From 6f96d3c8b0c4d6bced909156afe343d8e2573665 Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Sat, 25 Jun 2022 01:17:03 +0200 Subject: [PATCH 01/17] new, external_plugin: create botreview external prow plugin Create external prow plugin. Implement first review strategy "prow image bump". Signed-off-by: Daniel Hiller --- external-plugins/botreview/BUILD.bazel | 23 + external-plugins/botreview/main.go | 121 +++++ external-plugins/botreview/review/BUILD.bazel | 23 + .../botreview/review/image_update.go | 104 ++++ .../botreview/review/image_update_test.go | 89 ++++ external-plugins/botreview/review/review.go | 56 ++ .../botreview/review/review_test.go | 107 ++++ .../testdata/mixed_bump_prow_job.patch0 | 501 ++++++++++++++++++ .../testdata/move_prometheus_stack.patch0 | 24 + .../testdata/move_prometheus_stack.patch1 | 93 ++++ .../simple_bump-prow-job-images_sh.patch0 | 22 + .../simple_bump-prow-job-images_sh.patch1 | 22 + external-plugins/botreview/server/BUILD.bazel | 16 + external-plugins/botreview/server/server.go | 152 ++++++ go.mod | 4 + go.sum | 4 + robots/cmd/botreview/BUILD.bazel | 0 17 files changed, 1361 insertions(+) create mode 100644 external-plugins/botreview/BUILD.bazel create mode 100644 external-plugins/botreview/main.go create mode 100644 external-plugins/botreview/review/BUILD.bazel create mode 100644 external-plugins/botreview/review/image_update.go create mode 100644 external-plugins/botreview/review/image_update_test.go create mode 100644 external-plugins/botreview/review/review.go create mode 100644 external-plugins/botreview/review/review_test.go create mode 100644 external-plugins/botreview/review/testdata/mixed_bump_prow_job.patch0 create mode 100644 external-plugins/botreview/review/testdata/move_prometheus_stack.patch0 create mode 100644 external-plugins/botreview/review/testdata/move_prometheus_stack.patch1 create mode 100644 external-plugins/botreview/review/testdata/simple_bump-prow-job-images_sh.patch0 create mode 100644 external-plugins/botreview/review/testdata/simple_bump-prow-job-images_sh.patch1 create mode 100644 external-plugins/botreview/server/BUILD.bazel create mode 100644 external-plugins/botreview/server/server.go create mode 100644 robots/cmd/botreview/BUILD.bazel diff --git a/external-plugins/botreview/BUILD.bazel b/external-plugins/botreview/BUILD.bazel new file mode 100644 index 0000000000..7fa4938494 --- /dev/null +++ b/external-plugins/botreview/BUILD.bazel @@ -0,0 +1,23 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") + +go_library( + name = "go_default_library", + srcs = ["main.go"], + importpath = "kubevirt.io/project-infra/external-plugins/botreview", + visibility = ["//visibility:private"], + deps = [ + "//external-plugins/botreview/server:go_default_library", + "@com_github_sirupsen_logrus//:go_default_library", + "@io_k8s_test_infra//pkg/flagutil:go_default_library", + "@io_k8s_test_infra//prow/config/secret:go_default_library", + "@io_k8s_test_infra//prow/flagutil:go_default_library", + "@io_k8s_test_infra//prow/interrupts:go_default_library", + "@io_k8s_test_infra//prow/pluginhelp/externalplugins:go_default_library", + ], +) + +go_binary( + name = "botreview", + embed = [":go_default_library"], + visibility = ["//visibility:public"], +) diff --git a/external-plugins/botreview/main.go b/external-plugins/botreview/main.go new file mode 100644 index 0000000000..481e1620c1 --- /dev/null +++ b/external-plugins/botreview/main.go @@ -0,0 +1,121 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package main + +import ( + "flag" + "fmt" + "github.com/sirupsen/logrus" + "k8s.io/test-infra/pkg/flagutil" + "k8s.io/test-infra/prow/config/secret" + prowflagutil "k8s.io/test-infra/prow/flagutil" + "k8s.io/test-infra/prow/interrupts" + "k8s.io/test-infra/prow/pluginhelp/externalplugins" + "kubevirt.io/project-infra/external-plugins/botreview/server" + "net/http" + "os" + "strconv" + "time" +) + +const pluginName = "botreview" + +func init() { + logrus.SetFormatter(&logrus.JSONFormatter{}) + logrus.SetLevel(logrus.DebugLevel) +} + +type options struct { + port int + + dryRun bool + github prowflagutil.GitHubOptions + labels prowflagutil.Strings + + webhookSecretFile string +} + +func (o *options) Validate() error { + for idx, group := range []flagutil.OptionGroup{&o.github} { + if err := group.Validate(o.dryRun); err != nil { + return fmt.Errorf("%d: %w", idx, err) + } + } + + return nil +} + +func gatherOptions() options { + o := options{} + fs := flag.NewFlagSet(os.Args[0], flag.ExitOnError) + fs.IntVar(&o.port, "port", 8888, "Port to listen on.") + fs.BoolVar(&o.dryRun, "dry-run", true, "Dry run for testing. Uses API tokens but does not mutate.") + fs.StringVar(&o.webhookSecretFile, "hmac-secret-file", "/etc/webhook/hmac", "Path to the file containing the GitHub HMAC secret.") + for _, group := range []flagutil.OptionGroup{&o.github} { + group.AddFlags(fs) + } + fs.Parse(os.Args[1:]) + return o +} + +func main() { + o := gatherOptions() + if err := o.Validate(); err != nil { + logrus.Fatalf("Invalid options: %v", err) + } + + log := logrus.StandardLogger().WithField("plugin", pluginName) + + if err := secret.Add(o.github.TokenPath, o.webhookSecretFile); err != nil { + logrus.WithError(err).Fatal("Error starting secrets agent.") + } + + githubClient := o.github.GitHubClientWithAccessToken(string(secret.GetSecret(o.github.TokenPath))) + gitClient, err := o.github.GitClient(o.dryRun) + if err != nil { + logrus.WithError(err).Fatal("Error getting Git client.") + } + interrupts.OnInterrupt(func() { + if err := gitClient.Clean(); err != nil { + logrus.WithError(err).Error("Could not clean up git client cache.") + } + }) + + botUserData, err := githubClient.BotUser() + if err != nil { + logrus.WithError(err).Fatal("Error getting bot name.") + } + + pluginServer := &server.Server{ + TokenGenerator: secret.GetTokenGenerator(o.webhookSecretFile), + BotName: botUserData.Name, + + Ghc: githubClient, + Log: log, + } + + mux := http.NewServeMux() + mux.Handle("/", pluginServer) + externalplugins.ServeExternalPluginHelp(mux, log, server.HelpProvider) + httpServer := &http.Server{Addr: ":" + strconv.Itoa(o.port), Handler: mux} + defer interrupts.WaitForGracefulShutdown() + interrupts.ListenAndServe(httpServer, 5*time.Second) + +} diff --git a/external-plugins/botreview/review/BUILD.bazel b/external-plugins/botreview/review/BUILD.bazel new file mode 100644 index 0000000000..89414a4904 --- /dev/null +++ b/external-plugins/botreview/review/BUILD.bazel @@ -0,0 +1,23 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "go_default_library", + srcs = [ + "image_update.go", + "review.go", + ], + importpath = "kubevirt.io/project-infra/external-plugins/botreview/review", + visibility = ["//visibility:public"], + deps = ["@com_github_sourcegraph_go_diff//diff:go_default_library"], +) + +go_test( + name = "go_default_test", + srcs = [ + "image_update_test.go", + "review_test.go", + ], + data = glob(["testdata/**"]), + embed = [":go_default_library"], + deps = ["@com_github_sourcegraph_go_diff//diff:go_default_library"], +) diff --git a/external-plugins/botreview/review/image_update.go b/external-plugins/botreview/review/image_update.go new file mode 100644 index 0000000000..c8975f3b7e --- /dev/null +++ b/external-plugins/botreview/review/image_update.go @@ -0,0 +1,104 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package review + +import ( + "fmt" + "github.com/sourcegraph/go-diff/diff" + "regexp" + "strings" +) + +const ( + prowJobImageUpdateApproveComment = `This looks like a simple prow job image bump. The bot approves. + +/lgtm +/approve +` + prowJobImageUpdateDisapproveComment = `This doesn't look like a simple prow job image bump. + +These are the suspicious hunks I found: +` +) + +var prowJobImageUpdateHunkBodyMatcher *regexp.Regexp + +func init() { + prowJobImageUpdateHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) +} + +type Result struct { + notMatchingHunks []*diff.Hunk +} + +func (r Result) String() string { + if len(r.notMatchingHunks) == 0 { + return prowJobImageUpdateApproveComment + } else { + comment := prowJobImageUpdateDisapproveComment + for _, hunk := range r.notMatchingHunks { + comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + } + return comment + } +} + +type ProwJobImageUpdate struct { + relevantFileDiffs []*diff.FileDiff + notMatchingHunks []*diff.Hunk +} + +func (t *ProwJobImageUpdate) IsRelevant() bool { + return len(t.relevantFileDiffs) > 0 +} + +func (t *ProwJobImageUpdate) AddIfRelevant(fileDiff *diff.FileDiff) { + fileName := strings.TrimPrefix(fileDiff.NewName, "b/") + + // disregard all files + // * where the path is not beyond the jobconfig path + // * where the name changed and + // * who are not yaml + if strings.TrimPrefix(fileDiff.OrigName, "a/") != fileName || + !strings.HasSuffix(fileName, ".yaml") || + !strings.HasPrefix(fileName, "github/ci/prow-deploy/files/jobs") { + return + } + + t.relevantFileDiffs = append(t.relevantFileDiffs, fileDiff) +} + +func (t *ProwJobImageUpdate) Review() BotReviewResult { + result := &Result{} + + for _, fileDiff := range t.relevantFileDiffs { + for _, hunk := range fileDiff.Hunks { + if !prowJobImageUpdateHunkBodyMatcher.Match(hunk.Body) { + result.notMatchingHunks = append(result.notMatchingHunks, hunk) + } + } + } + + return result +} + +func (t *ProwJobImageUpdate) String() string { + return fmt.Sprintf("relevantFileDiffs: %v", t.relevantFileDiffs) +} diff --git a/external-plugins/botreview/review/image_update_test.go b/external-plugins/botreview/review/image_update_test.go new file mode 100644 index 0000000000..d0589e3bc9 --- /dev/null +++ b/external-plugins/botreview/review/image_update_test.go @@ -0,0 +1,89 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package review + +import ( + "github.com/sourcegraph/go-diff/diff" + "os" + "reflect" + "testing" +) + +func TestProwJobImageUpdate_Review(t1 *testing.T) { + diffFilePathes := []string{ + "testdata/simple_bump-prow-job-images_sh.patch0", + "testdata/simple_bump-prow-job-images_sh.patch1", + "testdata/mixed_bump_prow_job.patch0", + } + diffFilePathesToDiffs := map[string]*diff.FileDiff{} + for _, diffFile := range diffFilePathes { + bump_images_diff_file, err := os.ReadFile(diffFile) + if err != nil { + t1.Errorf("failed to read diff: %v", err) + } + bump_file_diffs, err := diff.ParseFileDiff(bump_images_diff_file) + if err != nil { + t1.Errorf("failed to read diff: %v", err) + } + diffFilePathesToDiffs[diffFile] = bump_file_diffs + } + type fields struct { + relevantFileDiffs []*diff.FileDiff + } + tests := []struct { + name string + fields fields + want *Result + }{ + { + name: "simple image bump", + fields: fields{ + relevantFileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], + }, + }, + want: &Result{}, + }, + { + name: "mixed image bump", + fields: fields{ + relevantFileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"], + }, + }, + want: &Result{ + notMatchingHunks: []*diff.Hunk{ + diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks[0], + }, + }, + }, + } + for _, tt := range tests { + t1.Run(tt.name, func(t1 *testing.T) { + t := &ProwJobImageUpdate{ + relevantFileDiffs: tt.fields.relevantFileDiffs, + } + if got := t.Review(); !reflect.DeepEqual(got, tt.want) { + t1.Errorf("Review() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go new file mode 100644 index 0000000000..f09dc472be --- /dev/null +++ b/external-plugins/botreview/review/review.go @@ -0,0 +1,56 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package review + +import ( + "github.com/sourcegraph/go-diff/diff" +) + +type KindOfChange interface { + AddIfRelevant(fileDiff *diff.FileDiff) + Review() BotReviewResult + IsRelevant() bool +} + +type BotReviewResult interface { + String() string +} + +func newPossibleReviewTypes() []KindOfChange { + return []KindOfChange{ + &ProwJobImageUpdate{}, + } +} + +func GuessReviewTypes(fileDiffs []*diff.FileDiff) []KindOfChange { + possibleReviewTypes := newPossibleReviewTypes() + for _, fileDiff := range fileDiffs { + for _, kindOfChange := range possibleReviewTypes { + kindOfChange.AddIfRelevant(fileDiff) + } + } + result := []KindOfChange{} + for _, t := range possibleReviewTypes { + if t.IsRelevant() { + result = append(result, t) + } + } + return result +} diff --git a/external-plugins/botreview/review/review_test.go b/external-plugins/botreview/review/review_test.go new file mode 100644 index 0000000000..a28b3f36a0 --- /dev/null +++ b/external-plugins/botreview/review/review_test.go @@ -0,0 +1,107 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package review + +import ( + "github.com/sourcegraph/go-diff/diff" + "os" + "reflect" + "testing" +) + +func TestGuessReviewTypes(t *testing.T) { + diffFilePathes := []string{ + "testdata/simple_bump-prow-job-images_sh.patch0", + "testdata/simple_bump-prow-job-images_sh.patch1", + "testdata/move_prometheus_stack.patch0", + "testdata/move_prometheus_stack.patch1", + } + diffFilePathesToDiffs := map[string]*diff.FileDiff{} + for _, diffFile := range diffFilePathes { + bump_images_diff_file, err := os.ReadFile(diffFile) + if err != nil { + t.Errorf("failed to read diff: %v", err) + } + bump_file_diffs, err := diff.ParseFileDiff(bump_images_diff_file) + if err != nil { + t.Errorf("failed to read diff: %v", err) + } + diffFilePathesToDiffs[diffFile] = bump_file_diffs + } + type args struct { + fileDiffs []*diff.FileDiff + } + tests := []struct { + name string + args args + want []KindOfChange + }{ + { + name: "simple image bump should yield a change", + args: args{ + fileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], + }, + }, + want: []KindOfChange{ + &ProwJobImageUpdate{ + relevantFileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], + }, + }, + }, + }, + { + name: "mixed with image bump should yield a partial change", + args: args{ + fileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + diffFilePathesToDiffs["testdata/move_prometheus_stack.patch0"], + }, + }, + want: []KindOfChange{ + &ProwJobImageUpdate{ + relevantFileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + }, + }, + }, + }, + { + name: "non image bump should not yield a change", + args: args{ + fileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/move_prometheus_stack.patch0"], + diffFilePathesToDiffs["testdata/move_prometheus_stack.patch1"], + }, + }, + want: []KindOfChange{}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := GuessReviewTypes(tt.args.fileDiffs); !reflect.DeepEqual(got, tt.want) { + t.Errorf("GuessReviewTypes() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/external-plugins/botreview/review/testdata/mixed_bump_prow_job.patch0 b/external-plugins/botreview/review/testdata/mixed_bump_prow_job.patch0 new file mode 100644 index 0000000000..afab266f3e --- /dev/null +++ b/external-plugins/botreview/review/testdata/mixed_bump_prow_job.patch0 @@ -0,0 +1,501 @@ +diff --git a/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml b/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml +index 9f2683c3..870c885a 100644 +--- a/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml ++++ b/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml +@@ -28,8 +28,8 @@ presubmits: + - automation/test.sh + env: + - name: TARGET +- value: k8s-1.21-sig-network +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ value: k8s-1.21-sig-storage ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -67,7 +67,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.21-sig-storage +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -105,7 +105,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.21-sig-compute +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -143,7 +143,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.21-sig-operator +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -183,7 +183,7 @@ presubmits: + value: k8s-1.21 + - name: RUN_REST_COVERAGE + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -226,7 +226,7 @@ presubmits: + value: k8s-1.23-sig-compute + - name: KUBEVIRT_CGROUPV2 + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -269,7 +269,7 @@ presubmits: + value: k8s-1.23-sig-storage + - name: KUBEVIRT_CGROUPV2 + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -311,7 +311,7 @@ presubmits: + value: NonRoot + - name: KUBEVIRT_NONROOT + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -353,7 +353,7 @@ presubmits: + value: NonRoot + - name: KUBEVIRT_NONROOT + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -395,7 +395,7 @@ presubmits: + value: NonRoot + - name: KUBEVIRT_NONROOT + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -455,7 +455,7 @@ presubmits: + value: "true" + - name: KUBEVIRT_PROVIDER_EXTRA_ARGS + value: --prometheus-port 30007 +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -498,7 +498,7 @@ presubmits: + value: NonRoot + - name: KUBEVIRT_NONROOT + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -536,7 +536,7 @@ presubmits: + env: + - name: TARGET + value: windows2016 +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -597,7 +597,7 @@ presubmits: + value: NonRoot + - name: KUBEVIRT_NONROOT + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -676,7 +676,7 @@ presubmits: + env: + - name: TARGET + value: kind-1.22-sriov +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -736,7 +736,7 @@ presubmits: + env: + - name: TARGET + value: kind-1.23-vgpu +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -855,7 +855,7 @@ presubmits: + - /bin/sh + - -c + - TARGET_COMMIT=$PULL_BASE_SHA automation/repeated_test.sh +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -886,7 +886,7 @@ presubmits: + - /bin/sh + - -c + - cp /etc/bazel.bazelrc ./ci.bazelrc && make generate-verify +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -917,7 +917,7 @@ presubmits: + - /bin/sh + - -c + - cp /etc/bazel.bazelrc ./ci.bazelrc && make verify-rpm-deps +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -948,7 +948,7 @@ presubmits: + - /bin/sh + - -c + - cp /etc/bazel.bazelrc ./ci.bazelrc && make deps-sync && hack/verify-generate.sh +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -980,7 +980,7 @@ presubmits: + - /bin/sh + - -c + - cp /etc/bazel.bazelrc ./ci.bazelrc && make gosec +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1009,7 +1009,7 @@ presubmits: + - /bin/sh + - -c + - cp /etc/bazel.bazelrc ./ci.bazelrc && make && make build-verify +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1041,7 +1041,7 @@ presubmits: + env: + - name: BUILD_ARCH + value: crossbuild-aarch64 +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1071,7 +1071,7 @@ presubmits: + - /bin/sh + - -c + - make test +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1105,7 +1105,7 @@ presubmits: + env: + - name: COVERALLS_TOKEN_FILE + value: /root/.docker/secrets/coveralls/token +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1144,7 +1144,7 @@ presubmits: + env: + - name: FOSSA_TOKEN_FILE + value: /root/.docker/secrets/fossa/token +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1181,7 +1181,7 @@ presubmits: + - /bin/sh + - -c + - cp /etc/bazel.bazelrc ./ci.bazelrc && make apidocs +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1210,7 +1210,7 @@ presubmits: + - /bin/sh + - -c + - cp /etc/bazel.bazelrc ./ci.bazelrc && make client-python +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1240,7 +1240,7 @@ presubmits: + - -c + - cp /etc/bazel.bazelrc ./ci.bazelrc && make manifests DOCKER_PREFIX="docker.io/kubevirt" + && make olm-verify +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1269,7 +1269,7 @@ presubmits: + - /bin/sh + - -c + - cp /etc/bazel.bazelrc ./ci.bazelrc && make prom-rules-verify +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1298,7 +1298,7 @@ presubmits: + - /bin/sh + - -c + - hack/check-unassigned-tests.sh +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1334,7 +1334,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.22-sig-network +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1372,7 +1372,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.22-ipv6-sig-network +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1410,7 +1410,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.22-sig-storage +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1448,7 +1448,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.22-sig-compute +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1490,7 +1490,7 @@ presubmits: + value: "3" + - name: KUBEVIRT_STORAGE + value: rook-ceph-default +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1532,7 +1532,7 @@ presubmits: + value: "3" + - name: KUBEVIRT_STORAGE + value: rook-ceph-default +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1574,7 +1574,7 @@ presubmits: + value: "3" + - name: KUBEVIRT_STORAGE + value: rook-ceph-default +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1620,7 +1620,7 @@ presubmits: + value: NonRoot + - name: KUBEVIRT_NONROOT + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1658,7 +1658,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.22-sig-operator +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1696,7 +1696,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.22-sig-compute-realtime +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1775,7 +1775,7 @@ presubmits: + value: crossbuild-aarch64 + - name: KUBEVIRT_E2E_FOCUS + value: arm64 +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1818,7 +1818,7 @@ presubmits: + - -ce + - | + make builder-build +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1854,7 +1854,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.23-sig-network +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1888,7 +1888,7 @@ presubmits: + - -c + - | + make lint +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1924,7 +1924,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.23-sig-storage +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -1962,7 +1962,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.23-sig-compute +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -2000,7 +2000,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.23-sig-operator +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -2044,7 +2044,7 @@ presubmits: + value: SwapTest + - name: KUBEVIRT_SWAP_ON + value: "true" +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -2079,7 +2079,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.22-sig-monitoring +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -2126,7 +2126,7 @@ presubmits: + value: "true" + - name: KUBEVIRT_STORAGE + value: rook-ceph-default +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -2165,7 +2165,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.24-sig-network +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -2204,7 +2204,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.24-sig-storage +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -2243,7 +2243,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.24-sig-compute +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: +@@ -2282,7 +2282,7 @@ presubmits: + env: + - name: TARGET + value: k8s-1.24-sig-operator +- image: quay.io/kubevirtci/bootstrap:v20220602-ac34bf7 ++ image: quay.io/kubevirtci/bootstrap:v20999999-eeff777 + name: "" + resources: + requests: diff --git a/external-plugins/botreview/review/testdata/move_prometheus_stack.patch0 b/external-plugins/botreview/review/testdata/move_prometheus_stack.patch0 new file mode 100644 index 0000000000..32c0907851 --- /dev/null +++ b/external-plugins/botreview/review/testdata/move_prometheus_stack.patch0 @@ -0,0 +1,24 @@ +diff --git a/github/ci/services/prometheus-stack/BUILD.bazel b/github/ci/services/prometheus-stack/BUILD.bazel +index 2e6a6d27..38e2620b 100644 +--- a/github/ci/services/prometheus-stack/BUILD.bazel ++++ b/github/ci/services/prometheus-stack/BUILD.bazel +@@ -90,14 +90,14 @@ PRODUCTION_USER_PERFORMANCE_WORKLOADS = "kubernetes-admin" + patches = glob([ + "patches/service-monitors/%s/*.yaml" % NAME, + ]), +- namespace = NAMESPACE, ++ namespace = "monitoring", + user = USER, + ) +- for NAME, CLUSTER, USER, NAMESPACE in [ +- ("testing", TEST_CLUSTER, TEST_USER, "kubevirt-prow"), +- ("production-control-plane", PRODUCTION_CLUSTER_CONTROL_PLANE, PRODUCTION_USER_CONTROL_PLANE, "kubevirt-prow"), +- ("production-e2e-workloads", PRODUCTION_CLUSTER_E2E_WORKLOADS, PRODUCTION_USER_E2E_WORKLOADS, "kubevirt-prow"), +- ("production-performance-workloads", PRODUCTION_CLUSTER_PERFORMANCE_WORKLOADS, PRODUCTION_USER_PERFORMANCE_WORKLOADS, "monitoring"), ++ for NAME, CLUSTER, USER in [ ++ ("testing", TEST_CLUSTER, TEST_USER), ++ ("production-control-plane", PRODUCTION_CLUSTER_CONTROL_PLANE, PRODUCTION_USER_CONTROL_PLANE), ++ ("production-e2e-workloads", PRODUCTION_CLUSTER_E2E_WORKLOADS, PRODUCTION_USER_E2E_WORKLOADS), ++ ("production-performance-workloads", PRODUCTION_CLUSTER_PERFORMANCE_WORKLOADS, PRODUCTION_USER_PERFORMANCE_WORKLOADS), + ] + ] diff --git a/external-plugins/botreview/review/testdata/move_prometheus_stack.patch1 b/external-plugins/botreview/review/testdata/move_prometheus_stack.patch1 new file mode 100644 index 0000000000..d865aae2fb --- /dev/null +++ b/external-plugins/botreview/review/testdata/move_prometheus_stack.patch1 @@ -0,0 +1,93 @@ +diff --git a/github/ci/services/prometheus-stack/manifests/service-monitors/common/servicemonitors.yaml b/github/ci/services/prometheus-stack/manifests/service-monitors/common/servicemonitors.yaml +index 68b4b6e1..050ca7e9 100644 +--- a/github/ci/services/prometheus-stack/manifests/service-monitors/common/servicemonitors.yaml ++++ b/github/ci/services/prometheus-stack/manifests/service-monitors/common/servicemonitors.yaml +@@ -49,31 +49,6 @@ spec: + - port: http-metrics + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + --- +-# Source: kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml +-apiVersion: monitoring.coreos.com/v1 +-kind: ServiceMonitor +-metadata: +- name: prometheus-stack-kube-prom-kube-controller-manager +- namespace: default +- labels: +- app: kube-prometheus-stack-kube-controller-manager +- chart: kube-prometheus-stack-13.6.0 +- release: "prometheus-stack" +- heritage: "Helm" +- group: kubevirtci +-spec: +- jobLabel: jobLabel +- selector: +- matchLabels: +- app: kube-prometheus-stack-kube-controller-manager +- release: "prometheus-stack" +- namespaceSelector: +- matchNames: +- - kube-system +- endpoints: +- - port: http-metrics +- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +---- + # Source: kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml + apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor +@@ -99,56 +74,6 @@ spec: + - port: http-metrics + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + --- +-# Source: kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml +-apiVersion: monitoring.coreos.com/v1 +-kind: ServiceMonitor +-metadata: +- name: prometheus-stack-kube-prom-kube-proxy +- namespace: default +- labels: +- app: kube-prometheus-stack-kube-proxy +- chart: kube-prometheus-stack-13.6.0 +- release: "prometheus-stack" +- heritage: "Helm" +- group: kubevirtci +-spec: +- jobLabel: jobLabel +- selector: +- matchLabels: +- app: kube-prometheus-stack-kube-proxy +- release: "prometheus-stack" +- namespaceSelector: +- matchNames: +- - kube-system +- endpoints: +- - port: http-metrics +- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +---- +-# Source: kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml +-apiVersion: monitoring.coreos.com/v1 +-kind: ServiceMonitor +-metadata: +- name: prometheus-stack-kube-prom-kube-scheduler +- namespace: default +- labels: +- app: kube-prometheus-stack-kube-scheduler +- chart: kube-prometheus-stack-13.6.0 +- release: "prometheus-stack" +- heritage: "Helm" +- group: kubevirtci +-spec: +- jobLabel: jobLabel +- selector: +- matchLabels: +- app: kube-prometheus-stack-kube-scheduler +- release: "prometheus-stack" +- namespaceSelector: +- matchNames: +- - kube-system +- endpoints: +- - port: http-metrics +- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +---- + # Source: kube-prometheus-stack/templates/exporters/kube-state-metrics/serviceMonitor.yaml + apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor diff --git a/external-plugins/botreview/review/testdata/simple_bump-prow-job-images_sh.patch0 b/external-plugins/botreview/review/testdata/simple_bump-prow-job-images_sh.patch0 new file mode 100644 index 0000000000..f3eb57f0de --- /dev/null +++ b/external-plugins/botreview/review/testdata/simple_bump-prow-job-images_sh.patch0 @@ -0,0 +1,22 @@ +a/github/ci/prow-deploy/files/jobs/k8snetworkplumbingwg/kubemacpool/kubemacpool-postsubmits.yaml b/github/ci/prow-deploy/files/jobs/k8snetworkplumbingwg/kubemacpool/kubemacpool-postsubmits.yaml +index 061a99ae..4252fa5f 100644 +--- a/github/ci/prow-deploy/files/jobs/k8snetworkplumbingwg/kubemacpool/kubemacpool-postsubmits.yaml ++++ b/github/ci/prow-deploy/files/jobs/k8snetworkplumbingwg/kubemacpool/kubemacpool-postsubmits.yaml +@@ -14,7 +14,7 @@ postsubmits: + cluster: prow-workloads + spec: + containers: +- - image: quay.io/kubevirtci/bootstrap:v20201119-a5880e0 ++ - image: quay.io/kubevirtci/bootstrap:v20220110-c066ff5 + command: + - "/usr/local/bin/runner.sh" + - "/bin/bash" +@@ -37,7 +37,7 @@ postsubmits: + cluster: prow-workloads + spec: + containers: +- - image: quay.io/kubevirtci/bootstrap:v20201119-a5880e0 ++ - image: quay.io/kubevirtci/bootstrap:v20220110-c066ff5 + command: + - "/usr/local/bin/runner.sh" + - "/bin/bash" diff --git a/external-plugins/botreview/review/testdata/simple_bump-prow-job-images_sh.patch1 b/external-plugins/botreview/review/testdata/simple_bump-prow-job-images_sh.patch1 new file mode 100644 index 0000000000..228a491184 --- /dev/null +++ b/external-plugins/botreview/review/testdata/simple_bump-prow-job-images_sh.patch1 @@ -0,0 +1,22 @@ +a/github/ci/prow-deploy/files/jobs/k8snetworkplumbingwg/kubemacpool/kubemacpool-presubmits.yaml b/github/ci/prow-deploy/files/jobs/k8snetworkplumbingwg/kubemacpool/kubemacpool-presubmits.yaml +index de17e7a5..c1c35555 100644 +--- a/github/ci/prow-deploy/files/jobs/k8snetworkplumbingwg/kubemacpool/kubemacpool-presubmits.yaml ++++ b/github/ci/prow-deploy/files/jobs/k8snetworkplumbingwg/kubemacpool/kubemacpool-presubmits.yaml +@@ -20,7 +20,7 @@ presubmits: + preset-shared-images: "true" + spec: + containers: +- - image: quay.io/kubevirtci/kubevirt-infra-bootstrap:v20201201-08dc4a9 ++ - image: quay.io/kubevirtci/kubevirt-infra-bootstrap:v20210419-444033d + securityContext: + privileged: true + command: +@@ -50,7 +50,7 @@ presubmits: + nodeSelector: + type: bare-metal-external + containers: +- - image: quay.io/kubevirtci/kubevirt-infra-bootstrap:v20201201-08dc4a9 ++ - image: quay.io/kubevirtci/kubevirt-infra-bootstrap:v20210419-444033d + securityContext: + privileged: true + resources: diff --git a/external-plugins/botreview/server/BUILD.bazel b/external-plugins/botreview/server/BUILD.bazel new file mode 100644 index 0000000000..fc8a6f3b56 --- /dev/null +++ b/external-plugins/botreview/server/BUILD.bazel @@ -0,0 +1,16 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = ["server.go"], + importpath = "kubevirt.io/project-infra/external-plugins/botreview/server", + visibility = ["//visibility:public"], + deps = [ + "//external-plugins/botreview/review:go_default_library", + "@com_github_sirupsen_logrus//:go_default_library", + "@com_github_sourcegraph_go_diff//diff:go_default_library", + "@io_k8s_test_infra//prow/config:go_default_library", + "@io_k8s_test_infra//prow/github:go_default_library", + "@io_k8s_test_infra//prow/pluginhelp:go_default_library", + ], +) diff --git a/external-plugins/botreview/server/server.go b/external-plugins/botreview/server/server.go new file mode 100644 index 0000000000..2271e903cc --- /dev/null +++ b/external-plugins/botreview/server/server.go @@ -0,0 +1,152 @@ +package server + +import ( + "encoding/json" + "fmt" + "github.com/sirupsen/logrus" + "github.com/sourcegraph/go-diff/diff" + "k8s.io/test-infra/prow/config" + "k8s.io/test-infra/prow/github" + "k8s.io/test-infra/prow/pluginhelp" + "kubevirt.io/project-infra/external-plugins/botreview/review" + "net/http" + "os/exec" + "strings" +) + +const pluginName = "botreview" + +type issueEvent struct { + github.IssueEvent `json:",inline"` + Sender github.User `json:"sender"` +} + +type githubClient interface { + AddLabel(org, repo string, number int, label string) error + RemoveLabel(org, repo string, number int, label string) error + GetIssueLabels(org, repo string, number int) ([]github.Label, error) + CreateComment(org, repo string, number int, comment string) error + IsMember(org, user string) (bool, error) +} + +// HelpProvider construct the pluginhelp.PluginHelp for this plugin. +func HelpProvider(_ []config.OrgRepo) (*pluginhelp.PluginHelp, error) { + pluginHelp := &pluginhelp.PluginHelp{ + Description: `The botreview plugin is used to automatically perform reviews of simple pull requests.`, + } + pluginHelp.AddCommand(pluginhelp.Command{ + Usage: "/botreview", + Description: "Mark a PR or issue as a release blocker.", + Featured: true, + WhoCanUse: "Project members", + Examples: []string{"/release-blocker release-3.9", "/release-blocker release-1.15"}, + }) + return pluginHelp, nil +} + +// Server implements http.Handler. It validates incoming GitHub webhooks and +// then dispatches them to the appropriate plugins. +type Server struct { + TokenGenerator func() []byte + BotName string + + // Used for unit testing + Ghc githubClient + Log *logrus.Entry +} + +// ServeHTTP validates an incoming webhook and puts it into the event channel. +func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { + eventType, eventGUID, payload, ok, _ := github.ValidateWebhook(w, r, s.TokenGenerator) + if !ok { + return + } + + if err := s.handleEvent(eventType, eventGUID, payload); err != nil { + s.Log.WithError(err).Error("Error parsing event.") + } +} + +func (s *Server) handleEvent(eventType, eventGUID string, payload []byte) error { + l := logrus.WithFields( + logrus.Fields{ + "event-type": eventType, + github.EventGUID: eventGUID, + }, + ) + switch eventType { + //https://developer.github.com/webhooks/event-payloads/#pull_request + case "pull_request": + var pr github.PullRequestEvent + if err := json.Unmarshal(payload, &pr); err != nil { + return err + } + go func() { + if err := s.handlePR(l, pr); err != nil { + s.Log.WithError(err).WithFields(l.Data).Info("botreview failed.") + } + }() + default: + s.Log.WithFields(l.Data).Debugf("skipping event of type %q", eventType) + } + return nil +} + +func (s *Server) handlePR(l *logrus.Entry, pr github.PullRequestEvent) error { + action := pr.Action + org := pr.Repo.Owner.Login + repo := pr.Repo.Name + num := pr.Number + user := pr.Sender.Login + + return s.handlePullRequest(l, action, org, repo, num, user) +} + +func (s *Server) handlePullRequest(l *logrus.Entry, action github.PullRequestEventAction, org string, repo string, num int, user string) error { + withMessage := func(message string, args ...interface{}) string { + return fmt.Sprintf("%s/%s#%d %s! <- %s: %s", org, repo, num, string(action), user, fmt.Sprintf(message, args)) + } + infoF := func(message string, args ...interface{}) { l.Infof(withMessage(message, args)) } + fatalF := func(message string, args ...interface{}) { l.Fatalf(withMessage(message, args)) } + debugF := func(message string, args ...interface{}) { l.Debugf(withMessage(message, args)) } + + switch action { + case github.PullRequestActionOpened: + case github.PullRequestActionEdited: + case github.PullRequestActionReadyForReview: + case github.PullRequestActionReopened: + break + default: + infoF("skipping review") + return nil + } + + infoF("preparing review") + + diffCommand := exec.Command("git", "diff", "..main") + output, err := diffCommand.Output() + if err != nil { + fatalF("could not fetch diff output: %v", err) + } + + multiFileDiffReader := diff.NewMultiFileDiffReader(strings.NewReader(string(output))) + files, err := multiFileDiffReader.ReadAllFiles() + if err != nil { + fatalF("could not create diffs from output: %v", err) + } + + types := review.GuessReviewTypes(files) + debugF("review types: %v", types) + if len(types) > 1 { + infoF("doesn't look like a simple review, skipping") + return nil + } + for _, reviewType := range types { + result := reviewType.Review() + l.Infof("%+v", result) + } + + // TODO: + + return nil +} diff --git a/go.mod b/go.mod index c616d19a0f..7ad9a8d6fd 100644 --- a/go.mod +++ b/go.mod @@ -21,6 +21,7 @@ require ( github.com/prometheus/client_golang v1.14.0 github.com/r3labs/diff/v3 v3.0.1 github.com/sirupsen/logrus v1.8.1 + github.com/sourcegraph/go-diff v0.5.3 github.com/spf13/cobra v1.6.0 golang.org/x/mod v0.9.0 golang.org/x/oauth2 v0.6.0 @@ -36,6 +37,8 @@ require ( sigs.k8s.io/yaml v1.3.0 ) +require github.com/r3labs/diff/v3 v3.0.1 + require ( cloud.google.com/go v0.110.0 // indirect cloud.google.com/go/compute v1.19.0 // indirect @@ -155,6 +158,7 @@ require ( sigs.k8s.io/controller-runtime v0.9.0 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sourcegraph.com/sqs/pbtypes v1.0.0 // indirect ) replace ( diff --git a/go.sum b/go.sum index 25a346777b..77ff80fea8 100644 --- a/go.sum +++ b/go.sum @@ -1897,7 +1897,9 @@ github.com/shurcooL/githubv4 v0.0.0-20190718010115-4ba037080260/go.mod h1:hAF0iL github.com/shurcooL/githubv4 v0.0.0-20191102174205-af46314aec7b/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo= github.com/shurcooL/githubv4 v0.0.0-20210725200734-83ba7b4c9228 h1:N5B+JgvM/DVYIxreItPJMM3yWrNO/GB2q4nESrtBisM= github.com/shurcooL/githubv4 v0.0.0-20210725200734-83ba7b4c9228/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo= +github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e h1:MZM7FHLqUHYI0Y/mQAt3d2aYa0SiNms/hFqC9qJYolM= github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= +github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041 h1:llrF3Fs4018ePo4+G/HV/uQUqEI1HMDjCeOf2V6puPc= github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= github.com/shurcooL/graphql v0.0.0-20180924043259-e4a3a37e6d42/go.mod h1:AuYgA5Kyo4c7HfUmvRGs/6rGlMMV/6B1bVnB9JxJEEg= github.com/shurcooL/graphql v0.0.0-20181231061246-d48a9a75455f h1:tygelZueB1EtXkPI6mQ4o9DQ0+FKW41hTbunoXZCTqk= @@ -1925,6 +1927,7 @@ github.com/soheilhy/cmux v0.1.3/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4k github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= +github.com/sourcegraph/go-diff v0.5.3 h1:lhIKJ2nXLZZ+AfbHpYxTn0pXpNTTui0DX7DO3xeb1Zs= github.com/sourcegraph/go-diff v0.5.3/go.mod h1:v9JDtjCE4HHHCZGId75rg8gkKKa98RVjBcBGsVmMmak= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= @@ -3307,6 +3310,7 @@ sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= software.sslmate.com/src/go-pkcs12 v0.0.0-20180114231543-2291e8f0f237/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ= software.sslmate.com/src/go-pkcs12 v0.0.0-20200830195227-52f69702a001/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= +sourcegraph.com/sqs/pbtypes v1.0.0 h1:f7lAwqviDEGvON4kRv0o5V7FT/IQK+tbkF664XMbP3o= sourcegraph.com/sqs/pbtypes v1.0.0/go.mod h1:3AciMUv4qUuRHRHhOG4TZOB+72GdPVz5k+c648qsFS4= vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI= vbom.ml/util v0.0.0-20180919145318-efcd4e0f9787/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI= diff --git a/robots/cmd/botreview/BUILD.bazel b/robots/cmd/botreview/BUILD.bazel new file mode 100644 index 0000000000..e69de29bb2 From d955435763802b6558dad3a8e67dac6094cbb8cf Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Wed, 29 Jun 2022 14:47:48 +0200 Subject: [PATCH 02/17] new, review strategy: bump_kubevirtci Signed-off-by: Daniel Hiller --- .../botreview/review/bump_kubevirtci.go | 85 +++++++++++++++++++ .../botreview/review/image_update.go | 16 ---- external-plugins/botreview/review/review.go | 18 ++++ .../bump-kubevirtci/bump-kubevirtci.patch0 | 7 ++ .../bump-kubevirtci/bump-kubevirtci.patch1 | 12 +++ .../bump-kubevirtci/bump-kubevirtci.patch2 | 10 +++ .../bump-kubevirtci/bump-kubevirtci.patch3 | 7 ++ .../bump-kubevirtci/bump-kubevirtci.patch4 | 13 +++ 8 files changed, 152 insertions(+), 16 deletions(-) create mode 100644 external-plugins/botreview/review/bump_kubevirtci.go create mode 100644 external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch0 create mode 100644 external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch1 create mode 100644 external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch2 create mode 100644 external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch3 create mode 100644 external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch4 diff --git a/external-plugins/botreview/review/bump_kubevirtci.go b/external-plugins/botreview/review/bump_kubevirtci.go new file mode 100644 index 0000000000..128880c309 --- /dev/null +++ b/external-plugins/botreview/review/bump_kubevirtci.go @@ -0,0 +1,85 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package review + +import ( + "fmt" + "github.com/sourcegraph/go-diff/diff" + "regexp" + "strings" +) + +const ( + BumpKubevirtCIApproveComment = `This looks like a simple prow job image bump. The bot approves. + +/lgtm +/approve +` + BumpKubevirtCIDisapproveComment = `This doesn't look like a simple prow job image bump. + +These are the suspicious hunks I found: +` +) + +var bumpKubevirtCIHunkBodyMatcher *regexp.Regexp + +func init() { + bumpKubevirtCIHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) +} + +type BumpKubevirtCI struct { + relevantFileDiffs []*diff.FileDiff + notMatchingHunks []*diff.Hunk +} + +func (t *BumpKubevirtCI) IsRelevant() bool { + return len(t.relevantFileDiffs) > 0 +} + +func (t *BumpKubevirtCI) AddIfRelevant(fileDiff *diff.FileDiff) { + fileName := strings.TrimPrefix(fileDiff.NewName, "b/") + + // disregard all files + // * where the full path is not cluster-up-sha.txt and + // * where the path is not below cluster-up/ + if fileName != "cluster-up-sha.txt" || !strings.HasPrefix(fileName, "cluster-up/") { + return + } + + t.relevantFileDiffs = append(t.relevantFileDiffs, fileDiff) +} + +func (t *BumpKubevirtCI) Review() BotReviewResult { + result := &Result{} + + for _, fileDiff := range t.relevantFileDiffs { + for _, hunk := range fileDiff.Hunks { + if !bumpKubevirtCIHunkBodyMatcher.Match(hunk.Body) { + result.notMatchingHunks = append(result.notMatchingHunks, hunk) + } + } + } + + return result +} + +func (t *BumpKubevirtCI) String() string { + return fmt.Sprintf("relevantFileDiffs: %v", t.relevantFileDiffs) +} diff --git a/external-plugins/botreview/review/image_update.go b/external-plugins/botreview/review/image_update.go index c8975f3b7e..effa0a78e4 100644 --- a/external-plugins/botreview/review/image_update.go +++ b/external-plugins/botreview/review/image_update.go @@ -44,22 +44,6 @@ func init() { prowJobImageUpdateHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) } -type Result struct { - notMatchingHunks []*diff.Hunk -} - -func (r Result) String() string { - if len(r.notMatchingHunks) == 0 { - return prowJobImageUpdateApproveComment - } else { - comment := prowJobImageUpdateDisapproveComment - for _, hunk := range r.notMatchingHunks { - comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) - } - return comment - } -} - type ProwJobImageUpdate struct { relevantFileDiffs []*diff.FileDiff notMatchingHunks []*diff.Hunk diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go index f09dc472be..49efb99277 100644 --- a/external-plugins/botreview/review/review.go +++ b/external-plugins/botreview/review/review.go @@ -20,6 +20,7 @@ package review import ( + "fmt" "github.com/sourcegraph/go-diff/diff" ) @@ -36,6 +37,23 @@ type BotReviewResult interface { func newPossibleReviewTypes() []KindOfChange { return []KindOfChange{ &ProwJobImageUpdate{}, + &BumpKubevirtCI{}, + } +} + +type Result struct { + notMatchingHunks []*diff.Hunk +} + +func (r Result) String() string { + if len(r.notMatchingHunks) == 0 { + return prowJobImageUpdateApproveComment + } else { + comment := prowJobImageUpdateDisapproveComment + for _, hunk := range r.notMatchingHunks { + comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + } + return comment } } diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch0 b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch0 new file mode 