml | 1 - manifest_staging/deploy/gatekeeper.yaml | 1766 +++++++++++++---- pkg/mutation/match/zz_generated.deepcopy.go | 1 - pkg/target/matchcrd_constant.go | 183 +- test/externaldata/dummy-provider/Dockerfile | 2 +- test/image/Dockerfile | 2 +- test/pubsub/fake-subscriber/Dockerfile | 2 +- 55 files changed, 4501 insertions(+), 2111 deletions(-) diff --git a/.github/workflows/license-lint.yaml b/.github/workflows/license-lint.yaml index 972babe2826..f5cb8b1ab08 100644 --- a/.github/workflows/license-lint.yaml +++ b/.github/workflows/license-lint.yaml @@ -32,7 +32,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Check out code into the Go module directory diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 71ec12b8989..48962819960 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -25,7 +25,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Set release version and target branch for vNext diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2db870e8ca0..2484d12fc87 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -37,7 +37,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Get tag diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml index 7570ea6f916..277f3de8314 100644 --- a/.github/workflows/scan-vulns.yaml +++ b/.github/workflows/scan-vulns.yaml @@ -33,7 +33,7 @@ jobs: steps: - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2 diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 1bfd0904039..c2e985dee5d 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -42,7 +42,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true # source: https://github.com/golangci/golangci-lint-action @@ -68,7 +68,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Unit test @@ -97,7 +97,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Check go.mod and manifests run: | @@ -123,7 +123,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Download e2e dependencies @@ -155,7 +155,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Bootstrap e2e @@ -279,7 +279,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Bootstrap e2e diff --git a/.go-version b/.go-version index 3500250a4b0..57807d6d0d0 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.21.0 +1.22.0 diff --git a/.golangci.yaml b/.golangci.yaml index 45f97871159..d4ddf3b08d7 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -22,7 +22,7 @@ linters-settings: locale: US staticcheck: # Select the Go version to target. The default is '1.13'. - go: "1.21" + go: "1.22" linters: disable-all: true diff --git a/Dockerfile b/Dockerfile index d4db5c85f79..76a2ca45218 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.21-bullseye" +ARG BUILDERIMAGE="golang:1.22-bookworm" # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details ARG BASEIMAGE="gcr.io/distroless/static:nonroot" diff --git a/Tiltfile b/Tiltfile index a141bec7557..00ecc8ca54c 100644 --- a/Tiltfile +++ b/Tiltfile @@ -17,7 +17,7 @@ if settings.get("trigger_mode", "auto").lower() == "manual": trigger_mode(TRIGGER_MODE_MANUAL) TILT_DOCKERFILE = """ -FROM golang:1.21-bullseye as tilt-helper +FROM golang:1.22-bookworm as tilt-helper # Support live reloading with Tilt RUN wget --output-document /restart.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/restart.sh && \ wget --output-document /start.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/start.sh && \ diff --git a/apis/config/v1alpha1/zz_generated.deepcopy.go b/apis/config/v1alpha1/zz_generated.deepcopy.go index 2df3903752c..75babe05f76 100644 --- a/apis/config/v1alpha1/zz_generated.deepcopy.go +++ b/apis/config/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/expansion/unversioned/zz_generated.deepcopy.go b/apis/expansion/unversioned/zz_generated.deepcopy.go index 3cd1633496d..4d789857276 100644 --- a/apis/expansion/unversioned/zz_generated.deepcopy.go +++ b/apis/expansion/unversioned/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/expansion/v1alpha1/zz_generated.deepcopy.go b/apis/expansion/v1alpha1/zz_generated.deepcopy.go index d44b368c3a1..678a47e3720 100644 --- a/apis/expansion/v1alpha1/zz_generated.deepcopy.go +++ b/apis/expansion/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/expansion/v1beta1/zz_generated.deepcopy.go b/apis/expansion/v1beta1/zz_generated.deepcopy.go index 6ae018f2d27..9a5a8ab01e0 100644 --- a/apis/expansion/v1beta1/zz_generated.deepcopy.go +++ b/apis/expansion/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/mutations/unversioned/zz_generated.deepcopy.go b/apis/mutations/unversioned/zz_generated.deepcopy.go index 0b0c3a9bb23..14932e0cbb7 100644 --- a/apis/mutations/unversioned/zz_generated.deepcopy.go +++ b/apis/mutations/unversioned/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/mutations/v1/zz_generated.deepcopy.go b/apis/mutations/v1/zz_generated.deepcopy.go index fc732100f53..659053c8820 100644 --- a/apis/mutations/v1/zz_generated.deepcopy.go +++ b/apis/mutations/v1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/mutations/v1alpha1/zz_generated.deepcopy.go b/apis/mutations/v1alpha1/zz_generated.deepcopy.go index 274942c8825..2598e5a3527 100644 --- a/apis/mutations/v1alpha1/zz_generated.deepcopy.go +++ b/apis/mutations/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/mutations/v1beta1/zz_generated.deepcopy.go b/apis/mutations/v1beta1/zz_generated.deepcopy.go index 50ef1e24539..7ac11182c3e 100644 --- a/apis/mutations/v1beta1/zz_generated.deepcopy.go +++ b/apis/mutations/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/status/v1beta1/zz_generated.deepcopy.go b/apis/status/v1beta1/zz_generated.deepcopy.go index 5a42224d349..c361b6cdd9a 100644 --- a/apis/status/v1beta1/zz_generated.deepcopy.go +++ b/apis/status/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/syncset/v1alpha1/zz_generated.deepcopy.go b/apis/syncset/v1alpha1/zz_generated.deepcopy.go index f3e663e93e0..af4e96c6165 100644 --- a/apis/syncset/v1alpha1/zz_generated.deepcopy.go +++ b/apis/syncset/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/build/tooling/Dockerfile b/build/tooling/Dockerfile index c5124a2d806..4a16fc563e4 100644 --- a/build/tooling/Dockerfile +++ b/build/tooling/Dockerfile @@ -1,7 +1,7 @@ -FROM golang:1.21-bullseye@sha256:47fa179d4966a0950485ede2ef81567bb1cf62e1e87af07e9830e5c928d06cd0 +FROM golang:1.22-bookworm@sha256:d996c645c9934e770e64f05fc2bc103755197b43fd999b3aa5419142e1ee6d78 -RUN GO111MODULE=on go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.10.0 -RUN GO111MODULE=on go install k8s.io/code-generator/cmd/conversion-gen@v0.25.4 +RUN GO111MODULE=on go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 +RUN GO111MODULE=on go install k8s.io/code-generator/cmd/conversion-gen@v0.29.3 RUN mkdir /gatekeeper WORKDIR /gatekeeper diff --git a/config/crd/bases/_.yaml b/config/crd/bases/_.yaml index 25f6032cf97..597bc60f700 100644 --- a/config/crd/bases/_.yaml +++ b/config/crd/bases/_.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 spec: group: "" names: diff --git a/config/crd/bases/config.gatekeeper.sh_configs.yaml b/config/crd/bases/config.gatekeeper.sh_configs.yaml index f9207c4dbab..de66db3a7a5 100644 --- a/config/crd/bases/config.gatekeeper.sh_configs.yaml +++ b/config/crd/bases/config.gatekeeper.sh_configs.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: configs.config.gatekeeper.sh spec: group: config.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: Config is the Schema for the configs API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,10 +45,10 @@ spec: properties: excludedNamespaces: items: - description: 'A string that supports globbing at its front - or end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array diff --git a/config/crd/bases/expansion.gatekeeper.sh_expansiontemplate.yaml b/config/crd/bases/expansion.gatekeeper.sh_expansiontemplate.yaml index e9a9298cb20..ded7d078046 100644 --- a/config/crd/bases/expansion.gatekeeper.sh_expansiontemplate.yaml +++ b/config/crd/bases/expansion.gatekeeper.sh_expansiontemplate.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: expansiontemplate.expansion.gatekeeper.sh spec: group: expansion.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,11 +40,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -57,14 +63,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to - be used for resources matching the ExpansionTemplate. Specifying - an empty value will use the enforcement action specified by the - Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which - the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -74,9 +81,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator - resource to use as the base for expanded resource. For Pod-creating - generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -110,10 +118,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias - to string. Being a type captures intent and helps make sure - that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array @@ -129,14 +137,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -144,11 +157,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -165,14 +180,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to - be used for resources matching the ExpansionTemplate. Specifying - an empty value will use the enforcement action specified by the - Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which - the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -182,9 +198,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator - resource to use as the base for expanded resource. For Pod-creating - generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -218,10 +235,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias - to string. Being a type captures intent and helps make sure - that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array diff --git a/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml b/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml index 1fd9983a63b..436b9c917ce 100644 --- a/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml +++ b/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: matchcrd.match.gatekeeper.sh spec: group: match.gatekeeper.sh @@ -18,44 +17,50 @@ spec: - name: match schema: openAPIV3Schema: - description: DummyCRD is a "dummy" CRD to hold the Match object, which we - ultimately need to generate JSONSchemaProps. The TypeMeta and ObjectMeta - fields are required for controller-gen to generate the CRD. + description: |- + DummyCRD is a "dummy" CRD to hold the Match object, which we ultimately + need to generate JSONSchemaProps. The TypeMeta and ObjectMeta fields are + required for controller-gen to generate the CRD. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string embeddedMatch: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If - defined, a constraint only applies to resources not in a listed - namespace. ExcludedNamespaces also supports a prefix or suffix based - glob. For example, `excludedNamespaces: [kube-*]` matches both - `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` - matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. - Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and - kinds fields that list the groups/kinds of objects to which the - mutation will apply. If multiple groups/kinds objects are specified, + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of the - slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -66,35 +71,36 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: - `matchLabels` and `matchExpressions`. These two fields provide - different methods of selecting or excluding k8s objects based on - the label keys and values included in object metadata. All selection - expressions from both sections are ANDed to determine if an object - meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -107,47 +113,47 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` - and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's - containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -160,37 +166,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. - Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). - A value of `Generated` will only match generated resources, while - `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -198,9 +206,12 @@ spec: type: string type: object kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadataDummy: type: object diff --git a/config/crd/bases/mutations.gatekeeper.sh_assign.yaml b/config/crd/bases/mutations.gatekeeper.sh_assign.yaml index 42d3c1bc386..57bfcf59b00 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_assign.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_assign.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: assign.mutations.gatekeeper.sh spec: group: mutations.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,13 +40,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -63,37 +68,40 @@ spec: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -104,36 +112,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -145,49 +154,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -199,37 +207,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -248,22 +258,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -291,15 +302,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -332,9 +346,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -343,9 +357,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -368,14 +383,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -383,13 +403,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -410,37 +431,40 @@ spec: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -451,36 +475,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -492,49 +517,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -546,37 +570,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -595,22 +621,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -638,15 +665,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -679,9 +709,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -690,9 +720,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -715,14 +746,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -730,13 +766,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -757,37 +794,40 @@ spec: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -798,36 +838,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -839,49 +880,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -893,37 +933,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -942,22 +984,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -985,15 +1028,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -1026,9 +1072,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1037,9 +1083,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml b/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml index b472e067181..0c9ad144db8 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: assignimage.mutations.gatekeeper.sh spec: group: mutations.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: AssignImage is the Schema for the assignimage API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,13 +40,14 @@ spec: description: AssignImageSpec defines the desired state of AssignImage. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -63,37 +68,40 @@ spec: `spec.containers[name: main].image`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -104,36 +112,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -145,49 +154,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -199,37 +207,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -240,28 +250,33 @@ spec: description: Parameters define the behavior of the mutator. properties: assignDomain: - description: AssignDomain sets the domain component on an image - string. The trailing slash should not be included. + description: |- + AssignDomain sets the domain component on an image string. The trailing + slash should not be included. type: string assignPath: description: AssignPath sets the domain component on an image string. type: string assignTag: - description: AssignImage sets the image component on an image - string. It must start with a `:` or `@`. + description: |- + AssignImage sets the image component on an image string. It must start + with a `:` or `@`. type: string pathTests: items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -294,9 +309,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -305,9 +320,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml b/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml index 902aba1db61..575657b7e23 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: assignmetadata.mutations.gatekeeper.sh spec: group: mutations.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,32 +45,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -77,36 +83,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -118,49 +125,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -172,37 +178,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -220,22 +228,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -267,9 +276,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. @@ -284,9 +293,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -295,9 +304,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -320,14 +330,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -340,32 +355,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -376,36 +393,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -417,49 +435,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -471,37 +488,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -519,22 +538,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -566,9 +586,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. @@ -583,9 +603,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -594,9 +614,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -619,14 +640,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -639,32 +665,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -675,36 +703,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -716,49 +745,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -770,37 +798,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -818,22 +848,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -865,9 +896,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. @@ -882,9 +913,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -893,9 +924,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml b/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml index 7e95583fb54..52222e8f46c 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: modifyset.mutations.gatekeeper.sh spec: group: mutations.gatekeeper.sh @@ -18,18 +17,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as + description: |- + ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,13 +42,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -64,37 +70,40 @@ spec: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -105,36 +114,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -146,49 +156,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -200,37 +209,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -249,18 +260,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can - be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -298,9 +313,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -309,9 +324,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -331,18 +347,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as + description: |- + ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -350,13 +372,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -377,37 +400,40 @@ spec: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -418,36 +444,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -459,49 +486,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -513,37 +539,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -562,18 +590,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can - be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -611,9 +643,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -622,9 +654,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -644,18 +677,24 @@ spec: - name: v1beta1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as + description: |- + ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -663,13 +702,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -690,37 +730,40 @@ spec: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -731,36 +774,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -772,49 +816,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -826,37 +869,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -875,18 +920,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can - be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -924,9 +973,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -935,9 +984,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/status.gatekeeper.sh_constraintpodstatuses.yaml b/config/crd/bases/status.gatekeeper.sh_constraintpodstatuses.yaml index fa7b9a1da46..f9678eb0f0a 100644 --- a/config/crd/bases/status.gatekeeper.sh_constraintpodstatuses.yaml +++ b/config/crd/bases/status.gatekeeper.sh_constraintpodstatuses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: constraintpodstatuses.status.gatekeeper.sh spec: group: status.gatekeeper.sh @@ -22,14 +21,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,8 +41,9 @@ spec: description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus. properties: constraintUID: - description: Storing the constraint UID allows us to detect drift, - such as when a constraint has been recreated after its CRD was deleted + description: |- + Storing the constraint UID allows us to detect drift, such as + when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch type: string enforced: diff --git a/config/crd/bases/status.gatekeeper.sh_constrainttemplatepodstatuses.yaml b/config/crd/bases/status.gatekeeper.sh_constrainttemplatepodstatuses.yaml index ca3cc7fd925..9030379a557 100644 --- a/config/crd/bases/status.gatekeeper.sh_constrainttemplatepodstatuses.yaml +++ b/config/crd/bases/status.gatekeeper.sh_constrainttemplatepodstatuses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: constrainttemplatepodstatuses.status.gatekeeper.sh spec: group: status.gatekeeper.sh @@ -22,14 +21,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -65,10 +69,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being - a type captures intent and helps make sure that UIDs and names do - not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object diff --git a/config/crd/bases/status.gatekeeper.sh_expansiontemplatepodstatuses.yaml b/config/crd/bases/status.gatekeeper.sh_expansiontemplatepodstatuses.yaml index 4335d45f5ca..18eb2b21385 100644 --- a/config/crd/bases/status.gatekeeper.sh_expansiontemplatepodstatuses.yaml +++ b/config/crd/bases/status.gatekeeper.sh_expansiontemplatepodstatuses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: expansiontemplatepodstatuses.status.gatekeeper.sh spec: group: status.gatekeeper.sh @@ -22,14 +21,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -60,10 +64,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being - a type captures intent and helps make sure that UIDs and names do - not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object diff --git a/config/crd/bases/status.gatekeeper.sh_mutatorpodstatuses.yaml b/config/crd/bases/status.gatekeeper.sh_mutatorpodstatuses.yaml index aee1905768b..6d9e9770821 100644 --- a/config/crd/bases/status.gatekeeper.sh_mutatorpodstatuses.yaml +++ b/config/crd/bases/status.gatekeeper.sh_mutatorpodstatuses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: mutatorpodstatuses.status.gatekeeper.sh spec: group: status.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: MutatorPodStatus is the Schema for the mutationpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -45,9 +49,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use - by controller code. If not present, the error should be treated - as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -56,9 +60,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such - as when a mutator has been recreated after its CRD was deleted out - from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/syncset.gatekeeper.sh_syncsets.yaml b/config/crd/bases/syncset.gatekeeper.sh_syncsets.yaml index 08ec5fc832e..2b1aa8978b0 100644 --- a/config/crd/bases/syncset.gatekeeper.sh_syncsets.yaml +++ b/config/crd/bases/syncset.gatekeeper.sh_syncsets.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: syncsets.syncset.gatekeeper.sh spec: group: syncset.gatekeeper.sh @@ -23,14 +22,19 @@ spec: defines the sets of resources that will be synced. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a258338234b..f3416ee2060 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: manager-role rules: - apiGroups: @@ -178,7 +177,6 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - creationTimestamp: null name: manager-role namespace: gatekeeper-system rules: diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 107758db5c2..9c89134b2d5 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -2,7 +2,6 @@ apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - creationTimestamp: null name: mutating-webhook-configuration webhooks: - admissionReviewVersions: @@ -31,7 +30,6 @@ webhooks: apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - creationTimestamp: null name: validating-webhook-configuration webhooks: - admissionReviewVersions: diff --git a/gator.Dockerfile b/gator.Dockerfile index 907c1b8f528..aac863f0285 100644 --- a/gator.Dockerfile +++ b/gator.Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.21-bullseye" +ARG BUILDERIMAGE="golang:1.22-bookworm" # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details ARG BASEIMAGE="gcr.io/distroless/static:nonroot" diff --git a/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml index 0221a194812..ccc4ebacaf6 100644 --- a/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assign.mutations.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -37,9 +46,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -59,21 +73,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -84,21 +117,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -110,29 +157,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -144,21 +208,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -176,17 +258,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -209,7 +297,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -239,7 +338,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -248,7 +349,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -271,10 +375,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -282,9 +395,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -304,21 +422,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -329,21 +466,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -355,29 +506,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -389,21 +557,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -421,17 +607,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -454,7 +646,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -484,7 +687,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -493,7 +698,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -516,10 +724,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -527,9 +744,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -549,21 +771,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -574,21 +815,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -600,29 +855,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -634,21 +906,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -666,17 +956,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -699,7 +995,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -729,7 +1036,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -738,7 +1047,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml index 197f2f17933..17bcf1d95c6 100644 --- a/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assignimage.mutations.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: AssignImage is the Schema for the assignimage API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -37,9 +46,14 @@ spec: description: AssignImageSpec defines the desired state of AssignImage. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -59,21 +73,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].image`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -84,21 +117,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -110,29 +157,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -144,21 +208,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -169,17 +251,32 @@ spec: description: Parameters define the behavior of the mutator. properties: assignDomain: - description: AssignDomain sets the domain component on an image string. The trailing slash should not be included. + description: |- + AssignDomain sets the domain component on an image string. The trailing + slash should not be included. type: string assignPath: description: AssignPath sets the domain component on an image string. type: string assignTag: - description: AssignImage sets the image component on an image string. It must start with a `:` or `@`. + description: |- + AssignImage sets the image component on an image string. It must start + with a `:` or `@`. type: string pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -209,7 +306,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -218,7 +317,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml index 65c17ed3ae1..ffa5dd09f8c 100644 --- a/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assignmetadata.mutations.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -42,18 +51,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -64,21 +89,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -90,29 +129,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -124,21 +180,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -155,17 +229,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -192,7 +272,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -205,7 +287,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -214,7 +298,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -237,10 +324,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -253,18 +349,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -275,21 +387,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -301,29 +427,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -335,21 +478,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -366,17 +527,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -403,7 +570,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -416,7 +585,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -425,7 +596,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -448,10 +622,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -464,18 +647,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -486,21 +685,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -512,29 +725,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -546,21 +776,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -577,17 +825,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -614,7 +868,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -627,7 +883,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -636,7 +894,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml index 269ca95f9a2..d267bbb387b 100644 --- a/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: configs.config.