100644 index 0000000000..6e57ec18e3 --- /dev/null +++ b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch0 @@ -0,0 +1,7 @@ +diff --git a/cluster-up-sha.txt b/cluster-up-sha.txt +index b18a36750..99c78899d 100644 +--- a/cluster-up-sha.txt ++++ b/cluster-up-sha.txt +@@ -1 +1 @@ +-f9e9772baa7cfe75aa817622a81b77843bcf0e61 ++05bbd994b17dd48cc28b90a618802850652c1e0f diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch1 b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch1 new file mode 100644 index 0000000000..4f72fbcd32 --- /dev/null +++ b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch1 @@ -0,0 +1,12 @@ +diff --git a/cluster-up/cluster/kind-1.22-sriov/sriov-components/manifests/multus/patch-args.yaml b/cluster-up/cluster/kind-1.22-sriov/sriov-components/manifests/multus/patch-args.yaml +index 6ee816998..ea9cd1092 100644 +--- a/cluster-up/cluster/kind-1.22-sriov/sriov-components/manifests/multus/patch-args.yaml ++++ b/cluster-up/cluster/kind-1.22-sriov/sriov-components/manifests/multus/patch-args.yaml +@@ -1,6 +1,6 @@ + - op: add + path: /spec/template/spec/containers/0/args/- +- value: "--multus-log-level=verbose" ++ value: "--multus-log-level=debug" + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--multus-log-file=/var/log/multus.log" diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch2 b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch2 new file mode 100644 index 0000000000..3230031668 --- /dev/null +++ b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch2 @@ -0,0 +1,10 @@ +diff --git a/cluster-up/hack/common.sh b/cluster-up/hack/common.sh +index 182e9f68f..e178ca4da 100644 +--- a/cluster-up/hack/common.sh ++++ b/cluster-up/hack/common.sh +@@ -43,4 +43,4 @@ provider_prefix=${JOB_NAME:-${KUBEVIRT_PROVIDER}}${EXECUTOR_NUMBER} + job_prefix=${JOB_NAME:-kubevirt}${EXECUTOR_NUMBER} + + mkdir -p $KUBEVIRTCI_CONFIG_PATH/$KUBEVIRT_PROVIDER +-KUBEVIRTCI_TAG=2206231410-42954ae ++KUBEVIRTCI_TAG=2206280817-4ae862e diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch3 b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch3 new file mode 100644 index 0000000000..9c657cf156 --- /dev/null +++ b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch3 @@ -0,0 +1,7 @@ +diff --git a/cluster-up/version.txt b/cluster-up/version.txt +index 2f6efe9e0..46f945ddf 100644 +--- a/cluster-up/version.txt ++++ b/cluster-up/version.txt +@@ -1 +1 @@ +-2206231410-42954ae ++2206280817-4ae862e diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch4 b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch4 new file mode 100644 index 0000000000..90913b0203 --- /dev/null +++ b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch4 @@ -0,0 +1,13 @@ +diff --git a/hack/config-default.sh b/hack/config-default.sh +index a629b3514..5717d51a3 100644 +--- a/hack/config-default.sh ++++ b/hack/config-default.sh +@@ -11,7 +11,7 @@ cdi_namespace=cdi + image_pull_policy=${IMAGE_PULL_POLICY:-IfNotPresent} + verbosity=${VERBOSITY:-2} + package_name=${PACKAGE_NAME:-kubevirt-dev} +-kubevirtci_git_hash="2206231410-42954ae" ++kubevirtci_git_hash="2206280817-4ae862e" + conn_check_ipv4_address=${CONN_CHECK_IPV4_ADDRESS:-""} + conn_check_ipv6_address=${CONN_CHECK_IPV6_ADDRESS:-""} + conn_check_dns=${CONN_CHECK_DNS:-""} From 0ade6150864c986750fe6ce94f5c0e82ebfc6c4b Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Mon, 4 Jul 2022 17:33:17 +0200 Subject: [PATCH 03/17] new, cli: robots/cmd/botreview Signed-off-by: Daniel Hiller --- external-plugins/botreview/review/review.go | 101 +++++++++++++++ external-plugins/botreview/server/server.go | 42 ++----- robots/cmd/botreview/main.go | 132 ++++++++++++++++++++ 3 files changed, 241 insertions(+), 34 deletions(-) create mode 100644 robots/cmd/botreview/main.go diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go index 49efb99277..0ce89e43f4 100644 --- a/external-plugins/botreview/review/review.go +++ b/external-plugins/botreview/review/review.go @@ -21,7 +21,11 @@ package review import ( "fmt" + "github.com/sirupsen/logrus" "github.com/sourcegraph/go-diff/diff" + "k8s.io/test-infra/prow/github" + "os/exec" + "strings" ) type KindOfChange interface { @@ -72,3 +76,100 @@ func GuessReviewTypes(fileDiffs []*diff.FileDiff) []KindOfChange { } return result } + +type BasicResult struct { + message string +} + +func (n BasicResult) String() string { + return n.message +} + +type Reviewer struct { + l *logrus.Entry + org string + repo string + num int + user string + action github.PullRequestEventAction + dryRun bool +} + +func NewReviewer(l *logrus.Entry, action github.PullRequestEventAction, org string, repo string, num int, user string, dryRun bool) *Reviewer { + return &Reviewer{ + l: l, + org: org, + repo: repo, + num: num, + user: user, + action: action, + dryRun: dryRun, + } +} + +func (r *Reviewer) withFields() *logrus.Entry { + return r.l.WithField("dryRun", r.dryRun).WithField("org", r.org).WithField("repo", r.repo).WithField("pr", r.num).WithField("user", r.user) +} +func (r *Reviewer) infoF(message string, args ...interface{}) { + r.withFields().Infof(message, args) +} +func (r *Reviewer) info(message string) { + r.withFields().Info(message) +} +func (r *Reviewer) fatalF(message string, args ...interface{}) { + r.withFields().Fatalf(message, args) +} +func (r *Reviewer) debugF(message string, args ...interface{}) { + r.withFields().Debugf(message, args) +} + +func (r *Reviewer) ReviewLocalCode() ([]BotReviewResult, error) { + + r.info("preparing review") + + diffCommand := exec.Command("git", "diff", "..main") + output, err := diffCommand.Output() + if err != nil { + r.fatalF("could not fetch diff output: %v", err) + } + + multiFileDiffReader := diff.NewMultiFileDiffReader(strings.NewReader(string(output))) + files, err := multiFileDiffReader.ReadAllFiles() + if err != nil { + r.fatalF("could not create diffs from output: %v", err) + } + + types := GuessReviewTypes(files) + if len(types) > 1 { + r.info("doesn't look like a simple review, skipping") + r.debugF("reviewTypes: %v", types) + return nil, nil + } + + results := []BotReviewResult{} + for _, reviewType := range types { + result := reviewType.Review() + results = append(results, result) + } + + return results, nil +} + +func (r *Reviewer) AttachReviewComments(botReviewResults []BotReviewResult, githubClient github.Client) error { + botUser, err := githubClient.BotUser() + if err != nil { + return fmt.Errorf("error while fetching user data: %v", err) + } + for _, reviewResult := range botReviewResults { + botReviewComment := fmt.Sprintf("@%s's review-bot says:\n\n%v", botUser.Login, reviewResult) + if !r.dryRun { + err = githubClient.CreateComment(r.org, r.repo, r.num, botReviewComment) + if err != nil { + return fmt.Errorf("error while creating review comment: %v", err) + } + } else { + r.l.Info(fmt.Sprintf("dry-run: %s/%s#%d <- %s", r.org, r.repo, r.num, botReviewComment)) + } + } + return nil +} diff --git a/external-plugins/botreview/server/server.go b/external-plugins/botreview/server/server.go index 2271e903cc..4def1c6364 100644 --- a/external-plugins/botreview/server/server.go +++ b/external-plugins/botreview/server/server.go @@ -2,16 +2,12 @@ package server import ( "encoding/json" - "fmt" "github.com/sirupsen/logrus" - "github.com/sourcegraph/go-diff/diff" "k8s.io/test-infra/prow/config" "k8s.io/test-infra/prow/github" "k8s.io/test-infra/prow/pluginhelp" "kubevirt.io/project-infra/external-plugins/botreview/review" "net/http" - "os/exec" - "strings" ) const pluginName = "botreview" @@ -103,13 +99,6 @@ func (s *Server) handlePR(l *logrus.Entry, pr github.PullRequestEvent) error { } func (s *Server) handlePullRequest(l *logrus.Entry, action github.PullRequestEventAction, org string, repo string, num int, user string) error { - withMessage := func(message string, args ...interface{}) string { - return fmt.Sprintf("%s/%s#%d %s! <- %s: %s", org, repo, num, string(action), user, fmt.Sprintf(message, args)) - } - infoF := func(message string, args ...interface{}) { l.Infof(withMessage(message, args)) } - fatalF := func(message string, args ...interface{}) { l.Fatalf(withMessage(message, args)) } - debugF := func(message string, args ...interface{}) { l.Debugf(withMessage(message, args)) } - switch action { case github.PullRequestActionOpened: case github.PullRequestActionEdited: @@ -117,36 +106,21 @@ func (s *Server) handlePullRequest(l *logrus.Entry, action github.PullRequestEve case github.PullRequestActionReopened: break default: - infoF("skipping review") + l.Info("skipping review") return nil } - infoF("preparing review") - - diffCommand := exec.Command("git", "diff", "..main") - output, err := diffCommand.Output() + // TODO: make dryRun configurable + reviewer := review.NewReviewer(l, action, org, repo, num, user, true) + botReviewResults, err := reviewer.ReviewLocalCode() if err != nil { - fatalF("could not fetch diff output: %v", err) + return err } - multiFileDiffReader := diff.NewMultiFileDiffReader(strings.NewReader(string(output))) - files, err := multiFileDiffReader.ReadAllFiles() + // TODO: casting will NOT work here + err = reviewer.AttachReviewComments(botReviewResults, s.Ghc.(github.Client)) if err != nil { - fatalF("could not create diffs from output: %v", err) + return err } - - types := review.GuessReviewTypes(files) - debugF("review types: %v", types) - if len(types) > 1 { - infoF("doesn't look like a simple review, skipping") - return nil - } - for _, reviewType := range types { - result := reviewType.Review() - l.Infof("%+v", result) - } - - // TODO: - return nil } diff --git a/robots/cmd/botreview/main.go b/robots/cmd/botreview/main.go new file mode 100644 index 0000000000..3d298f44bd --- /dev/null +++ b/robots/cmd/botreview/main.go @@ -0,0 +1,132 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package main + +import ( + "flag" + "fmt" + "github.com/sirupsen/logrus" + "k8s.io/test-infra/pkg/flagutil" + "k8s.io/test-infra/prow/config/secret" + prowflagutil "k8s.io/test-infra/prow/flagutil" + "k8s.io/test-infra/prow/github" + "kubevirt.io/project-infra/external-plugins/botreview/review" + "os" +) + +const robotName = "botreview" + +func init() { + logrus.SetFormatter(&logrus.JSONFormatter{}) + logrus.SetLevel(logrus.DebugLevel) +} + +type options struct { + pullRequestNumber int + org string + repo string + + dryRun bool + github prowflagutil.GitHubOptions + labels prowflagutil.Strings +} + +func (o *options) Validate() error { + for idx, group := range []flagutil.OptionGroup{&o.github} { + if err := group.Validate(o.dryRun); err != nil { + return fmt.Errorf("%d: %w", idx, err) + } + } + + if o.org == "" || o.repo == "" || o.pullRequestNumber == 0 { + return fmt.Errorf("org, repo and pr-number are required") + } + + return nil +} + +func gatherOptions() options { + o := options{} + fs := flag.NewFlagSet(os.Args[0], flag.ExitOnError) + fs.BoolVar(&o.dryRun, "dry-run", true, "Dry run for testing. Uses API tokens but does not mutate.") + fs.StringVar(&o.org, "org", "kubevirt", "Pull request github org.") + fs.StringVar(&o.repo, "repo", "", "Pull request github repo.") + fs.IntVar(&o.pullRequestNumber, "pr-number", 0, "Pull request to review.") + for _, group := range []flagutil.OptionGroup{&o.github} { + group.AddFlags(fs) + } + fs.Parse(os.Args[1:]) + return o +} + +func main() { + o := gatherOptions() + if err := o.Validate(); err != nil { + logrus.Fatalf("Invalid options: %v", err) + } + + log := logrus.StandardLogger().WithField("robot", robotName) + + if err := secret.Add(o.github.TokenPath); err != nil { + logrus.WithError(err).Fatal("error starting secrets agent") + } + + githubClient := o.github.GitHubClientWithAccessToken(string(secret.GetSecret(o.github.TokenPath))) + gitClient, err := o.github.GitClient(o.dryRun) + if err != nil { + logrus.WithError(err).Fatal("error getting Git client") + } + user, err := githubClient.BotUser() + if err != nil { + logrus.WithError(err).Fatal("error getting bot user") + } + + // checkout repo to a temporary directory to have it reviewed + clone, err := gitClient.Clone(o.org, o.repo) + if err != nil { + logrus.WithError(err).Fatal("error cloning repo") + } + + // checkout PR head commit, change dir + pullRequest, err := githubClient.GetPullRequest(o.org, o.repo, o.pullRequestNumber) + if err != nil { + logrus.WithError(err).Fatal("error fetching PR") + } + err = clone.Checkout(pullRequest.Head.SHA) + if err != nil { + logrus.WithError(err).Fatal("error checking out PR head commit") + } + err = os.Chdir(clone.Directory()) + if err != nil { + logrus.WithError(err).Fatal("error changing to directory") + } + + // Perform review + reviewer := review.NewReviewer(log, github.PullRequestActionEdited, o.org, o.repo, o.pullRequestNumber, user.Login, o.dryRun) + botReviewResults, err := reviewer.ReviewLocalCode() + if err != nil { + log.Errorf("error while reviewing: %v", err) + } + + err = reviewer.AttachReviewComments(botReviewResults, githubClient) + if err != nil { + log.Errorf("error while attaching review comments: %v", err) + } +} From 39092d52b5855b6f249c373a4b0aa11986f0ef51 Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Mon, 4 Jul 2022 18:01:46 +0200 Subject: [PATCH 04/17] new, review strategy: prow_autobump Signed-off-by: Daniel Hiller --- .../botreview/review/bump_kubevirtci.go | 67 +- .../botreview/review/bump_kubevirtci_test.go | 101 + .../botreview/review/image_update.go | 18 +- .../botreview/review/image_update_test.go | 6 +- .../botreview/review/prow_autobump.go | 102 + .../botreview/review/prow_autobump_test.go | 111 + external-plugins/botreview/review/review.go | 27 +- .../bump-kubevirtci/bump-kubevirtci.patch0 | 7 - .../bump-kubevirtci/bump-kubevirtci.patch1 | 12 - .../kubevirtci-bump/cluster-up-sha.txt | 7 + ...ter-up_cluster_kind-1.22-sriov_provider.sh | 25 + ...cluster_kind-1.22-sriov_sriov-node_node.sh | 42 + .../cluster-up_cluster_kind_common.sh | 118 + ...p_cluster_kind_configure-registry-proxy.sh | 22 + .../cluster-up_hack_common.sh} | 8 +- .../cluster-up_version.txt} | 6 +- .../hack_config-default.sh} | 6 +- ...om_base_configs_current_config_config.yaml | 19 + ...base_manifests_local_branch-protector.yaml | 13 + ...nifests_local_cherrypicker_deployment.yaml | 13 + ...e_manifests_local_label-sync-kubevirt.yaml | 13 + ...se_manifests_local_label-sync-nmstate.yaml | 13 + ...s_test_infra_current_crier_deployment.yaml | 13 + ...ts_test_infra_current_deck_deployment.yaml | 13 + ..._manifests_test_infra_current_ghproxy.yaml | 13 + ...ts_test_infra_current_hook_deployment.yaml | 13 + ...t_infra_current_horologium_deployment.yaml | 13 + ...infra_current_needs-rebase_deployment.yaml | 13 + ...nt_prow_controller_manager_deployment.yaml | 13 + ...-crd_prowjob_customresourcedefinition.yaml | 10052 ++++++++++++++++ ..._test_infra_current_sinker_deployment.yaml | 13 + ...a_current_statusreconciler_deployment.yaml | 13 + ...ts_test_infra_current_tide_deployment.yaml | 13 + ...on_resources_prow-exporter-deployment.yaml | 13 + robots/cmd/botreview/main.go | 5 +- 35 files changed, 10889 insertions(+), 67 deletions(-) create mode 100644 external-plugins/botreview/review/bump_kubevirtci_test.go create mode 100644 external-plugins/botreview/review/prow_autobump.go create mode 100644 external-plugins/botreview/review/prow_autobump_test.go delete mode 100644 external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch0 delete mode 100644 external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch1 create mode 100644 external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up-sha.txt create mode 100644 external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh create mode 100644 external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_sriov-node_node.sh create mode 100644 external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind_common.sh create mode 100644 external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind_configure-registry-proxy.sh rename external-plugins/botreview/review/testdata/{bump-kubevirtci/bump-kubevirtci.patch2 => kubevirtci-bump/cluster-up_hack_common.sh} (75%) rename external-plugins/botreview/review/testdata/{bump-kubevirtci/bump-kubevirtci.patch3 => kubevirtci-bump/cluster-up_version.txt} (63%) rename external-plugins/botreview/review/testdata/{bump-kubevirtci/bump-kubevirtci.patch4 => kubevirtci-bump/hack_config-default.sh} (78%) create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml create mode 100644 external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml diff --git a/external-plugins/botreview/review/bump_kubevirtci.go b/external-plugins/botreview/review/bump_kubevirtci.go index 128880c309..5d4bfec4ea 100644 --- a/external-plugins/botreview/review/bump_kubevirtci.go +++ b/external-plugins/botreview/review/bump_kubevirtci.go @@ -27,21 +27,41 @@ import ( ) const ( - BumpKubevirtCIApproveComment = `This looks like a simple prow job image bump. The bot approves. + bumpKubevirtCIApproveComment = `This looks like a simple kubevirtci bump. The bot approves. /lgtm /approve ` - BumpKubevirtCIDisapproveComment = `This doesn't look like a simple prow job image bump. + bumpKubevirtCIDisapproveComment = `This doesn't look like a simple kubevirtci bump. These are the suspicious hunks I found: ` ) -var bumpKubevirtCIHunkBodyMatcher *regexp.Regexp +var bumpKubevirtCIHackConfigDefaultMatcher *regexp.Regexp +var bumpKubevirtCIClusterUpShaMatcher *regexp.Regexp +var bumpKubevirtCIClusterUpVersionMatcher *regexp.Regexp func init() { - bumpKubevirtCIHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) + bumpKubevirtCIHackConfigDefaultMatcher = regexp.MustCompile(`(?m)^-[\s]*kubevirtci_git_hash=\"[^\s]+\"$[\n]^\+[\s]*kubevirtci_git_hash=\"[^\s]+\"$`) + bumpKubevirtCIClusterUpShaMatcher = regexp.MustCompile(`(?m)^-[\s]*[^\s]+$[\n]^\+[^\s]+$`) + bumpKubevirtCIClusterUpVersionMatcher = regexp.MustCompile(`(?m)^-[0-9]+-[a-z0-9]+$[\n]^\+[0-9]+-[a-z0-9]+$`) +} + +type BumpKubevirtCIResult struct { + notMatchingHunks []*diff.Hunk +} + +func (r BumpKubevirtCIResult) String() string { + if len(r.notMatchingHunks) == 0 { + return bumpKubevirtCIApproveComment + } else { + comment := bumpKubevirtCIDisapproveComment + for _, hunk := range r.notMatchingHunks { + comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + } + return comment + } } type BumpKubevirtCI struct { @@ -56,10 +76,13 @@ func (t *BumpKubevirtCI) IsRelevant() bool { func (t *BumpKubevirtCI) AddIfRelevant(fileDiff *diff.FileDiff) { fileName := strings.TrimPrefix(fileDiff.NewName, "b/") - // disregard all files - // * where the full path is not cluster-up-sha.txt and - // * where the path is not below cluster-up/ - if fileName != "cluster-up-sha.txt" || !strings.HasPrefix(fileName, "cluster-up/") { + // store all hunks for unwanted files + if fileName != "cluster-up-sha.txt" && + fileName != "hack/config-default.sh" && + !strings.HasPrefix(fileName, "cluster-up/") { + for _, hunk := range fileDiff.Hunks { + t.notMatchingHunks = append(t.notMatchingHunks, hunk) + } return } @@ -67,16 +90,36 @@ func (t *BumpKubevirtCI) AddIfRelevant(fileDiff *diff.FileDiff) { } func (t *BumpKubevirtCI) Review() BotReviewResult { - result := &Result{} + result := &BumpKubevirtCIResult{} for _, fileDiff := range t.relevantFileDiffs { - for _, hunk := range fileDiff.Hunks { - if !bumpKubevirtCIHunkBodyMatcher.Match(hunk.Body) { - result.notMatchingHunks = append(result.notMatchingHunks, hunk) + fileName := strings.TrimPrefix(fileDiff.NewName, "b/") + switch fileName { + case "cluster-up-sha.txt": + for _, hunk := range fileDiff.Hunks { + if !bumpKubevirtCIClusterUpShaMatcher.Match(hunk.Body) { + result.notMatchingHunks = append(result.notMatchingHunks, hunk) + } } + case "hack/config-default.sh": + for _, hunk := range fileDiff.Hunks { + if !bumpKubevirtCIHackConfigDefaultMatcher.Match(hunk.Body) { + result.notMatchingHunks = append(result.notMatchingHunks, hunk) + } + } + case "cluster-up/version.txt": + for _, hunk := range fileDiff.Hunks { + if !bumpKubevirtCIClusterUpVersionMatcher.Match(hunk.Body) { + result.notMatchingHunks = append(result.notMatchingHunks, hunk) + } + } + default: + // no checks since we can't do anything reasonable here } } + result.notMatchingHunks = append(result.notMatchingHunks, t.notMatchingHunks...) + return result } diff --git a/external-plugins/botreview/review/bump_kubevirtci_test.go b/external-plugins/botreview/review/bump_kubevirtci_test.go new file mode 100644 index 0000000000..ca94cfb3cd --- /dev/null +++ b/external-plugins/botreview/review/bump_kubevirtci_test.go @@ -0,0 +1,101 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package review + +import ( + "github.com/sourcegraph/go-diff/diff" + "os" + "path/filepath" + "reflect" + "testing" +) + +func TestBumpKubevirtCI_Review(t1 *testing.T) { + diffFilePathes := []string{} + entries, err := os.ReadDir("testdata/kubevirtci-bump") + if err != nil { + t1.Errorf("failed to read files: %v", err) + } + for _, entry := range entries { + diffFilePathes = append(diffFilePathes, filepath.Join("testdata/kubevirtci-bump", entry.Name())) + } + diffFilePathes = append(diffFilePathes, "testdata/mixed_bump_prow_job.patch0") + diffFilePathesToDiffs := map[string]*diff.FileDiff{} + for _, diffFile := range diffFilePathes { + bump_images_diff_file, err := os.ReadFile(diffFile) + if err != nil { + t1.Errorf("failed to read diff: %v", err) + } + bump_file_diffs, err := diff.ParseFileDiff(bump_images_diff_file) + if err != nil { + t1.Errorf("failed to read diff: %v", err) + } + diffFilePathesToDiffs[diffFile] = bump_file_diffs + } + type fields struct { + relevantFileDiffs []*diff.FileDiff + } + tests := []struct { + name string + fields fields + want *BumpKubevirtCIResult + }{ + { + name: "simple prow autobump", + fields: fields{ + relevantFileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up-sha.txt"], + diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh"], + diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_sriov-node_node.sh"], + diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind_common.sh"], + diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind_configure-registry-proxy.sh"], + diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_hack_common.sh"], + diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_version.txt"], + diffFilePathesToDiffs["testdata/kubevirtci-bump/hack_config-default.sh"], + }, + }, + want: &BumpKubevirtCIResult{}, + }, + { + name: "mixed image bump", + fields: fields{ + relevantFileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up-sha.txt"], + diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh"], + diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"], + }, + }, + want: &BumpKubevirtCIResult{ + notMatchingHunks: diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks, + }, + }, + } + for _, tt := range tests { + t1.Run(tt.name, func(t1 *testing.T) { + t := &BumpKubevirtCI{} + for _, diff := range tt.fields.relevantFileDiffs { + t.AddIfRelevant(diff) + } + if got := t.Review(); !reflect.DeepEqual(got, tt.want) { + t1.Errorf("Review() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/external-plugins/botreview/review/image_update.go b/external-plugins/botreview/review/image_update.go index effa0a78e4..f514c47c29 100644 --- a/external-plugins/botreview/review/image_update.go +++ b/external-plugins/botreview/review/image_update.go @@ -44,6 +44,22 @@ func init() { prowJobImageUpdateHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) } +type ProwJobImageUpdateResult struct { + notMatchingHunks []*diff.Hunk +} + +func (r ProwJobImageUpdateResult) String() string { + if len(r.notMatchingHunks) == 0 { + return prowJobImageUpdateApproveComment + } else { + comment := prowJobImageUpdateDisapproveComment + for _, hunk := range r.notMatchingHunks { + comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + } + return comment + } +} + type ProwJobImageUpdate struct { relevantFileDiffs []*diff.FileDiff notMatchingHunks []*diff.Hunk @@ -70,7 +86,7 @@ func (t *ProwJobImageUpdate) AddIfRelevant(fileDiff *diff.FileDiff) { } func (t *ProwJobImageUpdate) Review() BotReviewResult { - result := &Result{} + result := &ProwJobImageUpdateResult{} for _, fileDiff := range t.relevantFileDiffs { for _, hunk := range fileDiff.Hunks { diff --git a/external-plugins/botreview/review/image_update_test.go b/external-plugins/botreview/review/image_update_test.go index d0589e3bc9..02720b5211 100644 --- a/external-plugins/botreview/review/image_update_test.go +++ b/external-plugins/botreview/review/image_update_test.go @@ -50,7 +50,7 @@ func TestProwJobImageUpdate_Review(t1 *testing.T) { tests := []struct { name string fields fields - want *Result + want *ProwJobImageUpdateResult }{ { name: "simple image bump", @@ -60,7 +60,7 @@ func TestProwJobImageUpdate_Review(t1 *testing.T) { diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], }, }, - want: &Result{}, + want: &ProwJobImageUpdateResult{}, }, { name: "mixed image bump", @@ -69,7 +69,7 @@ func TestProwJobImageUpdate_Review(t1 *testing.T) { diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"], }, }, - want: &Result{ + want: &ProwJobImageUpdateResult{ notMatchingHunks: []*diff.Hunk{ diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks[0], }, diff --git a/external-plugins/botreview/review/prow_autobump.go b/external-plugins/botreview/review/prow_autobump.go new file mode 100644 index 0000000000..ec4b099446 --- /dev/null +++ b/external-plugins/botreview/review/prow_autobump.go @@ -0,0 +1,102 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package review + +import ( + "fmt" + "github.com/sourcegraph/go-diff/diff" + "regexp" + "strings" +) + +const ( + prowAutobumpApproveComment = `This looks like a simple prow autobump. The bot approves. + +/lgtm +/approve + +**Note**: the bot holds for manual removal when the time is right for this to go in. + +/hold +` + prowAutobumpDisapproveComment = `This doesn't look like a simple prow autobump. + +These are the suspicious hunks I found: +` +) + +var prowAutobumpHunkBodyMatcher *regexp.Regexp + +func init() { + prowAutobumpHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) +} + +type ProwAutobumpResult struct { + notMatchingHunks []*diff.Hunk +} + +func (r ProwAutobumpResult) String() string { + if len(r.notMatchingHunks) == 0 { + return prowAutobumpApproveComment + } else { + comment := prowAutobumpDisapproveComment + for _, hunk := range r.notMatchingHunks { + comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + } + return comment + } +} + +type ProwAutobump struct { + relevantFileDiffs []*diff.FileDiff + notMatchingHunks []*diff.Hunk +} + +func (t *ProwAutobump) IsRelevant() bool { + return len(t.relevantFileDiffs) > 0 +} + +func (t *ProwAutobump) AddIfRelevant(fileDiff *diff.FileDiff) { + fileName := strings.TrimPrefix(fileDiff.NewName, "b/") + + if !strings.HasPrefix(fileName, "github/ci/prow-deploy/kustom") { + return + } + + t.relevantFileDiffs = append(t.relevantFileDiffs, fileDiff) +} + +func (t *ProwAutobump) Review() BotReviewResult { + result := &ProwAutobumpResult{} + + for _, fileDiff := range t.relevantFileDiffs { + for _, hunk := range fileDiff.Hunks { + if !prowAutobumpHunkBodyMatcher.Match(hunk.Body) { + result.notMatchingHunks = append(result.notMatchingHunks, hunk) + } + } + } + + return result +} + +func (t *ProwAutobump) String() string { + return fmt.Sprintf("relevantFileDiffs: %v", t.relevantFileDiffs) +} diff --git a/external-plugins/botreview/review/prow_autobump_test.go b/external-plugins/botreview/review/prow_autobump_test.go new file mode 100644 index 0000000000..5e10c991a9 --- /dev/null +++ b/external-plugins/botreview/review/prow_autobump_test.go @@ -0,0 +1,111 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright 2022 Red Hat, Inc. + * + */ + +package review + +import ( + "github.com/sourcegraph/go-diff/diff" + "os" + "path/filepath" + "reflect" + "testing" +) + +func TestProwAutobump_Review(t1 *testing.T) { + diffFilePathes := []string{} + entries, err := os.ReadDir("testdata/prow-autobump") + if err != nil { + t1.Errorf("failed to read files: %v", err) + } + for _, entry := range entries { + diffFilePathes = append(diffFilePathes, filepath.Join("testdata/prow-autobump", entry.Name())) + } + diffFilePathesToDiffs := map[string]*diff.FileDiff{} + for _, diffFile := range diffFilePathes { + bump_images_diff_file, err := os.ReadFile(diffFile) + if err != nil { + t1.Errorf("failed to read diff: %v", err) + } + bump_file_diffs, err := diff.ParseFileDiff(bump_images_diff_file) + if err != nil { + t1.Errorf("failed to read diff: %v", err) + } + diffFilePathesToDiffs[diffFile] = bump_file_diffs + } + type fields struct { + relevantFileDiffs []*diff.FileDiff + } + tests := []struct { + name string + fields fields + want *ProwJobImageUpdateResult + }{ + { + name: "simple prow autobump", + fields: fields{ + relevantFileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml"], + }, + }, + want: &ProwJobImageUpdateResult{}, + }, + { + name: "mixed image bump", + fields: fields{ + relevantFileDiffs: []*diff.FileDiff{ + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml"], + diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"], + }, + }, + want: &ProwJobImageUpdateResult{ + notMatchingHunks: []*diff.Hunk{ + diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks[0], + }, + }, + }, + } + for _, tt := range tests { + t1.Run(tt.name, func(t1 *testing.T) { + t := &ProwAutobump{ + relevantFileDiffs: tt.fields.relevantFileDiffs, + } + if got := t.Review(); !reflect.DeepEqual(got, tt.want) { + t1.Errorf("Review() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go index 0ce89e43f4..3336ac7ccd 100644 --- a/external-plugins/botreview/review/review.go +++ b/external-plugins/botreview/review/review.go @@ -42,22 +42,7 @@ func newPossibleReviewTypes() []KindOfChange { return []KindOfChange{ &ProwJobImageUpdate{}, &BumpKubevirtCI{}, - } -} - -type Result struct { - notMatchingHunks []*diff.Hunk -} - -func (r Result) String() string { - if len(r.notMatchingHunks) == 0 { - return prowJobImageUpdateApproveComment - } else { - comment := prowJobImageUpdateDisapproveComment - for _, hunk := range r.notMatchingHunks { - comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) - } - return comment + &ProwAutobump{}, } } @@ -110,17 +95,17 @@ func NewReviewer(l *logrus.Entry, action github.PullRequestEventAction, org stri func (r *Reviewer) withFields() *logrus.Entry { return r.l.WithField("dryRun", r.dryRun).WithField("org", r.org).WithField("repo", r.repo).WithField("pr", r.num).WithField("user", r.user) } -func (r *Reviewer) infoF(message string, args ...interface{}) { - r.withFields().Infof(message, args) -} func (r *Reviewer) info(message string) { r.withFields().Info(message) } +func (r *Reviewer) infoF(message string, args ...interface{}) { + r.withFields().Infof(message, args...) +} func (r *Reviewer) fatalF(message string, args ...interface{}) { - r.withFields().Fatalf(message, args) + r.withFields().Fatalf(message, args...) } func (r *Reviewer) debugF(message string, args ...interface{}) { - r.withFields().Debugf(message, args) + r.withFields().Debugf(message, args...) } func (r *Reviewer) ReviewLocalCode() ([]BotReviewResult, error) { diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch0 b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch0 deleted file mode 100644 index 6e57ec18e3..0000000000 --- a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch0 +++ /dev/null @@ -1,7 +0,0 @@ -diff --git a/cluster-up-sha.txt b/cluster-up-sha.txt -index b18a36750..99c78899d 100644 ---- a/cluster-up-sha.txt -+++ b/cluster-up-sha.txt -@@ -1 +1 @@ --f9e9772baa7cfe75aa817622a81b77843bcf0e61 -+05bbd994b17dd48cc28b90a618802850652c1e0f diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch1 b/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch1 deleted file mode 100644 index 4f72fbcd32..0000000000 --- a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch1 +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/cluster-up/cluster/kind-1.22-sriov/sriov-components/manifests/multus/patch-args.yaml b/cluster-up/cluster/kind-1.22-sriov/sriov-components/manifests/multus/patch-args.yaml -index 6ee816998..ea9cd1092 100644 ---- a/cluster-up/cluster/kind-1.22-sriov/sriov-components/manifests/multus/patch-args.yaml -+++ b/cluster-up/cluster/kind-1.22-sriov/sriov-components/manifests/multus/patch-args.yaml -@@ -1,6 +1,6 @@ - - op: add - path: /spec/template/spec/containers/0/args/- -- value: "--multus-log-level=verbose" -+ value: "--multus-log-level=debug" - - op: add - path: /spec/template/spec/containers/0/args/- - value: "--multus-log-file=/var/log/multus.log" diff --git a/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up-sha.txt b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up-sha.txt new file mode 100644 index 0000000000..5ebff622da --- /dev/null +++ b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up-sha.txt @@ -0,0 +1,7 @@ +diff --git a/cluster-up-sha.txt b/cluster-up-sha.txt +index 640df6bd4..4fed8da0b 100644 +--- a/cluster-up-sha.txt ++++ b/cluster-up-sha.txt +@@ -1 +1 @@ +-358d9700101b03a3fb54c1944e4b890f382b4038 ++1518a55b959b5d79d7a8ab1a3b8b703a557db466 diff --git a/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh new file mode 100644 index 0000000000..c62aaad200 --- /dev/null +++ b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh @@ -0,0 +1,25 @@ +diff --git a/cluster-up/cluster/kind-1.22-sriov/provider.sh b/cluster-up/cluster/kind-1.22-sriov/provider.sh +index dcaf1b041..9faf391c7 100755 +--- a/cluster-up/cluster/kind-1.22-sriov/provider.sh ++++ b/cluster-up/cluster/kind-1.22-sriov/provider.sh +@@ -29,9 +29,9 @@ function print_sriov_data() { + if [[ ! "$node" =~ .*"control-plane".* ]]; then + echo "Node: $node" + echo "VFs:" +- docker exec $node bash -c "ls -l /sys/class/net/*/device/virtfn*" ++ ${CRI_BIN} exec $node bash -c "ls -l /sys/class/net/*/device/virtfn*" + echo "PFs PCI Addresses:" +- docker exec $node bash -c "grep PCI_SLOT_NAME /sys/class/net/*/device/uevent" ++ ${CRI_BIN} exec $node bash -c "grep PCI_SLOT_NAME /sys/class/net/*/device/uevent" + fi + done + } +@@ -51,7 +51,7 @@ function configure_registry_proxy() { + function up() { + # print hardware info for easier debugging based on logs + echo 'Available NICs' +- docker run --rm --cap-add=SYS_RAWIO quay.io/phoracek/lspci@sha256:0f3cacf7098202ef284308c64e3fc0ba441871a846022bb87d65ff130c79adb1 sh -c "lspci | egrep -i 'network|ethernet'" ++ ${CRI_BIN} run --rm --cap-add=SYS_RAWIO quay.io/phoracek/lspci@sha256:0f3cacf7098202ef284308c64e3fc0ba441871a846022bb87d65ff130c79adb1 sh -c "lspci | egrep -i 'network|ethernet'" + echo "" + + cp $KIND_MANIFESTS_DIR/kind.yaml ${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/kind.yaml diff --git a/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_sriov-node_node.sh b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_sriov-node_node.sh new file mode 100644 index 0000000000..003711ba2a --- /dev/null +++ b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_sriov-node_node.sh @@ -0,0 +1,42 @@ +diff --git a/cluster-up/cluster/kind-1.22-sriov/sriov-node/node.sh b/cluster-up/cluster/kind-1.22-sriov/sriov-node/node.sh +index 61eb40244..8d1a997c2 100644 +--- a/cluster-up/cluster/kind-1.22-sriov/sriov-node/node.sh ++++ b/cluster-up/cluster/kind-1.22-sriov/sriov-node/node.sh +@@ -56,7 +56,7 @@ function node::configure_sriov_pfs() { + pfs_in_use+=( $pf_name ) + + # KIND mounts sysfs as read-only by default, remount as R/W" +- node_exec="docker exec $node" ++ node_exec="${CRI_BIN} exec $node" + $node_exec mount -o remount,rw /sys + + ls_node_dev_vfio="${node_exec} ls -la -Z /dev/vfio" +@@ -81,15 +81,15 @@ function node::configure_sriov_vfs() { + local -r config_vf_script=$(basename "$CONFIGURE_VFS_SCRIPT_PATH") + + for node in "${nodes_array[@]}"; do +- docker cp "$CONFIGURE_VFS_SCRIPT_PATH" "$node:/" +- docker exec "$node" bash -c "DRIVER=$driver DRIVER_KMODULE=$driver_kmodule VFS_COUNT=$vfs_count ./$config_vf_script" +- docker exec "$node" ls -la -Z /dev/vfio ++ ${CRI_BIN} cp "$CONFIGURE_VFS_SCRIPT_PATH" "$node:/" ++ ${CRI_BIN} exec "$node" bash -c "DRIVER=$driver DRIVER_KMODULE=$driver_kmodule VFS_COUNT=$vfs_count ./$config_vf_script" ++ ${CRI_BIN} exec "$node" ls -la -Z /dev/vfio + done + } + + function prepare_node_netns() { + local -r node_name=$1 +- local -r node_pid=$(docker inspect -f '{{.State.Pid}}' "$node_name") ++ local -r node_pid=$($CRI_BIN inspect -f '{{.State.Pid}}' "$node_name") + + # Docker does not create the required symlink for a container netns + # it perverts iplink from learning that container netns. +@@ -112,7 +112,7 @@ function move_pf_to_node_netns() { + + function node::total_vfs_count() { + local -r node_name=$1 +- local -r node_pid=$(docker inspect -f '{{.State.Pid}}' "$node_name") ++ local -r node_pid=$($CRI_BIN inspect -f '{{.State.Pid}}' "$node_name") + local -r pfs_sriov_numvfs=( $(cat /proc/$node_pid/root/sys/class/net/*/device/sriov_numvfs) ) + local total_vfs_on_node=0 + diff --git a/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind_common.sh b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind_common.sh new file mode 100644 index 0000000000..30858ae700 --- /dev/null +++ b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind_common.sh @@ -0,0 +1,118 @@ +diff --git a/cluster-up/cluster/kind/common.sh b/cluster-up/cluster/kind/common.sh +index d7e6ecc67..1bbedb63d 100755 +--- a/cluster-up/cluster/kind/common.sh ++++ b/cluster-up/cluster/kind/common.sh +@@ -2,6 +2,12 @@ + + set -e + ++function detect_cri() { ++ if podman ps >/dev/null 2>&1; then echo podman; elif docker ps >/dev/null 2>&1; then echo docker; fi ++} ++ ++export CRI_BIN=${CRI_BIN:-$(detect_cri)} ++ + # check CPU arch + PLATFORM=$(uname -m) + case ${PLATFORM} in +@@ -20,9 +26,9 @@ aarch64* | arm64*) + ;; + esac + +-NODE_CMD="docker exec -it -d " ++NODE_CMD="${CRI_BIN} exec -it -d " + export KIND_MANIFESTS_DIR="${KUBEVIRTCI_PATH}/cluster/kind/manifests" +-export KIND_NODE_CLI="docker exec -it " ++export KIND_NODE_CLI="${CRI_BIN} exec -it " + export KUBEVIRTCI_PATH + export KUBEVIRTCI_CONFIG_PATH + KIND_DEFAULT_NETWORK="kind" +@@ -44,7 +50,7 @@ function _wait_kind_up { + else + selector="control-plane" + fi +- while [ -z "$(docker exec --privileged ${CLUSTER_NAME}-control-plane kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes --selector=node-role.kubernetes.io/${selector} -o=jsonpath='{.items..status.conditions[-1:].status}' | grep True)" ]; do ++ while [ -z "$(${CRI_BIN} exec --privileged ${CLUSTER_NAME}-control-plane kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes --selector=node-role.kubernetes.io/${selector} -o=jsonpath='{.items..status.conditions[-1:].status}' | grep True)" ]; do + echo "Waiting for kind to be ready ..." + sleep 10 + done +@@ -83,18 +89,18 @@ function _insecure-registry-config-cmd() { + + # this works since the nodes use the same names as containers + function _ssh_into_node() { +- docker exec -it "$1" bash ++ ${CRI_BIN} exec -it "$1" bash + } + + function _run_registry() { + local -r network=${1} + +- until [ -z "$(docker ps -a | grep $REGISTRY_NAME)" ]; do +- docker stop $REGISTRY_NAME || true +- docker rm $REGISTRY_NAME || true ++ until [ -z "$($CRI_BIN ps -a | grep $REGISTRY_NAME)" ]; do ++ ${CRI_BIN} stop $REGISTRY_NAME || true ++ ${CRI_BIN} rm $REGISTRY_NAME || true + sleep 5 + done +- docker run -d --network=${network} -p $HOST_PORT:5000 --restart=always --name $REGISTRY_NAME quay.io/kubevirtci/library-registry:2.7.1 ++ ${CRI_BIN} run -d --network=${network} -p $HOST_PORT:5000 --restart=always --name $REGISTRY_NAME quay.io/kubevirtci/library-registry:2.7.1 + + } + +@@ -103,7 +109,7 @@ function _configure_registry_on_node() { + local -r network=${2} + + _configure-insecure-registry-and-reload "${NODE_CMD} ${node} bash -c" +- ${NODE_CMD} ${node} sh -c "echo $(docker inspect --format "{{.NetworkSettings.Networks.${network}.IPAddress }}" $REGISTRY_NAME)'\t'registry >> /etc/hosts" ++ ${NODE_CMD} ${node} sh -c "echo $(${CRI_BIN} inspect --format "{{.NetworkSettings.Networks.${network}.IPAddress }}" $REGISTRY_NAME)'\t'registry >> /etc/hosts" + } + + function _install_cnis { +@@ -120,8 +126,8 @@ function _install_cni_plugins { + fi + + for node in $(_get_nodes | awk '{print $1}'); do +- docker cp "${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/$CNI_ARCHIVE" $node:/ +- docker exec $node /bin/sh -c "tar xf $CNI_ARCHIVE -C /opt/cni/bin" ++ ${CRI_BIN} cp "${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/$CNI_ARCHIVE" $node:/ ++ ${CRI_BIN} exec $node /bin/sh -c "tar xf $CNI_ARCHIVE -C /opt/cni/bin" + done + } + +@@ -173,24 +179,20 @@ function _fix_node_labels() { + done + } + +-function _get_cri_bridge_mtu() { +- docker network inspect -f '{{index .Options "com.docker.network.driver.mtu"}}' bridge +-} +- + function setup_kind() { + $KIND --loglevel debug create cluster --retain --name=${CLUSTER_NAME} --config=${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/kind.yaml --image=$KIND_NODE_IMAGE + $KIND get kubeconfig --name=${CLUSTER_NAME} > ${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/.kubeconfig + +- docker cp ${CLUSTER_NAME}-control-plane:$KUBECTL_PATH ${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/.kubectl ++ ${CRI_BIN} cp ${CLUSTER_NAME}-control-plane:$KUBECTL_PATH ${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/.kubectl + chmod u+x ${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/.kubectl + + if [ $KUBEVIRT_WITH_KIND_ETCD_IN_MEMORY == "true" ]; then + for node in $(_get_nodes | awk '{print $1}' | grep control-plane); do + echo "[$node] Checking KIND cluster etcd data is mounted to RAM: $ETCD_IN_MEMORY_DATA_DIR" +- docker exec $node df -h $(dirname $ETCD_IN_MEMORY_DATA_DIR) | grep -P '(tmpfs|ramfs)' ++ ${CRI_BIN} exec $node df -h $(dirname $ETCD_IN_MEMORY_DATA_DIR) | grep -P '(tmpfs|ramfs)' + [ $(echo $?) != 0 ] && echo "[$node] etcd data directory is not mounted to RAM" && return 1 + +- docker exec $node du -h $ETCD_IN_MEMORY_DATA_DIR ++ ${CRI_BIN} exec $node du -h $ETCD_IN_MEMORY_DATA_DIR + [ $(echo $?) != 0 ] && echo "[$node] Failed to check etcd data directory" && return 1 + done + fi +@@ -306,6 +308,6 @@ function down() { + fi + # On CI, avoid failing an entire test run just because of a deletion error + $KIND delete cluster --name=${CLUSTER_NAME} || [ "$CI" = "true" ] +- docker rm -f $REGISTRY_NAME >> /dev/null ++ ${CRI_BIN} rm -f $REGISTRY_NAME >> /dev/null + rm -f ${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/kind.yaml + } diff --git a/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind_configure-registry-proxy.sh b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind_configure-registry-proxy.sh new file mode 100644 index 0000000000..8f729f695c --- /dev/null +++ b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_cluster_kind_configure-registry-proxy.sh @@ -0,0 +1,22 @@ +diff --git a/cluster-up/cluster/kind/configure-registry-proxy.sh b/cluster-up/cluster/kind/configure-registry-proxy.sh +index f68cbfe0f..5b1a5abd2 100755 +--- a/cluster-up/cluster/kind/configure-registry-proxy.sh ++++ b/cluster-up/cluster/kind/configure-registry-proxy.sh +@@ -20,7 +20,7 @@ + + set -ex + +-CRI=${CRI:-docker} ++CRI_BIN=${CRI_BIN:-docker} + + KIND_BIN="${KIND_BIN:-./kind}" + PROXY_HOSTNAME="${PROXY_HOSTNAME:-docker-registry-proxy}" +@@ -29,7 +29,7 @@ CLUSTER_NAME="${CLUSTER_NAME:-sriov}" + SETUP_URL="http://${PROXY_HOSTNAME}:3128/setup/systemd" + pids="" + for node in $($KIND_BIN get nodes --name "$CLUSTER_NAME"); do +- $CRI exec "$node" sh -c "\ ++ $CRI_BIN exec "$node" sh -c "\ + curl $SETUP_URL | \ + sed s/docker\.service/containerd\.service/g | \ + sed '/Environment/ s/$/ \"NO_PROXY=127.0.0.0\/8,10.0.0.0\/8,172.16.0.0\/12,192.168.0.0\/16\"/' | \ diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch2 b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_hack_common.sh similarity index 75% rename from external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch2 rename to external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_hack_common.sh index 3230031668..71bec73572 100644 --- a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch2 +++ b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_hack_common.sh @@ -1,10 +1,10 @@ diff --git a/cluster-up/hack/common.sh b/cluster-up/hack/common.sh -index 182e9f68f..e178ca4da 100644 +index 3b2e31000..4802c83a8 100644 --- a/cluster-up/hack/common.sh +++ b/cluster-up/hack/common.sh @@ -43,4 +43,4 @@ provider_prefix=${JOB_NAME:-${KUBEVIRT_PROVIDER}}${EXECUTOR_NUMBER} job_prefix=${JOB_NAME:-kubevirt}${EXECUTOR_NUMBER} - + mkdir -p $KUBEVIRTCI_CONFIG_PATH/$KUBEVIRT_PROVIDER --KUBEVIRTCI_TAG=2206231410-42954ae -+KUBEVIRTCI_TAG=2206280817-4ae862e +-KUBEVIRTCI_TAG=2206291207-35b9c64 ++KUBEVIRTCI_TAG=2207050817-da6af04 diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch3 b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_version.txt similarity index 63% rename from external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch3 rename to external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_version.txt index 9c657cf156..373431e5b4 100644 --- a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch3 +++ b/external-plugins/botreview/review/testdata/kubevirtci-bump/cluster-up_version.txt @@ -1,7 +1,7 @@ diff --git a/cluster-up/version.txt b/cluster-up/version.txt -index 2f6efe9e0..46f945ddf 100644 +index 10bd2f144..0bd98282e 100644 --- a/cluster-up/version.txt +++ b/cluster-up/version.txt @@ -1 +1 @@ --2206231410-42954ae -+2206280817-4ae862e +-2206291207-35b9c64 ++2207050817-da6af04 diff --git a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch4 b/external-plugins/botreview/review/testdata/kubevirtci-bump/hack_config-default.sh similarity index 78% rename from external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch4 rename to external-plugins/botreview/review/testdata/kubevirtci-bump/hack_config-default.sh index 90913b0203..79a6fba541 100644 --- a/external-plugins/botreview/review/testdata/bump-kubevirtci/bump-kubevirtci.patch4 +++ b/external-plugins/botreview/review/testdata/kubevirtci-bump/hack_config-default.sh @@ -1,13 +1,13 @@ diff --git a/hack/config-default.sh b/hack/config-default.sh -index a629b3514..5717d51a3 100644 +index d31a3f988..b2a761a80 100644 --- a/hack/config-default.sh +++ b/hack/config-default.sh @@ -11,7 +11,7 @@ cdi_namespace=cdi image_pull_policy=${IMAGE_PULL_POLICY:-IfNotPresent} verbosity=${VERBOSITY:-2} package_name=${PACKAGE_NAME:-kubevirt-dev} --kubevirtci_git_hash="2206231410-42954ae" -+kubevirtci_git_hash="2206280817-4ae862e" +-kubevirtci_git_hash="2206291207-35b9c64" ++kubevirtci_git_hash="2207050817-da6af04" conn_check_ipv4_address=${CONN_CHECK_IPV4_ADDRESS:-""} conn_check_ipv6_address=${CONN_CHECK_IPV6_ADDRESS:-""} conn_check_dns=${CONN_CHECK_DNS:-""} diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml new file mode 100644 index 0000000000..dac3fa78a8 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml @@ -0,0 +1,19 @@ +diff --git a/github/ci/prow-deploy/kustom/base/configs/current/config/config.yaml b/github/ci/prow-deploy/kustom/base/configs/current/config/config.yaml +index f5b78ae4..caf58002 100644 +--- a/github/ci/prow-deploy/kustom/base/configs/current/config/config.yaml ++++ b/github/ci/prow-deploy/kustom/base/configs/current/config/config.yaml +@@ -9,10 +9,10 @@ plank: + timeout: 2h + grace_period: 15s + utility_images: +- clonerefs: "gcr.io/k8s-prow/clonerefs:v20220526-c15dd4997d" +- initupload: "gcr.io/k8s-prow/initupload:v20220526-c15dd4997d" +- entrypoint: "gcr.io/k8s-prow/entrypoint:v20220526-c15dd4997d" +- sidecar: "gcr.io/k8s-prow/sidecar:v20220526-c15dd4997d" ++ clonerefs: "gcr.io/k8s-prow/clonerefs:v20220630-695df9040a" ++ initupload: "gcr.io/k8s-prow/initupload:v20220630-695df9040a" ++ entrypoint: "gcr.io/k8s-prow/entrypoint:v20220630-695df9040a" ++ sidecar: "gcr.io/k8s-prow/sidecar:v20220630-695df9040a" + gcs_configuration: + bucket: "kubevirt-prow" + path_strategy: "explicit" diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml new file mode 100644 index 0000000000..61a8da53de --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/branch-protector.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/branch-protector.yaml +index 4bf2effc..47c61de4 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/local/branch-protector.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/local/branch-protector.yaml +@@ -14,7 +14,7 @@ spec: + spec: + containers: + - name: branchprotector +- image: gcr.io/k8s-prow/branchprotector:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/branchprotector:v20220630-695df9040a + args: + - --config-path=/etc/config/config.yaml + - --job-config-path=/etc/job-config diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml new file mode 100644 index 0000000000..1dd34090bc --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/cherrypicker_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/cherrypicker_deployment.yaml +index afe3d602..4f68ac45 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/local/cherrypicker_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/local/cherrypicker_deployment.yaml +@@ -31,7 +31,7 @@ spec: + terminationGracePeriodSeconds: 180 + containers: + - name: cherrypicker +- image: gcr.io/k8s-prow/cherrypicker:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/cherrypicker:v20220630-695df9040a + imagePullPolicy: Always + args: + - --dry-run=false diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml new file mode 100644 index 0000000000..0e1b685cff --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/label-sync-kubevirt.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/label-sync-kubevirt.yaml +index 7a1fd8d2..824e0fb1 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/local/label-sync-kubevirt.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/local/label-sync-kubevirt.yaml +@@ -29,7 +29,7 @@ spec: + spec: + containers: + - name: label-sync +- image: gcr.io/k8s-prow/label_sync:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/label_sync:v20220630-695df9040a + args: + - --config=/etc/config/labels.yaml + - --confirm=true diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml new file mode 100644 index 0000000000..814ff7226f --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/label-sync-nmstate.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/label-sync-nmstate.yaml +index 9365758e..1059d957 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/local/label-sync-nmstate.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/local/label-sync-nmstate.yaml +@@ -29,7 +29,7 @@ spec: + spec: + containers: + - name: label-sync +- image: gcr.io/k8s-prow/label_sync:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/label_sync:v20220630-695df9040a + args: + - --config=/etc/config/labels.yaml + - --confirm=true diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml new file mode 100644 index 0000000000..de4e31eb98 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/crier_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/crier_deployment.yaml +index 9a0d4294..66975ff2 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/crier_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/crier_deployment.yaml +@@ -33,7 +33,7 @@ spec: + terminationGracePeriodSeconds: 30 + containers: + - name: crier +- image: gcr.io/k8s-prow/crier:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/crier:v20220630-695df9040a + args: + - --blob-storage-workers=1 + - --config-path=/etc/config/config.yaml diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml new file mode 100644 index 0000000000..00db425fe6 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/deck_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/deck_deployment.yaml +index 312ce1b1..764cffa6 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/deck_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/deck_deployment.yaml +@@ -38,7 +38,7 @@ spec: + terminationGracePeriodSeconds: 30 + containers: + - name: deck +- image: gcr.io/k8s-prow/deck:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/deck:v20220630-695df9040a + imagePullPolicy: Always + ports: + - name: http diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml new file mode 100644 index 0000000000..8cefaaa616 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/ghproxy.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/ghproxy.yaml +index 09ff34a7..73fdec99 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/ghproxy.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/ghproxy.yaml +@@ -53,7 +53,7 @@ spec: + spec: + containers: + - name: ghproxy +- image: gcr.io/k8s-prow/ghproxy:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/ghproxy:v20220630-695df9040a + args: + - --cache-dir=/cache + - --cache-sizeGB=99 diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml new file mode 100644 index 0000000000..47200e2dfc --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/hook_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/hook_deployment.yaml +index 253fcff2..aef4f68f 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/hook_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/hook_deployment.yaml +@@ -38,7 +38,7 @@ spec: + terminationGracePeriodSeconds: 180 + containers: + - name: hook +- image: gcr.io/k8s-prow/hook:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/hook:v20220630-695df9040a + imagePullPolicy: Always + args: + - --dry-run=false diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml new file mode 100644 index 0000000000..5d6e83d3b0 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/horologium_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/horologium_deployment.yaml +index 58a32cda..64502d8e 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/horologium_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/horologium_deployment.yaml +@@ -35,7 +35,7 @@ spec: + terminationGracePeriodSeconds: 30 + containers: + - name: horologium +- image: gcr.io/k8s-prow/horologium:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/horologium:v20220630-695df9040a + args: + - --config-path=/etc/config/config.yaml + - --job-config-path=/etc/job-config diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml new file mode 100644 index 0000000000..d1e3557421 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/needs-rebase_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/needs-rebase_deployment.yaml +index 336bd182..45a83489 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/needs-rebase_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/needs-rebase_deployment.yaml +@@ -32,7 +32,7 @@ spec: + terminationGracePeriodSeconds: 180 + containers: + - name: needs-rebase +- image: gcr.io/k8s-prow/needs-rebase:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/needs-rebase:v20220630-695df9040a + imagePullPolicy: Always + args: + - --dry-run=false diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml new file mode 100644 index 0000000000..6679fefcb2 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prow_controller_manager_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prow_controller_manager_deployment.yaml +index 74c8fc55..d8581ad0 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prow_controller_manager_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prow_controller_manager_deployment.yaml +@@ -39,7 +39,7 @@ spec: + serviceAccountName: prow-controller-manager + containers: + - name: prow-controller-manager +- image: gcr.io/k8s-prow/prow-controller-manager:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/prow-controller-manager:v20220630-695df9040a + args: + - --config-path=/etc/config/config.yaml + - --dry-run=false diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml new file mode 100644 index 0000000000..402b1b2d48 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml @@ -0,0 +1,10052 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prowjob-crd/prowjob_customresourcedefinition.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prowjob-crd/prowjob_customresourcedefinition.yaml +index 7728be61..f90f6b97 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prowjob-crd/prowjob_customresourcedefinition.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prowjob-crd/prowjob_customresourcedefinition.yaml +@@ -1305,7 +1305,7 @@ spec: + properties: + args: + description: 'Arguments to the entrypoint. +- The docker image''s CMD is used if this ++ The container image''s CMD is used if this + is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference +@@ -1322,7 +1322,7 @@ spec: + type: array + command: + description: 'Entrypoint array. Not executed +- within a shell. The docker image''s ENTRYPOINT ++ within a shell. The container image''s ENTRYPOINT + is used if this is not provided. Variable + references $(VAR_NAME) are expanded using + the container''s environment. If a variable +@@ -1522,7 +1522,7 @@ spec: + type: object + type: array + image: +- description: 'Docker image name. More info: ++ description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override +@@ -1551,9 +1551,8 @@ spec: + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the +- following should be specified. Exec +- specifies the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -1628,11 +1627,12 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies +- an action involving a TCP port. +- TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle +- hook' ++ description: Deprecated. TCPSocket ++ is NOT supported as a LifecycleHandler ++ and kept for the backward compatibility. ++ There are no validation of this ++ field and lifecycle hooks will fail ++ in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name +@@ -1660,22 +1660,20 @@ spec: + such as liveness/startup probe failure, + preemption, resource contention, etc. + The handler is not called if the container +- crashes or exits. The reason for termination +- is passed to the handler. The Pod''s +- termination grace period countdown begins +- before the PreStop hooked is executed. +- Regardless of the outcome of the handler, +- the container will eventually terminate +- within the Pod''s termination grace +- period. Other management of the container +- blocks until the hook completes or until +- the termination grace period is reached. +- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' ++ crashes or exits. The Pod''s termination ++ grace period countdown begins before ++ the PreStop hook is executed. Regardless ++ of the outcome of the handler, the container ++ will eventually terminate within the ++ Pod''s termination grace period (unless ++ delayed by finalizers). Other management ++ of the container blocks until the hook ++ completes or until the termination grace ++ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the +- following should be specified. Exec +- specifies the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -1750,11 +1748,12 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies +- an action involving a TCP port. +- TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle +- hook' ++ description: Deprecated. TCPSocket ++ is NOT supported as a LifecycleHandler ++ and kept for the backward compatibility. ++ There are no validation of this ++ field and lifecycle hooks will fail ++ in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name +@@ -1783,9 +1782,8 @@ spec: + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following +- should be specified. Exec specifies +- the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -1810,6 +1808,28 @@ spec: + 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action ++ involving a GRPC port. This is a beta ++ field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC ++ service. Number must be in the range ++ 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name ++ of the service to place in the gRPC ++ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the ++ default behavior is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http + request to perform. +@@ -1883,10 +1903,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action +- involving a TCP port. TCP hooks not +- yet supported TODO: implement a realistic +- TCP lifecycle hook' ++ description: TCPSocket specifies an action ++ involving a TCP port. + properties: + host: + description: 'Optional: Host name +@@ -2005,9 +2023,8 @@ spec: + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following +- should be specified. Exec specifies +- the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -2032,6 +2049,28 @@ spec: + 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action ++ involving a GRPC port. This is a beta ++ field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC ++ service. Number must be in the range ++ 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name ++ of the service to place in the gRPC ++ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the ++ default behavior is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http + request to perform. +@@ -2105,10 +2144,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action +- involving a TCP port. TCP hooks not +- yet supported TODO: implement a realistic +- TCP lifecycle hook' ++ description: TCPSocket specifies an action ++ involving a TCP port. + properties: + host: + description: 'Optional: Host name +@@ -2210,13 +2247,17 @@ spec: + flag will be set on the container process. + AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged +- 2) has CAP_SYS_ADMIN' ++ 2) has CAP_SYS_ADMIN Note that this ++ field cannot be set when spec.os.name ++ is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to + the default set of capabilities granted +- by the container runtime. ++ by the container runtime. Note that ++ this field cannot be set when spec.os.name ++ is windows. + properties: + add: + description: Added capabilities +@@ -2237,7 +2278,9 @@ spec: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root on +- the host. Defaults to false. ++ the host. Defaults to false. Note that ++ this field cannot be set when spec.os.name ++ is windows. + type: boolean + procMount: + description: procMount denotes the type +@@ -2246,12 +2289,14 @@ spec: + uses the container runtime defaults + for readonly paths and masked paths. + This requires the ProcMountType feature +- flag to be enabled. ++ flag to be enabled. Note that this field ++ cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has + a read-only root filesystem. Default +- is false. ++ is false. Note that this field cannot ++ be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint +@@ -2260,7 +2305,8 @@ spec: + PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, + the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field ++ cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: +@@ -2283,7 +2329,8 @@ spec: + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field ++ cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: +@@ -2294,7 +2341,8 @@ spec: + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field ++ cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level +@@ -2318,7 +2366,8 @@ spec: + by this container. If seccomp options + are provided at both the pod & container + level, the container options override +- the pod options. ++ the pod options. Note that this field ++ cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates +@@ -2350,6 +2399,8 @@ spec: + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. ++ Note that this field cannot be set when ++ spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is +@@ -2409,9 +2460,8 @@ spec: + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following +- should be specified. Exec specifies +- the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -2436,6 +2486,28 @@ spec: + 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action ++ involving a GRPC port. This is a beta ++ field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC ++ service. Number must be in the range ++ 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name ++ of the service to place in the gRPC ++ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the ++ default behavior is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http + request to perform. +@@ -2509,10 +2581,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action +- involving a TCP port. TCP hooks not +- yet supported TODO: implement a realistic +- TCP lifecycle hook' ++ description: TCPSocket specifies an action ++ involving a TCP port. + properties: + host: + description: 'Optional: Host name +@@ -2703,8 +2773,8 @@ spec: + properties: + args: + description: 'Arguments to the entrypoint. The +- docker image''s CMD is used if this is not +- provided. Variable references $(VAR_NAME) ++ container image''s CMD is used if this is ++ not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double +@@ -2720,7 +2790,7 @@ spec: + type: array + command: + description: 'Entrypoint array. Not executed +- within a shell. The docker image''s ENTRYPOINT ++ within a shell. The container image''s ENTRYPOINT + is used if this is not provided. Variable + references $(VAR_NAME) are expanded using + the container''s environment. If a variable +@@ -2912,7 +2982,7 @@ spec: + type: object + type: array + image: +- description: 'Docker image name. More info: ++ description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container +@@ -2939,9 +3009,8 @@ spec: + until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the +- following should be specified. Exec +- specifies the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -3014,10 +3083,12 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies an +- action involving a TCP port. TCP hooks +- not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: Deprecated. TCPSocket is ++ NOT supported as a LifecycleHandler ++ and kept for the backward compatibility. ++ There are no validation of this field ++ and lifecycle hooks will fail in runtime ++ when tcp handler is specified. + properties: + host: + description: 'Optional: Host name +@@ -3044,21 +3115,20 @@ spec: + as liveness/startup probe failure, preemption, + resource contention, etc. The handler + is not called if the container crashes +- or exits. The reason for termination is +- passed to the handler. The Pod''s termination +- grace period countdown begins before the +- PreStop hooked is