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: Config is the Schema for the configs API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -38,7 +47,10 @@ spec: properties: excludedNamespaces: items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array diff --git a/manifest_staging/charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml index c1e3199057d..566ac21f376 100644 --- a/manifest_staging/charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: constraintpodstatuses.status.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: ConstraintPodStatus is the Schema for the constraintpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -33,7 +42,10 @@ spec: description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus. properties: constraintUID: - description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the constraint UID allows us to detect drift, such as + when a constraint has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string enforced: type: boolean diff --git a/manifest_staging/charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml index 271572bd7e8..f6290d17f7a 100644 --- a/manifest_staging/charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: constrainttemplatepodstatuses.status.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -58,7 +67,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object diff --git a/manifest_staging/charts/gatekeeper/crds/expansiontemplate-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/expansiontemplate-customresourcedefinition.yaml index 0452edb7761..f5838f6e50e 100644 --- a/manifest_staging/charts/gatekeeper/crds/expansiontemplate-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/expansiontemplate-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: expansiontemplate.expansion.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -37,9 +46,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -56,10 +69,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -69,7 +87,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -101,7 +122,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array @@ -117,10 +141,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -128,9 +161,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -147,10 +184,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -160,7 +202,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -192,7 +237,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array diff --git a/manifest_staging/charts/gatekeeper/crds/expansiontemplatepodstatus-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/expansiontemplatepodstatus-customresourcedefinition.yaml index 8f49b4c5f7f..004abaf343d 100644 --- a/manifest_staging/charts/gatekeeper/crds/expansiontemplatepodstatus-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/expansiontemplatepodstatus-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: expansiontemplatepodstatuses.status.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: ExpansionTemplatePodStatus is the Schema for the expansiontemplatepodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,7 +63,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object diff --git a/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml index 46574fd369f..e4bdd600a8f 100644 --- a/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: modifyset.mutations.gatekeeper.sh @@ -19,13 +19,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -37,9 +48,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -59,21 +75,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -84,21 +119,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -110,29 +159,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -144,21 +210,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -176,9 +260,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -212,7 +309,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -221,7 +320,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -241,13 +343,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -255,9 +368,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -277,21 +395,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -302,21 +439,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -328,29 +479,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -362,21 +530,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -394,9 +580,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -430,7 +629,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -439,7 +640,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -459,13 +663,24 @@ spec: - name: v1beta1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -473,9 +688,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -495,21 +715,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -520,21 +759,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -546,29 +799,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -580,21 +850,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -612,9 +900,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -648,7 +949,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -657,7 +960,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml index fd6a0f6dea6..931e05e147a 100644 --- a/manifest_staging/charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: mutatorpodstatuses.status.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: MutatorPodStatus is the Schema for the mutationpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,7 +50,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -50,7 +61,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/syncset-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/syncset-customresourcedefinition.yaml index c5c51f9da4a..1ef7ce4154e 100644 --- a/manifest_staging/charts/gatekeeper/crds/syncset-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/syncset-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: syncsets.syncset.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: SyncSet defines which resources Gatekeeper will cache. The union of all SyncSets plus the syncOnly field of Gatekeeper's Config resource defines the sets of resources that will be synced. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-clusterrole.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-clusterrole.yaml index 2693455e989..e41f96c9790 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-clusterrole.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-clusterrole.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null labels: app: '{{ template "gatekeeper.name" . }}' chart: '{{ template "gatekeeper.name" . }}' diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-role.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-role.yaml index 1018dcdb667..72d7513baaf 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-role.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - creationTimestamp: null labels: app: '{{ template "gatekeeper.name" . }}' chart: '{{ template "gatekeeper.name" . }}' diff --git a/manifest_staging/deploy/gatekeeper.yaml b/manifest_staging/deploy/gatekeeper.yaml index 4fba41b01e4..6d264be23c0 100644 --- a/manifest_staging/deploy/gatekeeper.yaml +++ b/manifest_staging/deploy/gatekeeper.yaml @@ -34,7 +34,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assign.mutations.gatekeeper.sh @@ -54,10 +54,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -69,9 +78,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -91,21 +105,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -116,21 +149,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -142,29 +189,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -176,21 +240,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -208,17 +290,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -241,7 +329,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -271,7 +370,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -280,7 +381,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -303,10 +407,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -314,9 +427,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -336,21 +454,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -361,21 +498,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -387,29 +538,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -421,21 +589,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -453,17 +639,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -486,7 +678,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -516,7 +719,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -525,7 +730,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -548,10 +756,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -559,9 +776,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -581,21 +803,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -606,21 +847,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -632,29 +887,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -666,21 +938,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -698,17 +988,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -731,7 +1027,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -761,7 +1068,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -770,7 +1079,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -792,7 +1104,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assignimage.mutations.gatekeeper.sh @@ -812,10 +1124,19 @@ spec: description: AssignImage is the Schema for the assignimage API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -827,9 +1148,14 @@ spec: description: AssignImageSpec defines the desired state of AssignImage. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -849,21 +1175,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].image`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -874,21 +1219,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -900,29 +1259,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -934,21 +1310,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -959,17 +1353,32 @@ spec: description: Parameters define the behavior of the mutator. properties: assignDomain: - description: AssignDomain sets the domain component on an image string. The trailing slash should not be included. + description: |- + AssignDomain sets the domain component on an image string. The trailing + slash should not be included. type: string assignPath: description: AssignPath sets the domain component on an image string. type: string assignTag: - description: AssignImage sets the image component on an image string. It must start with a `:` or `@`. + description: |- + AssignImage sets the image component on an image string. It must start + with a `:` or `@`. type: string pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -999,7 +1408,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1008,7 +1419,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -1030,7 +1444,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assignmetadata.mutations.gatekeeper.sh @@ -1050,10 +1464,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -1070,18 +1493,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -1092,21 +1531,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1118,29 +1571,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1152,21 +1622,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -1183,17 +1671,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -1220,7 +1714,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -1233,7 +1729,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1242,7 +1740,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -1265,10 +1766,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1281,18 +1791,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -1303,21 +1829,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1329,29 +1869,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1363,21 +1920,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -1394,17 +1969,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -1431,7 +2012,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -1444,7 +2027,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1453,7 +2038,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -1476,10 +2064,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1492,18 +2089,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -1514,21 +2127,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1540,29 +2167,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1574,21 +2218,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -1605,17 +2267,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -1642,7 +2310,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -1655,7 +2325,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1664,7 +2336,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -1686,7 +2361,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: configs.config.gatekeeper.sh @@ -1706,10 +2381,19 @@ spec: description: Config is the Schema for the configs API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1722,7 +2406,10 @@ spec: properties: excludedNamespaces: items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array @@ -1792,7 +2479,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: constraintpodstatuses.status.gatekeeper.sh @@ -1812,10 +2499,19 @@ spec: description: ConstraintPodStatus is the Schema for the constraintpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1823,7 +2519,10 @@ spec: description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus. properties: constraintUID: - description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the constraint UID allows us to detect drift, such as + when a constraint has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string enforced: type: boolean @@ -1860,7 +2559,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: constrainttemplatepodstatuses.status.gatekeeper.sh @@ -1880,10 +2579,19 @@ spec: description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1916,7 +2624,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object @@ -2285,7 +2996,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: expansiontemplate.expansion.gatekeeper.sh @@ -2305,10 +3016,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -2320,9 +3040,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -2339,10 +3063,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -2352,7 +3081,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -2384,7 +3116,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array @@ -2400,10 +3135,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2411,9 +3155,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -2430,10 +3178,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -2443,7 +3196,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -2475,7 +3231,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array @@ -2490,7 +3249,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: expansiontemplatepodstatuses.status.gatekeeper.sh @@ -2510,10 +3269,19 @@ spec: description: ExpansionTemplatePodStatus is the Schema for the expansiontemplatepodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2542,7 +3310,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object @@ -2553,7 +3324,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: modifyset.mutations.gatekeeper.sh @@ -2570,13 +3341,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -2588,9 +3370,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -2610,21 +3397,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -2635,21 +3441,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2661,29 +3481,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2695,21 +3532,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -2727,9 +3582,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -2763,7 +3631,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -2772,7 +3642,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -2792,13 +3665,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2806,9 +3690,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -2828,21 +3717,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -2853,21 +3761,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2879,29 +3801,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2913,21 +3852,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -2945,9 +3902,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -2981,7 +3951,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -2990,7 +3962,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -3010,13 +3985,24 @@ spec: - name: v1beta1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3024,9 +4010,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -3046,21 +4037,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -3071,21 +4081,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3097,29 +4121,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3131,21 +4172,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -3163,9 +4222,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -3199,7 +4271,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -3208,7 +4282,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -3230,7 +4307,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: mutatorpodstatuses.status.gatekeeper.sh @@ -3250,10 +4327,19 @@ spec: description: MutatorPodStatus is the Schema for the mutationpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3269,7 +4355,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -3278,7 +4366,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -3375,7 +4466,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: syncsets.syncset.gatekeeper.sh @@ -3395,10 +4486,19 @@ spec: description: SyncSet defines which resources Gatekeeper will cache. The union of all SyncSets plus the syncOnly field of Gatekeeper's Config resource defines the sets of resources that will be synced. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -3435,7 +4535,6 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - creationTimestamp: null labels: gatekeeper.sh/system: "yes" name: gatekeeper-manager-role @@ -3464,7 +4563,6 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null labels: gatekeeper.sh/system: "yes" name: gatekeeper-manager-role diff --git a/pkg/mutation/match/zz_generated.deepcopy.go b/pkg/mutation/match/zz_generated.deepcopy.go index 26213f1e2d5..d06323b2094 100644 --- a/pkg/mutation/match/zz_generated.deepcopy.go +++ b/pkg/mutation/match/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/pkg/target/matchcrd_constant.go b/pkg/target/matchcrd_constant.go index fd454258514..87e993cd953 100644 --- a/pkg/target/matchcrd_constant.go +++ b/pkg/target/matchcrd_constant.go @@ -9,8 +9,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: matchcrd.match.gatekeeper.sh spec: group: match.gatekeeper.sh @@ -24,44 +23,50 @@ spec: - name: match schema: openAPIV3Schema: - description: DummyCRD is a "dummy" CRD to hold the Match object, which we - ultimately need to generate JSONSchemaProps. The TypeMeta and ObjectMeta - fields are required for controller-gen to generate the CRD. + description: |- + DummyCRD is a "dummy" CRD to hold the Match object, which we ultimately + need to generate JSONSchemaProps. The TypeMeta and ObjectMeta fields are + required for controller-gen to generate the CRD. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string embeddedMatch: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If - defined, a constraint only applies to resources not in a listed - namespace. ExcludedNamespaces also supports a prefix or suffix based - glob. For example, `+"`"+`excludedNamespaces: [kube-*]`+"`"+` matches both - `+"`"+`kube-system`+"`"+` and `+"`"+`kube-public`+"`"+`, and `+"`"+`excludedNamespaces: [*-system]`+"`"+` - matches both `+"`"+`kube-system`+"`"+` and `+"`"+`gatekeeper-system`+"`"+`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `+"`"+`excludedNamespaces: [kube-*]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and + `+"`"+`kube-public`+"`"+`, and `+"`"+`excludedNamespaces: [*-system]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and + `+"`"+`gatekeeper-system`+"`"+`. items: - description: 'A string that supports globbing at its front or end. - Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and - kinds fields that list the groups/kinds of objects to which the - mutation will apply. If multiple groups/kinds objects are specified, + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of the - slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -72,35 +77,36 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: - `+"`"+`matchLabels`+"`"+` and `+"`"+`matchExpressions`+"`"+`. These two fields provide - different methods of selecting or excluding k8s objects based on - the label keys and values included in object metadata. All selection - expressions from both sections are ANDed to determine if an object - meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `+"`"+`matchLabels`+"`"+` + and `+"`"+`matchExpressions`+"`"+`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -113,47 +119,47 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `+"`"+`name: pod-*`+"`"+` would match - both `+"`"+`pod-a`+"`"+` and `+"`"+`pod-b`+"`"+`, and `+"`"+`name: *-pod`+"`"+` would match both `+"`"+`a-pod`+"`"+` - and `+"`"+`b-pod`+"`"+`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `+"`"+`name: pod-*`+"`"+` would match + both `+"`"+`pod-a`+"`"+` and `+"`"+`pod-b`+"`"+`, and `+"`"+`name: *-pod`+"`"+` would match both `+"`"+`a-pod`+"`"+` and `+"`"+`b-pod`+"`"+`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's - containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -166,37 +172,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `+"`"+`namespaces: - [kube-*]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and `+"`"+`kube-public`+"`"+`, and `+"`"+`namespaces: - [*-system]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and `+"`"+`gatekeeper-system`+"`"+`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `+"`"+`namespaces: [kube-*]`+"`"+` matches both + `+"`"+`kube-system`+"`"+` and `+"`"+`kube-public`+"`"+`, and `+"`"+`namespaces: [*-system]`+"`"+` matches both + `+"`"+`kube-system`+"`"+` and `+"`"+`gatekeeper-system`+"`"+`. items: - description: 'A string that supports globbing at its front or end. - Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `+"`"+`*`+"`"+`, `+"`"+`Cluster`+"`"+`, or `+"`"+`Namespaced`+"`"+`. - (defaults to `+"`"+`*`+"`"+`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `+"`"+`*`+"`"+`, `+"`"+`Cluster`+"`"+`, or `+"`"+`Namespaced`+"`"+`. (defaults to `+"`"+`*`+"`"+`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `+"`"+`Generated`+"`"+`|`+"`"+`Original`+"`"+`|`+"`"+`All`+"`"+` (defaults to `+"`"+`All`+"`"+`). - A value of `+"`"+`Generated`+"`"+` will only match generated resources, while - `+"`"+`Original`+"`"+` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `+"`"+`Generated`+"`"+`|`+"`"+`Original`+"`"+`|`+"`"+`All`+"`"+` (defaults to `+"`"+`All`+"`"+`). A value of + `+"`"+`Generated`+"`"+` will only match generated resources, while `+"`"+`Original`+"`"+` will only + match regular resources. enum: - All - Generated @@ -204,9 +212,12 @@ spec: type: string type: object kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadataDummy: type: object diff --git a/test/externaldata/dummy-provider/Dockerfile b/test/externaldata/dummy-provider/Dockerfile index 001880610c9..86daf931342 100644 --- a/test/externaldata/dummy-provider/Dockerfile +++ b/test/externaldata/dummy-provider/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.21-bullseye" +ARG BUILDERIMAGE="golang:1.22-bookworm" ARG BASEIMAGE="gcr.io/distroless/static:nonroot" FROM --platform=$BUILDPLATFORM $BUILDERIMAGE as builder diff --git a/test/image/Dockerfile b/test/image/Dockerfile index 293ce9bec9e..fb6b26a36c1 100644 --- a/test/image/Dockerfile +++ b/test/image/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21-bullseye@sha256:47fa179d4966a0950485ede2ef81567bb1cf62e1e87af07e9830e5c928d06cd0 as builder +FROM golang:1.22-bullseye@sha256:d996c645c9934e770e64f05fc2bc103755197b43fd999b3aa5419142e1ee6d78 as builder ARG BATS_VERSION ARG ORAS_VERSION diff --git a/test/pubsub/fake-subscriber/Dockerfile b/test/pubsub/fake-subscriber/Dockerfile index fa389e7c05d..74a77f7528e 100644 --- a/test/pubsub/fake-subscriber/Dockerfile +++ b/test/pubsub/fake-subscriber/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.21-bullseye" +ARG BUILDERIMAGE="golang:1.22-bookworm" ARG BASEIMAGE="gcr.io/distroless/static:nonroot" FROM --platform=$BUILDPLATFORM $BUILDERIMAGE as builder From 61c0af458e4cd0092c0776da5751dcc960c3d11e Mon Sep 17 00:00:00 2001 From: Sertac Ozercan Date: Wed, 27 Mar 2024 21:15:06 +0000 Subject: [PATCH 2/5] chore: update lint Signed-off-by: Sertac Ozercan --- .github/workflows/lint.yaml | 58 +++++++++++++++++++ .github/workflows/workflow.yaml | 26 --------- .golangci.yaml | 4 +- Makefile | 6 +- pkg/audit/stats_reporter.go | 1 - .../constrainttemplate_controller_test.go | 32 +++++----- .../constrainttemplate/stats_reporter.go | 1 - .../constrainttemplatestatus_controller.go | 2 +- pkg/controller/controller.go | 2 +- .../expansion/expansion_controller_test.go | 4 +- pkg/controller/expansion/stats_reporter.go | 1 - .../expansionstatus_controller.go | 2 +- pkg/controller/mutators/core/adder.go | 4 +- .../mutators/core/controller_test.go | 4 +- .../mutators/core/reconciler_test.go | 6 +- pkg/gator/verify/runner_test.go | 2 +- pkg/mutation/mutators/conversion_test.go | 4 +- .../mutators/core/mutation_function_test.go | 4 +- pkg/mutation/system_external_data_test.go | 14 ++--- pkg/readiness/ready_tracker_test.go | 2 +- pkg/syncutil/single_runner_test.go | 2 +- pkg/syncutil/syncbool_test.go | 2 +- pkg/watch/manager_test.go | 8 +-- pkg/webhook/common_test.go | 2 +- test/testutils/controller.go | 3 +- 25 files changed, 113 insertions(+), 83 deletions(-) create mode 100644 .github/workflows/lint.yaml diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 00000000000..5b39d4abd53 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,58 @@ +name: lint + +on: + push: + branches: + - master + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + pull_request: + branches: + - master + paths-ignore: + - ".github/workflows/website.yaml" + - "docs/**" + - "library/**" + - "demo/**" + - "deprecated/**" + - "example/**" + - "website/**" + - "**.md" + +permissions: read-all + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: "1.22" + check-latest: true + + - name: download + run: | + wget https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz + tar -xzf golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz + sudo mv golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint /usr/local/bin/ + env: + GOLANGCI_LINT_VERSION: 1.57.1 + + - name: lint + run: | + golangci-lint version + golangci-lint run -v ./... diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 926a7ef82ee..6d063b7bebe 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -26,32 +26,6 @@ on: permissions: read-all jobs: - lint: - name: "Lint" - runs-on: ubuntu-22.04 - timeout-minutes: 7 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit - - - name: Check out code into the Go module directory - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: "1.22" - check-latest: true - - # source: https://github.com/golangci/golangci-lint-action - - name: golangci-lint - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 - with: - # version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v1.55.2 - test: name: "Unit test" runs-on: ubuntu-22.04 diff --git a/.golangci.yaml b/.golangci.yaml index d4ddf3b08d7..2afc0cf40e9 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,6 +1,8 @@ run: timeout: 5m - skip-files: + +issues: + exclude-files: - pkg/target/matchcrd_constant.go linters-settings: diff --git a/Makefile b/Makefile index faccede490f..30a6a4186d0 100644 --- a/Makefile +++ b/Makefile @@ -33,7 +33,7 @@ GATEKEEPER_NAMESPACE ?= gatekeeper-system # When updating this, make sure to update the corresponding action in # workflow.yaml -GOLANGCI_LINT_VERSION := v1.55.2 +GOLANGCI_LINT_VERSION := v1.57.1 # Detects the location of the user golangci-lint cache. GOLANGCI_LINT_CACHE := $(shell pwd)/.tmp/golangci-lint @@ -361,9 +361,9 @@ manifests: __controller-gen # across systems. # Source: https://golangci-lint.run/usage/install/#docker lint: - docker run --rm -v $(shell pwd):/app \ + docker run -t --rm -v $(shell pwd):/app \ -v ${GOLANGCI_LINT_CACHE}:/root/.cache/golangci-lint \ - -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine \ + -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} \ golangci-lint run -v # Generate code diff --git a/pkg/audit/stats_reporter.go b/pkg/audit/stats_reporter.go index ca759a2e0a2..8fb5c4678d9 100644 --- a/pkg/audit/stats_reporter.go +++ b/pkg/audit/stats_reporter.go @@ -97,7 +97,6 @@ func newStatsReporter() (*reporter, error) { metric.WithDescription("Total number of audited violations"), metric.WithInt64Callback(r.observeTotalViolations), ) - if err != nil { return nil, err } diff --git a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go index 4c196ba5981..b751ef98343 100644 --- a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go +++ b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go @@ -236,7 +236,7 @@ func TestReconcile(t *testing.T) { testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) clientset := kubernetes.NewForConfigOrDie(cfg) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { crd := &apiextensionsv1.CustomResourceDefinition{} @@ -270,7 +270,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -297,7 +297,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -325,7 +325,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -355,7 +355,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -394,7 +394,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, expectedCRD(suffix))) testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // check if vap resource exists now @@ -487,7 +487,7 @@ func TestReconcile(t *testing.T) { testutils.CreateThenCleanup(ctx, t, c, constraintTemplate) var crd *apiextensionsv1.CustomResourceDefinition - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { crd = &apiextensionsv1.CustomResourceDefinition{} @@ -504,7 +504,7 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { crd := &apiextensionsv1.CustomResourceDefinition{} @@ -528,7 +528,7 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { sList := &statusv1beta1.ConstraintPodStatusList{} @@ -544,7 +544,7 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { return c.Create(ctx, newDenyAllCstr(suffix)) @@ -598,7 +598,7 @@ func TestReconcile(t *testing.T) { // https://github.com/open-policy-agent/gatekeeper/pull/1595#discussion_r722819552 t.Cleanup(testutils.DeleteObject(t, c, instanceInvalidRego)) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { ct := &v1beta1.ConstraintTemplate{} @@ -673,7 +673,7 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { resp, err := cfClient.Review(ctx, req) @@ -810,7 +810,7 @@ violation[{"msg": "denied!"