executed. Regardless +- of the outcome of the handler, the container +- will eventually terminate within the Pod''s +- termination grace period. Other management +- of the container blocks until the hook +- completes or until the termination grace +- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' ++ or exits. The Pod''s termination grace ++ period countdown begins before the PreStop ++ hook is executed. Regardless of the outcome ++ of the handler, the container will eventually ++ terminate within the Pod''s termination ++ grace period (unless delayed by finalizers). ++ Other management of the container blocks ++ until the hook completes or until the ++ termination grace period is reached. More ++ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the +- following should be specified. Exec +- specifies the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -3131,10 +3201,12 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies an +- action involving a TCP port. TCP hooks +- not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: Deprecated. TCPSocket is ++ NOT supported as a LifecycleHandler ++ and kept for the backward compatibility. ++ There are no validation of this field ++ and lifecycle hooks will fail in runtime ++ when tcp handler is specified. + properties: + host: + description: 'Optional: Host name +@@ -3161,9 +3233,8 @@ spec: + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following +- should be specified. Exec specifies the +- action to take. ++ description: Exec specifies the action to ++ take. + properties: + command: + description: Command is the command +@@ -3188,6 +3259,28 @@ spec: + Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving ++ a GRPC port. This is a beta field and ++ requires enabling GRPCContainerProbe feature ++ gate. ++ properties: ++ port: ++ description: Port number of the gRPC ++ service. Number must be in the range ++ 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of ++ the service to place in the gRPC HealthCheckRequest ++ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default ++ behavior is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http + request to perform. +@@ -3261,10 +3354,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action +- involving a TCP port. TCP hooks not yet +- supported TODO: implement a realistic +- TCP lifecycle hook' ++ description: TCPSocket specifies an action ++ involving a TCP port. + properties: + host: + description: 'Optional: Host name to +@@ -3378,9 +3469,8 @@ spec: + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following +- should be specified. Exec specifies the +- action to take. ++ description: Exec specifies the action to ++ take. + properties: + command: + description: Command is the command +@@ -3405,6 +3495,28 @@ spec: + Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving ++ a GRPC port. This is a beta field and ++ requires enabling GRPCContainerProbe feature ++ gate. ++ properties: ++ port: ++ description: Port number of the gRPC ++ service. Number must be in the range ++ 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of ++ the service to place in the gRPC HealthCheckRequest ++ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default ++ behavior is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http + request to perform. +@@ -3478,10 +3590,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action +- involving a TCP port. TCP hooks not yet +- supported TODO: implement a realistic +- TCP lifecycle hook' ++ description: TCPSocket specifies an action ++ involving a TCP port. + properties: + host: + description: 'Optional: Host name to +@@ -3573,13 +3683,17 @@ spec: + controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: +- 1) run as Privileged 2) has CAP_SYS_ADMIN' ++ 1) run as Privileged 2) has CAP_SYS_ADMIN ++ Note that this field cannot be set when ++ spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by +- the container runtime. ++ the container runtime. Note that this ++ field cannot be set when spec.os.name ++ is windows. + properties: + add: + description: Added capabilities +@@ -3600,7 +3714,9 @@ spec: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root on +- the host. Defaults to false. ++ the host. Defaults to false. Note that ++ this field cannot be set when spec.os.name ++ is windows. + type: boolean + procMount: + description: procMount denotes the type +@@ -3609,12 +3725,14 @@ spec: + uses the container runtime defaults for + readonly paths and masked paths. This + requires the ProcMountType feature flag +- to be enabled. ++ to be enabled. Note that this field cannot ++ be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has + a read-only root filesystem. Default is +- false. ++ false. Note that this field cannot be ++ set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint +@@ -3622,7 +3740,8 @@ spec: + default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field ++ cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: +@@ -3645,7 +3764,8 @@ spec: + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field ++ cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: +@@ -3656,7 +3776,8 @@ spec: + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field ++ cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level +@@ -3680,7 +3801,8 @@ spec: + by this container. If seccomp options + are provided at both the pod & container + level, the container options override +- the pod options. ++ the pod options. Note that this field ++ cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates +@@ -3711,7 +3833,9 @@ spec: + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified +- in SecurityContext takes precedence. ++ in SecurityContext takes precedence. Note ++ that this field cannot be set when spec.os.name ++ is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where +@@ -3767,9 +3891,8 @@ spec: + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following +- should be specified. Exec specifies the +- action to take. ++ description: Exec specifies the action to ++ take. + properties: + command: + description: Command is the command +@@ -3794,6 +3917,28 @@ spec: + Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving ++ a GRPC port. This is a beta field and ++ requires enabling GRPCContainerProbe feature ++ gate. ++ properties: ++ port: ++ description: Port number of the gRPC ++ service. Number must be in the range ++ 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of ++ the service to place in the gRPC HealthCheckRequest ++ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default ++ behavior is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http + request to perform. +@@ -3867,10 +4012,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action +- involving a TCP port. TCP hooks not yet +- supported TODO: implement a realistic +- TCP lifecycle hook' ++ description: TCPSocket specifies an action ++ involving a TCP port. + properties: + host: + description: 'Optional: Host name to +@@ -4058,7 +4201,7 @@ spec: + properties: + args: + description: 'Arguments to the entrypoint. +- The docker image''s CMD is used if this ++ The container image''s CMD is used if this + is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference +@@ -4075,7 +4218,7 @@ spec: + type: array + command: + description: 'Entrypoint array. Not executed +- within a shell. The docker image''s ENTRYPOINT ++ within a shell. The container image''s ENTRYPOINT + is used if this is not provided. Variable + references $(VAR_NAME) are expanded using + the container''s environment. If a variable +@@ -4275,7 +4418,7 @@ spec: + type: object + type: array + image: +- description: 'Docker image name. More info: ++ description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override +@@ -4304,9 +4447,8 @@ spec: + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the +- following should be specified. Exec +- specifies the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -4381,11 +4523,12 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies +- an action involving a TCP port. +- TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle +- hook' ++ description: Deprecated. TCPSocket ++ is NOT supported as a LifecycleHandler ++ and kept for the backward compatibility. ++ There are no validation of this ++ field and lifecycle hooks will fail ++ in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name +@@ -4413,22 +4556,20 @@ spec: + such as liveness/startup probe failure, + preemption, resource contention, etc. + The handler is not called if the container +- crashes or exits. The reason for termination +- is passed to the handler. The Pod''s +- termination grace period countdown begins +- before the PreStop hooked is executed. +- Regardless of the outcome of the handler, +- the container will eventually terminate +- within the Pod''s termination grace +- period. Other management of the container +- blocks until the hook completes or until +- the termination grace period is reached. +- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' ++ crashes or exits. The Pod''s termination ++ grace period countdown begins before ++ the PreStop hook is executed. Regardless ++ of the outcome of the handler, the container ++ will eventually terminate within the ++ Pod''s termination grace period (unless ++ delayed by finalizers). Other management ++ of the container blocks until the hook ++ completes or until the termination grace ++ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the +- following should be specified. Exec +- specifies the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -4503,11 +4644,12 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies +- an action involving a TCP port. +- TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle +- hook' ++ description: Deprecated. TCPSocket ++ is NOT supported as a LifecycleHandler ++ and kept for the backward compatibility. ++ There are no validation of this ++ field and lifecycle hooks will fail ++ in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name +@@ -4536,9 +4678,8 @@ spec: + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following +- should be specified. Exec specifies +- the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -4563,6 +4704,28 @@ spec: + 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action ++ involving a GRPC port. This is a beta ++ field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC ++ service. Number must be in the range ++ 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name ++ of the service to place in the gRPC ++ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the ++ default behavior is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http + request to perform. +@@ -4636,10 +4799,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action +- involving a TCP port. TCP hooks not +- yet supported TODO: implement a realistic +- TCP lifecycle hook' ++ description: TCPSocket specifies an action ++ involving a TCP port. + properties: + host: + description: 'Optional: Host name +@@ -4758,9 +4919,8 @@ spec: + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following +- should be specified. Exec specifies +- the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -4785,6 +4945,28 @@ spec: + 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action ++ involving a GRPC port. This is a beta ++ field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC ++ service. Number must be in the range ++ 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name ++ of the service to place in the gRPC ++ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the ++ default behavior is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http + request to perform. +@@ -4858,10 +5040,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action +- involving a TCP port. TCP hooks not +- yet supported TODO: implement a realistic +- TCP lifecycle hook' ++ description: TCPSocket specifies an action ++ involving a TCP port. + properties: + host: + description: 'Optional: Host name +@@ -4963,13 +5143,17 @@ spec: + flag will be set on the container process. + AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged +- 2) has CAP_SYS_ADMIN' ++ 2) has CAP_SYS_ADMIN Note that this ++ field cannot be set when spec.os.name ++ is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to + the default set of capabilities granted +- by the container runtime. ++ by the container runtime. Note that ++ this field cannot be set when spec.os.name ++ is windows. + properties: + add: + description: Added capabilities +@@ -4990,7 +5174,9 @@ spec: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root on +- the host. Defaults to false. ++ the host. Defaults to false. Note that ++ this field cannot be set when spec.os.name ++ is windows. + type: boolean + procMount: + description: procMount denotes the type +@@ -4999,12 +5185,14 @@ spec: + uses the container runtime defaults + for readonly paths and masked paths. + This requires the ProcMountType feature +- flag to be enabled. ++ flag to be enabled. Note that this field ++ cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has + a read-only root filesystem. Default +- is false. ++ is false. Note that this field cannot ++ be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint +@@ -5013,7 +5201,8 @@ spec: + PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, + the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field ++ cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: +@@ -5036,7 +5225,8 @@ spec: + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field ++ cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: +@@ -5047,7 +5237,8 @@ spec: + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field ++ cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level +@@ -5071,7 +5262,8 @@ spec: + by this container. If seccomp options + are provided at both the pod & container + level, the container options override +- the pod options. ++ the pod options. Note that this field ++ cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates +@@ -5103,6 +5295,8 @@ spec: + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. ++ Note that this field cannot be set when ++ spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is +@@ -5162,9 +5356,8 @@ spec: + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following +- should be specified. Exec specifies +- the action to take. ++ description: Exec specifies the action ++ to take. + properties: + command: + description: Command is the command +@@ -5189,6 +5382,28 @@ spec: + 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action ++ involving a GRPC port. This is a beta ++ field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC ++ service. Number must be in the range ++ 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name ++ of the service to place in the gRPC ++ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the ++ default behavior is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http + request to perform. +@@ -5262,10 +5477,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action +- involving a TCP port. TCP hooks not +- yet supported TODO: implement a realistic +- TCP lifecycle hook' ++ description: TCPSocket specifies an action ++ involving a TCP port. + properties: + host: + description: 'Optional: Host name +@@ -5459,139 +5672,144 @@ spec: + in the pod. + properties: + awsElasticBlockStore: +- description: 'AWSElasticBlockStore represents ++ description: 'awsElasticBlockStore represents + an AWS Disk resource that is attached to + a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: +- description: 'Filesystem type of the volume +- that you want to mount. Tip: Ensure +- that the filesystem type is supported +- by the host operating system. Examples: +- "ext4", "xfs", "ntfs". Implicitly inferred +- to be "ext4" if unspecified. More info: +- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore ++ description: 'fsType is the filesystem ++ type of the volume that you want to ++ mount. Tip: Ensure that the filesystem ++ type is supported by the host operating ++ system. Examples: "ext4", "xfs", "ntfs". ++ Implicitly inferred to be "ext4" if ++ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + partition: +- description: 'The partition in the volume +- that you want to mount. If omitted, +- the default is to mount by volume name. +- Examples: For volume /dev/sda1, you +- specify the partition as "1". Similarly, +- the volume partition for /dev/sda is +- "0" (or you can leave the property empty).' ++ description: 'partition is the partition ++ in the volume that you want to mount. ++ If omitted, the default is to mount ++ by volume name. Examples: For volume ++ /dev/sda1, you specify the partition ++ as "1". Similarly, the volume partition ++ for /dev/sda is "0" (or you can leave ++ the property empty).' + format: int32 + type: integer + readOnly: +- description: 'Specify "true" to force +- and set the ReadOnly property in VolumeMounts +- to "true". If omitted, the default is +- "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' ++ description: 'readOnly value true will ++ force the readOnly setting in VolumeMounts. ++ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: +- description: 'Unique ID of the persistent +- disk resource in AWS (Amazon EBS volume). +- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' ++ description: 'volumeID is unique ID of ++ the persistent disk resource in AWS ++ (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: +- description: AzureDisk represents an Azure ++ description: azureDisk represents an Azure + Data Disk mount on the host and bind mount + to the pod. + properties: + cachingMode: +- description: 'Host Caching mode: None, +- Read Only, Read Write.' ++ description: 'cachingMode is the Host ++ Caching mode: None, Read Only, Read ++ Write.' + type: string + diskName: +- description: The Name of the data disk +- in the blob storage ++ description: diskName is the Name of the ++ data disk in the blob storage + type: string + diskURI: +- description: The URI the data disk in +- the blob storage ++ description: diskURI is the URI of data ++ disk in the blob storage + type: string + fsType: +- description: Filesystem type to mount. +- Must be a filesystem type supported +- by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to +- be "ext4" if unspecified. ++ description: fsType is Filesystem type ++ to mount. Must be a filesystem type ++ supported by the host operating system. ++ Ex. "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. + type: string + kind: +- description: 'Expected values Shared: +- multiple blob disks per storage account Dedicated: +- single blob disk per storage account Managed: +- azure managed data disk (only in managed +- availability set). defaults to shared' ++ description: 'kind expected values are ++ Shared: multiple blob disks per storage ++ account Dedicated: single blob disk ++ per storage account Managed: azure ++ managed data disk (only in managed availability ++ set). defaults to shared' + type: string + readOnly: +- description: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly +- setting in VolumeMounts. ++ description: readOnly Defaults to false ++ (read/write). ReadOnly here will force ++ the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: +- description: AzureFile represents an Azure ++ description: azureFile represents an Azure + File Service mount on the host and bind + mount to the pod. + properties: + readOnly: +- description: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly +- setting in VolumeMounts. ++ description: readOnly defaults to false ++ (read/write). ReadOnly here will force ++ the ReadOnly setting in VolumeMounts. + type: boolean + secretName: +- description: the name of secret that contains +- Azure Storage Account Name and Key ++ description: secretName is the name of ++ secret that contains Azure Storage Account ++ Name and Key + type: string + shareName: +- description: Share Name ++ description: shareName is the azure share ++ Name + type: string + required: + - secretName + - shareName + type: object + cephfs: +- description: CephFS represents a Ceph FS mount ++ description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: +- description: 'Required: Monitors is a +- collection of Ceph monitors More info: +- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'monitors is Required: Monitors ++ is a collection of Ceph monitors More ++ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: +- description: 'Optional: Used as the mounted +- root, rather than the full Ceph tree, +- default is /' ++ description: 'path is Optional: Used as ++ the mounted root, rather than the full ++ Ceph tree, default is /' + type: string + readOnly: +- description: 'Optional: Defaults to false +- (read/write). ReadOnly here will force +- the ReadOnly setting in VolumeMounts. ++ description: 'readOnly is Optional: Defaults ++ to false (read/write). ReadOnly here ++ will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: +- description: 'Optional: SecretFile is +- the path to key ring for User, default +- is /etc/ceph/user.secret More info: +- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'secretFile is Optional: ++ SecretFile is the path to key ring for ++ User, default is /etc/ceph/user.secret ++ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: +- description: 'Optional: SecretRef is reference +- to the authentication secret for User, +- default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'secretRef is Optional: SecretRef ++ is reference to the authentication secret ++ for User, default is empty. More info: ++ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. +@@ -5601,36 +5819,36 @@ spec: + type: string + type: object + user: +- description: 'Optional: User is the rados +- user name, default is admin More info: +- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'user is optional: User is ++ the rados user name, default is admin ++ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: +- description: 'Cinder represents a cinder volume ++ description: 'cinder represents a cinder volume + attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: +- description: 'Filesystem type to mount. +- Must be a filesystem type supported +- by the host operating system. Examples: +- "ext4", "xfs", "ntfs". Implicitly inferred +- to be "ext4" if unspecified. More info: +- https://examples.k8s.io/mysql-cinder-pd/README.md' ++ description: 'fsType is the filesystem ++ type to mount. Must be a filesystem ++ type supported by the host operating ++ system. Examples: "ext4", "xfs", "ntfs". ++ Implicitly inferred to be "ext4" if ++ unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: +- description: 'Optional: Defaults to false ++ description: 'readOnly defaults to false + (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: +- description: 'Optional: points to a secret +- object containing parameters used to +- connect to OpenStack.' ++ description: 'secretRef is optional: points ++ to a secret object containing parameters ++ used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. +@@ -5640,76 +5858,76 @@ spec: + type: string + type: object + volumeID: +- description: 'volume id used to identify ++ description: 'volumeID used to identify + the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: +- description: ConfigMap represents a configMap ++ description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: +- description: 'Optional: mode bits used +- to set permissions on created files +- by default. Must be an octal value between +- 0000 and 0777 or a decimal value between +- 0 and 511. YAML accepts both octal and +- decimal values, JSON requires decimal +- values for mode bits. Defaults to 0644. +- Directories within the path are not +- affected by this setting. This might +- be in conflict with other options that +- affect the file mode, like fsGroup, +- and the result can be other mode bits +- set.' ++ description: 'defaultMode is optional: ++ mode bits used to set permissions on ++ created files by default. Must be an ++ octal value between 0000 and 0777 or ++ a decimal value between 0 and 511. YAML ++ accepts both octal and decimal values, ++ JSON requires decimal values for mode ++ bits. Defaults to 0644. Directories ++ within the path are not affected by ++ this setting. This might be in conflict ++ with other options that affect the file ++ mode, like fsGroup, and the result can ++ be other mode bits set.' + format: int32 + type: integer + items: +- description: If unspecified, each key-value +- pair in the Data field of the referenced +- ConfigMap will be projected into the +- volume as a file whose name is the key +- and content is the value. If specified, +- the listed keys will be projected into +- the specified paths, and unlisted keys +- will not be present. If a key is specified +- which is not present in the ConfigMap, +- the volume setup will error unless it +- is marked optional. Paths must be relative +- and may not contain the '..' path or +- start with '..'