}] { t.Fatalf("unexpected tracker, got %T", ot) } // ensure that expectations are set for the constraint gvk - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { gotExpected := tr.IsExpecting(gvk, types.NamespacedName{Name: "denyallconstraint"}) @@ -836,7 +836,7 @@ violation[{"msg": "denied!"}] { } // Check readiness tracker is satisfied post-reconcile - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { satisfied := tracker.For(gvk).Satisfied() @@ -851,7 +851,7 @@ violation[{"msg": "denied!"}] { } func constraintEnforced(ctx context.Context, c client.Client, suffix string) error { - return retry.OnError(testutils.ConstantRetry, func(err error) bool { + return retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { cstr := newDenyAllCstr(suffix) @@ -978,7 +978,7 @@ func applyCRD(ctx context.Context, client client.Client, gvk schema.GroupVersion u := &unstructured.UnstructuredList{} u.SetGroupVersionKind(gvk) - return retry.OnError(testutils.ConstantRetry, func(err error) bool { + return retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { if ctx.Err() != nil { diff --git a/pkg/controller/constrainttemplate/stats_reporter.go b/pkg/controller/constrainttemplate/stats_reporter.go index 68ac2781496..77754344622 100644 --- a/pkg/controller/constrainttemplate/stats_reporter.go +++ b/pkg/controller/constrainttemplate/stats_reporter.go @@ -56,7 +56,6 @@ func newStatsReporter() *reporter { metric.WithDescription(ctDesc), metric.WithInt64Callback(r.observeCTM), ) - if err != nil { panic(err) } diff --git a/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go b/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go index c1d44bf196b..c8efd5b7498 100644 --- a/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go +++ b/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go @@ -76,7 +76,7 @@ func newReconciler( // PodStatusToConstraintTemplateMapper correlates a ConstraintTemplatePodStatus with its corresponding constraint template // `selfOnly` tells the mapper to only map statuses corresponding to the current pod. func PodStatusToConstraintTemplateMapper(selfOnly bool) handler.MapFunc { - return func(ctx context.Context, obj client.Object) []reconcile.Request { + return func(_ context.Context, obj client.Object) []reconcile.Request { labels := obj.GetLabels() name, ok := labels[v1beta1.ConstraintTemplateNameLabel] if !ok { diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 3076b5fba02..d129dc03e02 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -167,7 +167,7 @@ func AddToManager(m manager.Manager, deps *Dependencies) error { return err } - fakePodGetter := func(ctx context.Context) (*corev1.Pod, error) { + fakePodGetter := func(_ context.Context) (*corev1.Pod, error) { pod := fakes.Pod( fakes.WithNamespace(util.GetNamespace()), fakes.WithName(util.GetPodName()), diff --git a/pkg/controller/expansion/expansion_controller_test.go b/pkg/controller/expansion/expansion_controller_test.go index 08054c123fc..4948f5f57ea 100644 --- a/pkg/controller/expansion/expansion_controller_test.go +++ b/pkg/controller/expansion/expansion_controller_test.go @@ -90,7 +90,7 @@ func TestReconcile(t *testing.T) { t.Cleanup(testutils.DeleteObjectAndConfirm(ctx, t, c, et)) testutils.CreateThenCleanup(ctx, t, c, et) - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // First, get the ET @@ -128,7 +128,7 @@ func TestReconcile(t *testing.T) { t.Fatalf("error deleting ET: %s", err) } - err = retry.OnError(testutils.ConstantRetry, func(err error) bool { + err = retry.OnError(testutils.ConstantRetry, func(_ error) bool { return true }, func() error { // Get the ETPodStatus diff --git a/pkg/controller/expansion/stats_reporter.go b/pkg/controller/expansion/stats_reporter.go index ebc225c53a8..a919719012a 100644 --- a/pkg/controller/expansion/stats_reporter.go +++ b/pkg/controller/expansion/stats_reporter.go @@ -25,7 +25,6 @@ func newRegistry() *etRegistry { etMetricName, metric.WithDescription(etDesc), metric.WithInt64Callback(r.observeETM)) - if err != nil { panic(err) } diff --git a/pkg/controller/expansionstatus/expansionstatus_controller.go b/pkg/controller/expansionstatus/expansionstatus_controller.go index cdc5e0f6941..6e9b3ec67e4 100644 --- a/pkg/controller/expansionstatus/expansionstatus_controller.go +++ b/pkg/controller/expansionstatus/expansionstatus_controller.go @@ -78,7 +78,7 @@ func newReconciler(mgr manager.Manager) reconcile.Reconciler { // PodStatusToExpansionTemplateMapper correlates a ExpansionTemplatePodStatus with its corresponding expansion template. // `selfOnly` tells the mapper to only map statuses corresponding to the current pod. func PodStatusToExpansionTemplateMapper(selfOnly bool) handler.MapFunc { - return func(ctx context.Context, obj client.Object) []reconcile.Request { + return func(_ context.Context, obj client.Object) []reconcile.Request { labels := obj.GetLabels() name, ok := labels[v1beta1.ExpansionTemplateNameLabel] if !ok { diff --git a/pkg/controller/mutators/core/adder.go b/pkg/controller/mutators/core/adder.go index 6dbb2dd3e3f..9b51ae8249b 100644 --- a/pkg/controller/mutators/core/adder.go +++ b/pkg/controller/mutators/core/adder.go @@ -76,7 +76,7 @@ func (a *Adder) add(mgr manager.Manager, r *Reconciler) error { // Watch for changes to MutatorPodStatuses. err = c.Watch( source.Kind(mgr.GetCache(), &statusv1beta1.MutatorPodStatus{}), - handler.EnqueueRequestsFromMapFunc(mutatorstatus.PodStatusToMutatorMapper(true, r.gvk.Kind, func(ctx context.Context, obj client.Object) []reconcile.Request { + handler.EnqueueRequestsFromMapFunc(mutatorstatus.PodStatusToMutatorMapper(true, r.gvk.Kind, func(_ context.Context, obj client.Object) []reconcile.Request { return []reconcile.Request{{ NamespacedName: apitypes.NamespacedName{ Namespace: obj.GetNamespace(), @@ -93,7 +93,7 @@ func (a *Adder) add(mgr manager.Manager, r *Reconciler) error { // Watch for enqueued events. err = c.Watch( a.EventsSource, - handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []reconcile.Request { + handler.EnqueueRequestsFromMapFunc(func(_ context.Context, obj client.Object) []reconcile.Request { if obj.GetObjectKind().GroupVersionKind().Kind != r.gvk.Kind { return nil } diff --git a/pkg/controller/mutators/core/controller_test.go b/pkg/controller/mutators/core/controller_test.go index a31177344dd..c9a968c74e0 100644 --- a/pkg/controller/mutators/core/controller_test.go +++ b/pkg/controller/mutators/core/controller_test.go @@ -145,7 +145,7 @@ func TestReconcile(t *testing.T) { } events := make(chan event.GenericEvent, 1024) - rec := newReconciler(mgr, mSys, tracker, func(ctx context.Context) (*corev1.Pod, error) { return pod, nil }, kind, newObj, newMutator, events) + rec := newReconciler(mgr, mSys, tracker, func(_ context.Context) (*corev1.Pod, error) { return pod, nil }, kind, newObj, newMutator, events) adder := Adder{EventsSource: &source.Channel{Source: events}} err = adder.add(mgr, rec) @@ -169,7 +169,7 @@ func TestReconcile(t *testing.T) { } }) - t.Run("Mutator is reported as enforced", func(t *testing.T) { + t.Run("Mutator is reported as enforced", func(_ *testing.T) { g.Eventually(func() error { v := &mutationsv1.Assign{} v.SetName("assign-test-obj") diff --git a/pkg/controller/mutators/core/reconciler_test.go b/pkg/controller/mutators/core/reconciler_test.go index 7430f1aabaf..1ba3a2822ec 100644 --- a/pkg/controller/mutators/core/reconciler_test.go +++ b/pkg/controller/mutators/core/reconciler_test.go @@ -308,7 +308,7 @@ func newFakeReconciler(t *testing.T, c client.Client, events chan event.GenericE return fake.mutator, nil }, system: mutation.NewSystem(mutation.SystemOpts{}), - getPod: func(ctx context.Context) (*corev1.Pod, error) { + getPod: func(_ context.Context) (*corev1.Pod, error) { return fakes.Pod( fakes.WithNamespace("gatekeeper-system"), fakes.WithName(podName), @@ -1041,7 +1041,7 @@ func TestReconcile_ReconcileUpsert_GetPodError(t *testing.T) { ctx := context.Background() - r.getPod = func(ctx context.Context) (*corev1.Pod, error) { + r.getPod = func(_ context.Context) (*corev1.Pod, error) { return nil, newErrSome(1) } @@ -1071,7 +1071,7 @@ func TestReconcile_ReconcileDeleted_GetPodError(t *testing.T) { ctx := context.Background() - r.getPod = func(ctx context.Context) (*corev1.Pod, error) { + r.getPod = func(_ context.Context) (*corev1.Pod, error) { return nil, newErrSome(1) } diff --git a/pkg/gator/verify/runner_test.go b/pkg/gator/verify/runner_test.go index dcc3a81a300..6c855b31746 100644 --- a/pkg/gator/verify/runner_test.go +++ b/pkg/gator/verify/runner_test.go @@ -1207,7 +1207,7 @@ func TestRunner_Run_ClientError(t *testing.T) { TestResults: []TestResult{{Error: gator.ErrCreatingClient}}, } - runner, err := NewRunner(fstest.MapFS{}, func(includeTrace bool, useK8sCEL bool) (gator.Client, error) { + runner, err := NewRunner(fstest.MapFS{}, func(_ bool, _ bool) (gator.Client, error) { return nil, errors.New("error") }) if err != nil { diff --git a/pkg/mutation/mutators/conversion_test.go b/pkg/mutation/mutators/conversion_test.go index 46006f389f9..d34faae7b42 100644 --- a/pkg/mutation/mutators/conversion_test.go +++ b/pkg/mutation/mutators/conversion_test.go @@ -139,7 +139,7 @@ func TestAssignHasDiff(t *testing.T) { }{ { "same", - func(a *mutationsunversioned.Assign) {}, + func(_ *mutationsunversioned.Assign) {}, false, }, { @@ -221,7 +221,7 @@ func TestAssignMetadataHasDiff(t *testing.T) { }{ { "same", - func(a *mutationsunversioned.AssignMetadata) {}, + func(_ *mutationsunversioned.AssignMetadata) {}, false, }, { diff --git a/pkg/mutation/mutators/core/mutation_function_test.go b/pkg/mutation/mutators/core/mutation_function_test.go index fcc3a378ad8..d1e5b3e9a10 100644 --- a/pkg/mutation/mutators/core/mutation_function_test.go +++ b/pkg/mutation/mutators/core/mutation_function_test.go @@ -171,7 +171,7 @@ func TestObjectsAndLists(t *testing.T) { } func TestListsAsLastElementWithStringValue(t *testing.T) { - testFunc := func(u *unstructured.Unstructured) {} + testFunc := func(_ *unstructured.Unstructured) {} if err := testDummyMutation( `spec.containers["name": "notExists"]`, @@ -382,7 +382,7 @@ func TestAssignDoesNotMatchObjectStructure(t *testing.T) { } func TestListsAsLastElementAlreadyExistsWithKeyConflict(t *testing.T) { - testFunc := func(u *unstructured.Unstructured) {} + testFunc := func(_ *unstructured.Unstructured) {} var v interface{} err := json.Unmarshal([]byte("{\"name\": \"conflictingName\", \"foo\": \"bar\"}"), &v) if err != nil { diff --git a/pkg/mutation/system_external_data_test.go b/pkg/mutation/system_external_data_test.go index 778bbf7b73b..f678d49508d 100644 --- a/pkg/mutation/system_external_data_test.go +++ b/pkg/mutation/system_external_data_test.go @@ -112,7 +112,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "when placeholder is part of a map[string]interface{}", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -143,7 +143,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "when placeholder is part of a []interface{}", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -182,7 +182,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "system error", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -208,7 +208,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "error when sending request", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return nil, http.StatusInternalServerError, errors.New("error") }, }, @@ -229,7 +229,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "failure policy fail", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -260,7 +260,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "failure policy use default", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, @@ -299,7 +299,7 @@ func TestSystem_resolvePlaceholders(t *testing.T) { name: "failure policy ignore", fields: fields{ providerCache: fakes.ExternalDataProviderCache, - sendRequestToExternalDataProvider: func(ctx context.Context, provider *externaldataUnversioned.Provider, keys []string, clientCert *tls.Certificate) (*externaldata.ProviderResponse, int, error) { + sendRequestToExternalDataProvider: func(_ context.Context, _ *externaldataUnversioned.Provider, _ []string, _ *tls.Certificate) (*externaldata.ProviderResponse, int, error) { return &externaldata.ProviderResponse{ Response: externaldata.Response{ Idempotent: true, diff --git a/pkg/readiness/ready_tracker_test.go b/pkg/readiness/ready_tracker_test.go index 7b4a8176de4..ac55a6857d4 100644 --- a/pkg/readiness/ready_tracker_test.go +++ b/pkg/readiness/ready_tracker_test.go @@ -163,7 +163,7 @@ func setupController( WatchManger: wm, ControllerSwitch: sw, Tracker: tracker, - GetPod: func(ctx context.Context) (*corev1.Pod, error) { return pod, nil }, + GetPod: func(_ context.Context) (*corev1.Pod, error) { return pod, nil }, ProcessExcluder: processExcluder, MutationSystem: mutationSystem, ExpansionSystem: expansionSystem, diff --git a/pkg/syncutil/single_runner_test.go b/pkg/syncutil/single_runner_test.go index ec120cfcc3b..c413d3a8d69 100644 --- a/pkg/syncutil/single_runner_test.go +++ b/pkg/syncutil/single_runner_test.go @@ -40,7 +40,7 @@ func Test_SingleRunner(t *testing.T) { }) // Repeat key won't be scheduled. - r.Go(ctx, "one", func(ctx context.Context) error { + r.Go(ctx, "one", func(_ context.Context) error { t.Fatal("repeat key will never be scheduled") return nil }) diff --git a/pkg/syncutil/syncbool_test.go b/pkg/syncutil/syncbool_test.go index 75606c50233..ed510223d46 100644 --- a/pkg/syncutil/syncbool_test.go +++ b/pkg/syncutil/syncbool_test.go @@ -37,7 +37,7 @@ func Test_SyncBool(t *testing.T) { b.Set(true) }() - waitErr := wait.PollUntilContextTimeout(context.Background(), 10*time.Millisecond, 5*time.Second, false, func(ctx context.Context) (done bool, err error) { + waitErr := wait.PollUntilContextTimeout(context.Background(), 10*time.Millisecond, 5*time.Second, false, func(_ context.Context) (done bool, err error) { return b.Get(), nil }) diff --git a/pkg/watch/manager_test.go b/pkg/watch/manager_test.go index 08f6b392d0d..bf1f7437145 100644 --- a/pkg/watch/manager_test.go +++ b/pkg/watch/manager_test.go @@ -388,7 +388,7 @@ func TestRegistrar_Replay_Retry(t *testing.T) { resources := generateTestResources(gvk, 10) errCount := 3 c := &funcCache{ - ListFunc: func(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { + ListFunc: func(_ context.Context, list client.ObjectList, _ ...client.ListOption) error { if errCount > 0 { errCount-- return fmt.Errorf("failing %d more times", errCount) @@ -401,7 +401,7 @@ func TestRegistrar_Replay_Retry(t *testing.T) { } return nil }, - GetInformerNonBlockingFunc: func(_ context.Context, obj client.Object) (cache.Informer, error) { + GetInformerNonBlockingFunc: func(_ context.Context, _ client.Object) (cache.Informer, error) { return informer, nil }, } @@ -468,7 +468,7 @@ func TestRegistrar_Replay_Async(t *testing.T) { listCalled := make(chan struct{}) listDone := make(chan struct{}) c := &funcCache{ - ListFunc: func(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { + ListFunc: func(ctx context.Context, _ client.ObjectList, _ ...client.ListOption) error { listCalled <- struct{}{} // Block until we're canceled. @@ -590,7 +590,7 @@ func TestRegistrar_ReplaceWatch(t *testing.T) { listCalls := make(map[schema.GroupVersionKind]int) getInformerCalls := make(map[schema.GroupVersionKind]int) c := &funcCache{ - ListFunc: func(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { + ListFunc: func(_ context.Context, list client.ObjectList, _ ...client.ListOption) error { mu.Lock() defer mu.Unlock() gvk := list.GetObjectKind().GroupVersionKind() diff --git a/pkg/webhook/common_test.go b/pkg/webhook/common_test.go index a05b538a601..c1aa07b12e4 100644 --- a/pkg/webhook/common_test.go +++ b/pkg/webhook/common_test.go @@ -43,7 +43,7 @@ func TestTLSConfig(t *testing.T) { t.Fatal(err) } - ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { fmt.Fprintln(w, "success!") })) ts.TLS = serverTLSConf diff --git a/test/testutils/controller.go b/test/testutils/controller.go index 7dd11303e3a..5b3c55388a1 100644 --- a/test/testutils/controller.go +++ b/test/testutils/controller.go @@ -99,7 +99,7 @@ func DeleteObjectAndConfirm(ctx context.Context, t *testing.T, c client.Client, t.Fatal(err) } - err = retry.OnError(ConstantRetry, func(err error) bool { + err = retry.OnError(ConstantRetry, func(_ error) bool { return true }, func() error { // Construct a single-use Unstructured to send the Get request. It isn't @@ -116,7 +116,6 @@ func DeleteObjectAndConfirm(ctx context.Context, t *testing.T, c client.Client, s, _ := json.MarshalIndent(toGet, "", " ") return fmt.Errorf("found %v %v:\n%s", gvk, key, string(s)) }) - if err != nil { t.Fatal(err) } From 25908dba0f4e54d16c401ac009a11dd666a20f93 Mon Sep 17 00:00:00 2001 From: Sertac Ozercan Date: Wed, 27 Mar 2024 21:17:17 +0000 Subject: [PATCH 3/5] fix Signed-off-by: Sertac Ozercan --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 30a6a4186d0..7898ff86a8e 100644 --- a/Makefile +++ b/Makefile @@ -364,7 +364,7 @@ lint: docker run -t --rm -v $(shell pwd):/app \ -v ${GOLANGCI_LINT_CACHE}:/root/.cache/golangci-lint \ -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} \ - golangci-lint run -v + golangci-lint run -v --fix # Generate code generate: __conversion-gen __controller-gen From 608a8e21231d1df28b44785ab92970e3d5f710fc Mon Sep 17 00:00:00 2001 From: Sertac Ozercan Date: Wed, 27 Mar 2024 23:54:32 +0000 Subject: [PATCH 4/5] make lint Signed-off-by: Sertac Ozercan --- .github/workflows/lint.yaml | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 5b39d4abd53..e4bf686207d 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -39,20 +39,5 @@ jobs: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: "1.22" - check-latest: true - - - name: download - run: | - wget https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz - tar -xzf golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz - sudo mv golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint /usr/local/bin/ - env: - GOLANGCI_LINT_VERSION: 1.57.1 - - name: lint - run: | - golangci-lint version - golangci-lint run -v ./... + run: make lint \ No newline at end of file From 4076db767d7d172a96eacb445b8c0ab4690e9451 Mon Sep 17 00:00:00 2001 From: Sertac Ozercan Date: Thu, 28 Mar 2024 00:01:32 +0000 Subject: [PATCH 5/5] pin ubuntu 22.04 Signed-off-by: Sertac Ozercan --- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/lint.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 10a946e77f3..f475474070b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -2,7 +2,7 @@ # # This Action will scan dependency manifest files that change as part of a Pull Request, # surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, +# Once installed, if the workflow run is marked as required, # PRs introducing known-vulnerable packages will be blocked from merging. # # Source repository: https://github.com/actions/dependency-review-action @@ -14,7 +14,7 @@ permissions: jobs: dependency-review: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 4f167a9623d..18562b37b29 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -30,7 +30,7 @@ permissions: read-all jobs: lint: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index eaf0b762142..0b0dc79688a 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -20,7 +20,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: # Needed to upload the results to code-scanning dashboard. security-events: write