. ++ description: items if unspecified, each ++ key-value pair in the Data field of ++ the referenced ConfigMap will be projected ++ into the volume as a file whose name ++ is the key and content is the value. ++ If specified, the listed keys will be ++ projected into the specified paths, ++ and unlisted keys will not be present. ++ If a key is specified which is not present ++ in the ConfigMap, the volume setup will ++ error unless it is marked optional. ++ Paths must be relative and may not contain ++ the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits +- used to set permissions on this +- file. Must be an octal value between +- 0000 and 0777 or a decimal value +- between 0 and 511. YAML accepts +- both octal and decimal values, +- JSON requires decimal values for +- mode bits. If not specified, the +- volume defaultMode will be used. +- This might be in conflict with +- other options that affect the +- file mode, like fsGroup, and the +- result can be other mode bits +- set.' ++ description: 'mode is Optional: ++ mode bits used to set permissions ++ on this file. Must be an octal ++ value between 0000 and 0777 or ++ a decimal value between 0 and ++ 511. YAML accepts both octal and ++ decimal values, JSON requires ++ decimal values for mode bits. ++ If not specified, the volume defaultMode ++ will be used. This might be in ++ conflict with other options that ++ affect the file mode, like fsGroup, ++ and the result can be other mode ++ bits set.' + format: int32 + type: integer + path: +- description: The relative path of +- the file to map the key to. May +- not be an absolute path. May not +- contain the path element '..'. +- May not start with the string ++ description: path is the relative ++ path of the file to map the key ++ to. May not be an absolute path. ++ May not contain the path element ++ '..'. May not start with the string + '..'. + type: string + required: +@@ -5724,30 +5942,30 @@ spec: + kind, uid?' + type: string + optional: +- description: Specify whether the ConfigMap +- or its keys must be defined ++ description: optional specify whether ++ the ConfigMap or its keys must be defined + type: boolean + type: object + csi: +- description: CSI (Container Storage Interface) ++ description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: +- description: Driver is the name of the ++ description: driver is the name of the + CSI driver that handles this volume. + Consult with your admin for the correct + name as registered in the cluster. + type: string + fsType: +- description: Filesystem type to mount. +- Ex. "ext4", "xfs", "ntfs". If not provided, +- the empty value is passed to the associated ++ description: fsType to mount. Ex. "ext4", ++ "xfs", "ntfs". If not provided, the ++ empty value is passed to the associated + CSI driver which will determine the + default filesystem to apply. + type: string + nodePublishSecretRef: +- description: NodePublishSecretRef is a ++ description: nodePublishSecretRef is a + reference to the secret object containing + sensitive information to pass to the + CSI driver to complete the CSI NodePublishVolume +@@ -5765,13 +5983,14 @@ spec: + type: string + type: object + readOnly: +- description: Specifies a read-only configuration +- for the volume. Defaults to false (read/write). ++ description: readOnly specifies a read-only ++ configuration for the volume. Defaults ++ to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string +- description: VolumeAttributes stores driver-specific ++ description: volumeAttributes stores driver-specific + properties that are passed to the CSI + driver. Consult your driver's documentation + for supported values. +@@ -5780,7 +5999,7 @@ spec: + - driver + type: object + downwardAPI: +- description: DownwardAPI represents downward ++ description: downwardAPI represents downward + API about the pod that should populate this + volume + properties: +@@ -5889,36 +6108,37 @@ spec: + type: array + type: object + emptyDir: +- description: 'EmptyDir represents a temporary ++ description: 'emptyDir represents a temporary + directory that shares a pod''s lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: +- description: 'What type of storage medium +- should back this directory. The default +- is "" which means to use the node''s +- default medium. Must be an empty string +- (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' ++ description: 'medium represents what type ++ of storage medium should back this directory. ++ The default is "" which means to use ++ the node''s default medium. Must be ++ an empty string (default) or Memory. ++ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string +- description: 'Total amount of local storage +- required for this EmptyDir volume. The +- size limit is also applicable for memory +- medium. The maximum usage on memory +- medium EmptyDir would be the minimum +- value between the SizeLimit specified +- here and the sum of memory limits of +- all containers in a pod. The default +- is nil which means that the limit is +- undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' ++ description: 'sizeLimit is the total amount ++ of local storage required for this EmptyDir ++ volume. The size limit is also applicable ++ for memory medium. The maximum usage ++ on memory medium EmptyDir would be the ++ minimum value between the SizeLimit ++ specified here and the sum of memory ++ limits of all containers in a pod. The ++ default is nil which means that the ++ limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: +- description: "Ephemeral represents a volume ++ description: "ephemeral represents a volume + that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod + that defines it - it will be created before +@@ -5941,10 +6161,7 @@ spec: + used that way - see the documentation of + the driver for more information. \n A pod + can use both types of ephemeral volumes +- and persistent volumes at the same time. +- \n This is a beta feature and only available +- when the GenericEphemeralVolume feature +- gate is enabled." ++ and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a +@@ -5991,7 +6208,7 @@ spec: + valid here. + properties: + accessModes: +- description: 'AccessModes contains ++ description: 'accessModes contains + the desired access modes the + volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' +@@ -5999,10 +6216,10 @@ spec: + type: string + type: array + dataSource: +- description: 'This field can be +- used to specify either: * An +- existing VolumeSnapshot object +- (snapshot.storage.k8s.io/VolumeSnapshot) ++ description: 'dataSource field ++ can be used to specify either: ++ * An existing VolumeSnapshot ++ object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified +@@ -6037,11 +6254,11 @@ spec: + - name + type: object + dataSourceRef: +- description: 'Specifies the object +- from which to populate the volume +- with data, if a non-empty volume +- is desired. This may be any +- local object from a non-empty ++ description: 'dataSourceRef specifies ++ the object from which to populate ++ the volume with data, if a non-empty ++ volume is desired. This may ++ be any local object from a non-empty + API group (non core object) + or a PersistentVolumeClaim object. + When this field is specified, +@@ -6071,7 +6288,7 @@ spec: + them), DataSourceRef preserves + all values, and generates an + error if a disallowed value +- is specified. (Alpha) Using ++ is specified. (Beta) Using + this field requires the AnyVolumeDataSource + feature gate to be enabled.' + properties: +@@ -6098,9 +6315,16 @@ spec: + - name + type: object + resources: +- description: 'Resources represents ++ description: 'resources represents + the minimum resources the volume +- should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' ++ should have. If RecoverVolumeExpansionFailure ++ feature is enabled users are ++ allowed to specify resource ++ requirements that are lower ++ than previous value but must ++ still be higher than capacity ++ recorded in the status field ++ of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: +@@ -6132,8 +6356,9 @@ spec: + type: object + type: object + selector: +- description: A label query over +- volumes to consider for binding. ++ description: selector is a label ++ query over volumes to consider ++ for binding. + properties: + matchExpressions: + description: matchExpressions +@@ -6201,7 +6426,8 @@ spec: + type: object + type: object + storageClassName: +- description: 'Name of the StorageClass ++ description: 'storageClassName ++ is the name of the StorageClass + required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string +@@ -6213,7 +6439,7 @@ spec: + in claim spec. + type: string + volumeName: +- description: VolumeName is the ++ description: volumeName is the + binding reference to the PersistentVolume + backing this claim. + type: string +@@ -6223,79 +6449,82 @@ spec: + type: object + type: object + fc: +- description: FC represents a Fibre Channel ++ description: fc represents a Fibre Channel + resource that is attached to a kubelet's + host machine and then exposed to the pod. + properties: + fsType: +- description: 'Filesystem type to mount. +- Must be a filesystem type supported +- by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to +- be "ext4" if unspecified. TODO: how +- do we prevent errors in the filesystem +- from compromising the machine' ++ description: 'fsType is the filesystem ++ type to mount. Must be a filesystem ++ type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. ++ TODO: how do we prevent errors in the ++ filesystem from compromising the machine' + type: string + lun: +- description: 'Optional: FC target lun +- number' ++ description: 'lun is Optional: FC target ++ lun number' + format: int32 + type: integer + readOnly: +- description: 'Optional: Defaults to false +- (read/write). ReadOnly here will force +- the ReadOnly setting in VolumeMounts.' ++ description: 'readOnly is Optional: Defaults ++ to false (read/write). ReadOnly here ++ will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: +- description: 'Optional: FC target worldwide +- names (WWNs)' ++ description: 'targetWWNs is Optional: ++ FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: +- description: 'Optional: FC volume world +- wide identifiers (wwids) Either wwids +- or combination of targetWWNs and lun +- must be set, but not both simultaneously.' ++ description: 'wwids Optional: FC volume ++ world wide identifiers (wwids) Either ++ wwids or combination of targetWWNs and ++ lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: +- description: FlexVolume represents a generic ++ description: flexVolume represents a generic + volume resource that is provisioned/attached + using an exec based plugin. + properties: + driver: +- description: Driver is the name of the ++ description: driver is the name of the + driver to use for this volume. + type: string + fsType: +- description: Filesystem type to mount. +- Must be a filesystem type supported +- by the host operating system. Ex. "ext4", +- "xfs", "ntfs". The default filesystem +- depends on FlexVolume script. ++ description: fsType is the filesystem ++ type to mount. Must be a filesystem ++ type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". The ++ default filesystem depends on FlexVolume ++ script. + type: string + options: + additionalProperties: + type: string +- description: 'Optional: Extra command +- options if any.' ++ description: 'options is Optional: this ++ field holds extra command options if ++ any.' + type: object + readOnly: +- description: 'Optional: Defaults to false +- (read/write). ReadOnly here will force +- the ReadOnly setting in VolumeMounts.' ++ description: 'readOnly is Optional: defaults ++ to false (read/write). ReadOnly here ++ will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: +- description: 'Optional: SecretRef is reference +- to the secret object containing sensitive +- information to pass to the plugin scripts. +- This may be empty if no secret object +- is specified. If the secret object contains +- more than one secret, all secrets are +- passed to the plugin scripts.' ++ description: 'secretRef is Optional: secretRef ++ is reference to the secret object containing ++ sensitive information to pass to the ++ plugin scripts. This may be empty if ++ no secret object is specified. If the ++ secret object contains more than one ++ secret, all secrets are passed to the ++ plugin scripts.' + properties: + name: + description: 'Name of the referent. +@@ -6308,56 +6537,58 @@ spec: + - driver + type: object + flocker: +- description: Flocker represents a Flocker ++ description: flocker represents a Flocker + volume attached to a kubelet's host machine. + This depends on the Flocker control service + being running + properties: + datasetName: +- description: Name of the dataset stored +- as metadata -> name on the dataset for +- Flocker should be considered as deprecated ++ description: datasetName is Name of the ++ dataset stored as metadata -> name on ++ the dataset for Flocker should be considered ++ as deprecated + type: string + datasetUUID: +- description: UUID of the dataset. This +- is unique identifier of a Flocker dataset ++ description: datasetUUID is the UUID of ++ the dataset. This is unique identifier ++ of a Flocker dataset + type: string + type: object + gcePersistentDisk: +- description: 'GCEPersistentDisk represents ++ description: 'gcePersistentDisk represents + a GCE Disk resource that is attached to + a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: +- description: 'Filesystem type of the volume +- that you want to mount. Tip: Ensure +- that the filesystem type is supported +- by the host operating system. Examples: +- "ext4", "xfs", "ntfs". Implicitly inferred +- to be "ext4" if unspecified. More info: +- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk ++ description: 'fsType is filesystem type ++ of the volume that you want to mount. ++ Tip: Ensure that the filesystem type ++ is supported by the host operating system. ++ Examples: "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. ++ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + partition: +- description: 'The partition in the volume +- that you want to mount. If omitted, +- the default is to mount by volume name. +- Examples: For volume /dev/sda1, you +- specify the partition as "1". Similarly, +- the volume partition for /dev/sda is +- "0" (or you can leave the property empty). +- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' ++ description: 'partition is the partition ++ in the volume that you want to mount. ++ If omitted, the default is to mount ++ by volume name. Examples: For volume ++ /dev/sda1, you specify the partition ++ as "1". Similarly, the volume partition ++ for /dev/sda is "0" (or you can leave ++ the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: +- description: 'Unique name of the PD resource +- in GCE. Used to identify the disk in +- GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' ++ description: 'pdName is unique name of ++ the PD resource in GCE. Used to identify ++ the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: +- description: 'ReadOnly here will force ++ description: 'readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean +@@ -6365,7 +6596,7 @@ spec: + - pdName + type: object + gitRepo: +- description: 'GitRepo represents a git repository ++ description: 'gitRepo represents a git repository + at a particular revision. DEPRECATED: GitRepo + is deprecated. To provision a container + with a git repo, mount an EmptyDir into +@@ -6374,40 +6605,40 @@ spec: + container.' + properties: + directory: +- description: Target directory name. Must +- not contain or start with '..'. If +- '.' is supplied, the volume directory +- will be the git repository. Otherwise, ++ description: directory is the target directory ++ name. Must not contain or start with ++ '..'. If '.' is supplied, the volume ++ directory will be the git repository. Otherwise, + if specified, the volume will contain + the git repository in the subdirectory + with the given name. + type: string + repository: +- description: Repository URL ++ description: repository is the URL + type: string + revision: +- description: Commit hash for the specified +- revision. ++ description: revision is the commit hash ++ for the specified revision. + type: string + required: + - repository + type: object + glusterfs: +- description: 'Glusterfs represents a Glusterfs ++ description: 'glusterfs represents a Glusterfs + mount on the host that shares a pod''s lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: +- description: 'EndpointsName is the endpoint ++ description: 'endpoints is the endpoint + name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: +- description: 'Path is the Glusterfs volume ++ description: 'path is the Glusterfs volume + path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: +- description: 'ReadOnly here will force ++ description: 'readOnly here will force + the Glusterfs volume to be mounted with + read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' +@@ -6417,7 +6648,7 @@ spec: + - path + type: object + hostPath: +- description: 'HostPath represents a pre-existing ++ description: 'hostPath represents a pre-existing + file or directory on the host machine that + is directly exposed to the container. This + is generally used for system agents or other +@@ -6429,78 +6660,82 @@ spec: + not mount host directories as read/write.' + properties: + path: +- description: 'Path of the directory on ++ description: 'path of the directory on + the host. If the path is a symlink, + it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: +- description: 'Type for HostPath Volume ++ description: 'type for HostPath Volume + Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: +- description: 'ISCSI represents an ISCSI Disk ++ description: 'iscsi represents an ISCSI Disk + resource that is attached to a kubelet''s + host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: +- description: whether support iSCSI Discovery +- CHAP authentication ++ description: chapAuthDiscovery defines ++ whether support iSCSI Discovery CHAP ++ authentication + type: boolean + chapAuthSession: +- description: whether support iSCSI Session +- CHAP authentication ++ description: chapAuthSession defines whether ++ support iSCSI Session CHAP authentication + type: boolean + fsType: +- description: 'Filesystem type of the volume +- that you want to mount. Tip: Ensure +- that the filesystem type is supported +- by the host operating system. Examples: +- "ext4", "xfs", "ntfs". Implicitly inferred +- to be "ext4" if unspecified. More info: +- https://kubernetes.io/docs/concepts/storage/volumes#iscsi ++ description: 'fsType is the filesystem ++ type of the volume that you want to ++ mount. Tip: Ensure that the filesystem ++ type is supported by the host operating ++ system. Examples: "ext4", "xfs", "ntfs". ++ Implicitly inferred to be "ext4" if ++ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + initiatorName: +- description: Custom iSCSI Initiator Name. +- If initiatorName is specified with iscsiInterface +- simultaneously, new iSCSI interface +- : will be +- created for the connection. ++ description: initiatorName is the custom ++ iSCSI Initiator Name. If initiatorName ++ is specified with iscsiInterface simultaneously, ++ new iSCSI interface : will be created for the connection. + type: string + iqn: +- description: Target iSCSI Qualified Name. ++ description: iqn is the target iSCSI Qualified ++ Name. + type: string + iscsiInterface: +- description: iSCSI Interface Name that +- uses an iSCSI transport. Defaults to +- 'default' (tcp). ++ description: iscsiInterface is the interface ++ Name that uses an iSCSI transport. Defaults ++ to 'default' (tcp). + type: string + lun: +- description: iSCSI Target Lun number. ++ description: lun represents iSCSI Target ++ Lun number. + format: int32 + type: integer + portals: +- description: iSCSI Target Portal List. +- The portal is either an IP or ip_addr:port +- if the port is other than default (typically +- TCP ports 860 and 3260). ++ description: portals is the iSCSI Target ++ Portal List. The portal is either an ++ IP or ip_addr:port if the port is other ++ than default (typically TCP ports 860 ++ and 3260). + items: + type: string + type: array + readOnly: +- description: ReadOnly here will force ++ description: readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: +- description: CHAP Secret for iSCSI target +- and initiator authentication ++ description: secretRef is the CHAP Secret ++ for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. +@@ -6510,10 +6745,11 @@ spec: + type: string + type: object + targetPortal: +- description: iSCSI Target Portal. The +- Portal is either an IP or ip_addr:port +- if the port is other than default (typically +- TCP ports 860 and 3260). ++ description: targetPortal is iSCSI Target ++ Portal. The Portal is either an IP or ++ ip_addr:port if the port is other than ++ default (typically TCP ports 860 and ++ 3260). + type: string + required: + - iqn +@@ -6521,26 +6757,27 @@ spec: + - targetPortal + type: object + name: +- description: 'Volume''s name. Must be a DNS_LABEL +- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' ++ description: 'name of the volume. Must be ++ a DNS_LABEL and unique within the pod. More ++ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: +- description: 'NFS represents an NFS mount ++ description: 'nfs represents an NFS mount + on the host that shares a pod''s lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: +- description: 'Path that is exported by ++ description: 'path that is exported by + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: +- description: 'ReadOnly here will force ++ description: 'readOnly here will force + the NFS export to be mounted with read-only + permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: +- description: 'Server is the hostname or ++ description: 'server is the hostname or + IP address of the NFS server. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string +@@ -6549,98 +6786,100 @@ spec: + - server + type: object + persistentVolumeClaim: +- description: 'PersistentVolumeClaimVolumeSource ++ description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: +- description: 'ClaimName is the name of ++ description: 'claimName is the name of + a PersistentVolumeClaim in the same + namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: +- description: Will force the ReadOnly setting +- in VolumeMounts. Default false. ++ description: readOnly Will force the ReadOnly ++ setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: +- description: PhotonPersistentDisk represents ++ description: photonPersistentDisk represents + a PhotonController persistent disk attached + and mounted on kubelets host machine + properties: + fsType: +- description: Filesystem type to mount. +- Must be a filesystem type supported +- by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to +- be "ext4" if unspecified. ++ description: fsType is the filesystem ++ type to mount. Must be a filesystem ++ type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. + type: string + pdID: +- description: ID that identifies Photon +- Controller persistent disk ++ description: pdID is the ID that identifies ++ Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: +- description: PortworxVolume represents a portworx ++ description: portworxVolume represents a portworx + volume attached and mounted on kubelets + host machine + properties: + fsType: +- description: FSType represents the filesystem ++ description: fSType represents the filesystem + type to mount Must be a filesystem type + supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: +- description: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly +- setting in VolumeMounts. ++ description: readOnly defaults to false ++ (read/write). ReadOnly here will force ++ the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: +- description: VolumeID uniquely identifies ++ description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: +- description: Items for all in one resources +- secrets, configmaps, and downward API ++ description: projected items for all in one ++ resources secrets, configmaps, and downward ++ API + properties: + defaultMode: +- description: Mode bits used to set permissions +- on created files by default. Must be +- an octal value between 0000 and 0777 +- or a decimal value between 0 and 511. +- YAML accepts both octal and decimal +- values, JSON requires decimal values +- for mode bits. Directories within the +- path are not affected by this setting. +- This might be in conflict with other +- options that affect the file mode, like +- fsGroup, and the result can be other +- mode bits set. ++ description: defaultMode are the mode ++ bits used to set permissions on created ++ files by default. Must be an octal value ++ between 0000 and 0777 or a decimal value ++ between 0 and 511. YAML accepts both ++ octal and decimal values, JSON requires ++ decimal values for mode bits. Directories ++ within the path are not affected by ++ this setting. This might be in conflict ++ with other options that affect the file ++ mode, like fsGroup, and the result can ++ be other mode bits set. + format: int32 + type: integer + sources: +- description: list of volume projections ++ description: sources is the list of volume ++ projections + items: + description: Projection that may be + projected along with other supported + volume types + properties: + configMap: +- description: information about the +- configMap data to project ++ description: configMap information ++ about the configMap data to project + properties: + items: +- description: If unspecified, ++ description: items if unspecified, + each key-value pair in the + Data field of the referenced + ConfigMap will be projected +@@ -6662,26 +6901,26 @@ spec: + key to a path within a volume. + properties: + key: +- description: The key to +- project. ++ description: key is the ++ key to project. + type: string + mode: +- description: 'Optional: +- mode bits used to set +- permissions on this +- file. Must be an octal +- value between 0000 and +- 0777 or a decimal value +- between 0 and 511. YAML +- accepts both octal and +- decimal values, JSON +- requires decimal values +- for mode bits. If not +- specified, the volume +- defaultMode will be +- used. This might be +- in conflict with other +- options that affect ++ description: 'mode is ++ Optional: mode bits ++ used to set permissions ++ on this file. Must be ++ an octal value between ++ 0000 and 0777 or a decimal ++ value between 0 and ++ 511. YAML accepts both ++ octal and decimal values, ++ JSON requires decimal ++ values for mode bits. ++ If not specified, the ++ volume defaultMode will ++ be used. This might ++ be in conflict with ++ other options that affect + the file mode, like + fsGroup, and the result + can be other mode bits +@@ -6689,14 +6928,14 @@ spec: + format: int32 + type: integer + path: +- description: The relative +- path of the file to +- map the key to. May +- not be an absolute path. +- May not contain the +- path element '..'. May +- not start with the string +- '..'. ++ description: path is the ++ relative path of the ++ file to map the key ++ to. May not be an absolute ++ path. May not contain ++ the path element '..'. ++ May not start with the ++ string '..'. + type: string + required: + - key +@@ -6710,14 +6949,15 @@ spec: + apiVersion, kind, uid?' + type: string + optional: +- description: Specify whether +- the ConfigMap or its keys +- must be defined ++ description: optional specify ++ whether the ConfigMap or its ++ keys must be defined + type: boolean + type: object + downwardAPI: +- description: information about the +- downwardAPI data to project ++ description: downwardAPI information ++ about the downwardAPI data to ++ project + properties: + items: + description: Items is a list +@@ -6824,11 +7064,11 @@ spec: + type: array + type: object + secret: +- description: information about the +- secret data to project ++ description: secret information ++ about the secret data to project + properties: + items: +- description: If unspecified, ++ description: items if unspecified, + each key-value pair in the + Data field of the referenced + Secret will be projected into +@@ -6850,26 +7090,26 @@ spec: + key to a path within a volume. + properties: + key: +- description: The key to +- project. ++ description: key is the ++ key to project. + type: string + mode: +- description: 'Optional: +- mode bits used to set +- permissions on this +- file. Must be an octal +- value between 0000 and +- 0777 or a decimal value +- between 0 and 511. YAML +- accepts both octal and +- decimal values, JSON +- requires decimal values +- for mode bits. If not +- specified, the volume +- defaultMode will be +- used. This might be +- in conflict with other +- options that affect ++ description: 'mode is ++ Optional: mode bits ++ used to set permissions ++ on this file. Must be ++ an octal value between ++ 0000 and 0777 or a decimal ++ value between 0 and ++ 511. YAML accepts both ++ octal and decimal values, ++ JSON requires decimal ++ values for mode bits. ++ If not specified, the ++ volume defaultMode will ++ be used. This might ++ be in conflict with ++ other options that affect + the file mode, like + fsGroup, and the result + can be other mode bits +@@ -6877,14 +7117,14 @@ spec: + format: int32 + type: integer + path: +- description: The relative +- path of the file to +- map the key to. May +- not be an absolute path. +- May not contain the +- path element '..'. May +- not start with the string +- '..'. ++ description: path is the ++ relative path of the ++ file to map the key ++ to. May not be an absolute ++ path. May not contain ++ the path element '..'. ++ May not start with the ++ string '..'. + type: string + required: + - key +@@ -6898,17 +7138,18 @@ spec: + apiVersion, kind, uid?' + type: string + optional: +- description: Specify whether +- the Secret or its key must +- be defined ++ description: optional field ++ specify whether the Secret ++ or its key must be defined + type: boolean + type: object + serviceAccountToken: +- description: information about the +- serviceAccountToken data to project ++ description: serviceAccountToken ++ is information about the serviceAccountToken ++ data to project + properties: + audience: +- description: Audience is the ++ description: audience is the + intended audience of the token. + A recipient of a token must + identify itself with an identifier +@@ -6919,7 +7160,7 @@ spec: + of the apiserver. + type: string + expirationSeconds: +- description: ExpirationSeconds ++ description: expirationSeconds + is the requested duration + of validity of the service + account token. As the token +@@ -6937,7 +7178,7 @@ spec: + format: int64 + type: integer + path: +- description: Path is the path ++ description: path is the path + relative to the mount point + of the file to project the + token into. +@@ -6949,20 +7190,20 @@ spec: + type: array + type: object + quobyte: +- description: Quobyte represents a Quobyte ++ description: quobyte represents a Quobyte + mount on the host that shares a pod's lifetime + properties: + group: +- description: Group to map volume access ++ description: group to map volume access + to Default is no group + type: string + readOnly: +- description: ReadOnly here will force ++ description: readOnly here will force + the Quobyte volume to be mounted with + read-only permissions. Defaults to false. + type: boolean + registry: +- description: Registry represents a single ++ description: registry represents a single + or multiple Quobyte Registry services + specified as a string as host:port pair + (multiple entries are separated with +@@ -6970,17 +7211,17 @@ spec: + for volumes + type: string + tenant: +- description: Tenant owning the given Quobyte ++ description: tenant owning the given Quobyte + volume in the Backend Used with dynamically + provisioned Quobyte volumes, value is + set by the plugin + type: string + user: +- description: User to map volume access ++ description: user to map volume access + to Defaults to serivceaccount user + type: string + volume: +- description: Volume is a string that references ++ description: volume is a string that references + an already created Quobyte volume by + name. + type: string +@@ -6989,47 +7230,47 @@ spec: + - volume + type: object + rbd: +- description: 'RBD represents a Rados Block ++ description: 'rbd represents a Rados Block + Device mount on the host that shares a pod''s + lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: +- description: 'Filesystem type of the volume +- that you want to mount. Tip: Ensure +- that the filesystem type is supported +- by the host operating system. Examples: +- "ext4", "xfs", "ntfs". Implicitly inferred +- to be "ext4" if unspecified. More info: +- https://kubernetes.io/docs/concepts/storage/volumes#rbd ++ description: 'fsType is the filesystem ++ type of the volume that you want to ++ mount. Tip: Ensure that the filesystem ++ type is supported by the host operating ++ system. Examples: "ext4", "xfs", "ntfs". ++ Implicitly inferred to be "ext4" if ++ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + image: +- description: 'The rados image name. More +- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'image is the rados image ++ name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: +- description: 'Keyring is the path to key ++ description: 'keyring is the path to key + ring for RBDUser. Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: +- description: 'A collection of Ceph monitors. +- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'monitors is a collection ++ of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: +- description: 'The rados pool name. Default +- is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'pool is the rados pool name. ++ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: +- description: 'ReadOnly here will force ++ description: 'readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: +- description: 'SecretRef is name of the ++ description: 'secretRef is name of the + authentication secret for RBDUser. If + provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' +@@ -7042,39 +7283,41 @@ spec: + type: string + type: object + user: +- description: 'The rados user name. Default +- is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'user is the rados user name. ++ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: +- description: ScaleIO represents a ScaleIO ++ description: scaleIO represents a ScaleIO + persistent volume attached and mounted on + Kubernetes nodes. + properties: + fsType: +- description: Filesystem type to mount. +- Must be a filesystem type supported +- by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Default is "xfs". ++ description: fsType is the filesystem ++ type to mount. Must be a filesystem ++ type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Default ++ is "xfs". + type: string + gateway: +- description: The host address of the ScaleIO +- API Gateway. ++ description: gateway is the host address ++ of the ScaleIO API Gateway. + type: string + protectionDomain: +- description: The name of the ScaleIO Protection +- Domain for the configured storage. ++ description: protectionDomain is the name ++ of the ScaleIO Protection Domain for ++ the configured storage. + type: string + readOnly: +- description: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly +- setting in VolumeMounts. ++ description: readOnly Defaults to false ++ (read/write). ReadOnly here will force ++ the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: +- description: SecretRef references to the ++ description: secretRef references to the + secret for ScaleIO user and other sensitive + information. If this is not provided, + Login operation will fail. +@@ -7087,27 +7330,29 @@ spec: + type: string + type: object + sslEnabled: +- description: Flag to enable/disable SSL +- communication with Gateway, default ++ description: sslEnabled Flag enable/disable ++ SSL communication with Gateway, default + false + type: boolean + storageMode: +- description: Indicates whether the storage +- for a volume should be ThickProvisioned ++ description: storageMode indicates whether ++ the storage for a volume should be ThickProvisioned + or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: +- description: The ScaleIO Storage Pool +- associated with the protection domain. ++ description: storagePool is the ScaleIO ++ Storage Pool associated with the protection ++ domain. + type: string + system: +- description: The name of the storage system +- as configured in ScaleIO. ++ description: system is the name of the ++ storage system as configured in ScaleIO. + type: string + volumeName: +- description: The name of a volume already +- created in the ScaleIO system that is +- associated with this volume source. ++ description: volumeName is the name of ++ a volume already created in the ScaleIO ++ system that is associated with this ++ volume source. + type: string + required: + - gateway +@@ -7115,70 +7360,70 @@ spec: + - system + type: object + secret: +- description: 'Secret represents a secret that ++ description: 'secret represents a secret that + should populate this volume. More info: + https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: +- description: 'Optional: mode bits used +- to set permissions on created files +- by default. Must be an octal value between +- 0000 and 0777 or a decimal value between +- 0 and 511. YAML accepts both octal and +- decimal values, JSON requires decimal +- values for mode bits. Defaults to 0644. +- Directories within the path are not +- affected by this setting. This might +- be in conflict with other options that +- affect the file mode, like fsGroup, +- and the result can be other mode bits +- set.' ++ description: 'defaultMode is Optional: ++ mode bits used to set permissions on ++ created files by default. Must be an ++ octal value between 0000 and 0777 or ++ a decimal value between 0 and 511. YAML ++ accepts both octal and decimal values, ++ JSON requires decimal values for mode ++ bits. Defaults to 0644. Directories ++ within the path are not affected by ++ this setting. This might be in conflict ++ with other options that affect the file ++ mode, like fsGroup, and the result can ++ be other mode bits set.' + format: int32 + type: integer + items: +- description: If unspecified, each key-value +- pair in the Data field of the referenced +- Secret will be projected into the volume +- as a file whose name is the key and +- content is the value. If specified, +- the listed keys will be projected into +- the specified paths, and unlisted keys +- will not be present. If a key is specified +- which is not present in the Secret, +- the volume setup will error unless it +- is marked optional. Paths must be relative +- and may not contain the '..' path or +- start with '..'. ++ description: items If unspecified, each ++ key-value pair in the Data field of ++ the referenced Secret will be projected ++ into the volume as a file whose name ++ is the key and content is the value. ++ If specified, the listed keys will be ++ projected into the specified paths, ++ and unlisted keys will not be present. ++ If a key is specified which is not present ++ in the Secret, the volume setup will ++ error unless it is marked optional. ++ Paths must be relative and may not contain ++ the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits +- used to set permissions on this +- file. Must be an octal value between +- 0000 and 0777 or a decimal value +- between 0 and 511. YAML accepts +- both octal and decimal values, +- JSON requires decimal values for +- mode bits. If not specified, the +- volume defaultMode will be used. +- This might be in conflict with +- other options that affect the +- file mode, like fsGroup, and the +- result can be other mode bits +- set.' ++ description: 'mode is Optional: ++ mode bits used to set permissions ++ on this file. Must be an octal ++ value between 0000 and 0777 or ++ a decimal value between 0 and ++ 511. YAML accepts both octal and ++ decimal values, JSON requires ++ decimal values for mode bits. ++ If not specified, the volume defaultMode ++ will be used. This might be in ++ conflict with other options that ++ affect the file mode, like fsGroup, ++ and the result can be other mode ++ bits set.' + format: int32 + type: integer + path: +- description: The relative path of +- the file to map the key to. May +- not be an absolute path. May not +- contain the path element '..'. +- May not start with the string ++ description: path is the relative ++ path of the file to map the key ++ to. May not be an absolute path. ++ May not contain the path element ++ '..'. May not start with the string + '..'. + type: string + required: +@@ -7187,34 +7432,34 @@ spec: + type: object + type: array + optional: +- description: Specify whether the Secret +- or its keys must be defined ++ description: optional field specify whether ++ the Secret or its keys must be defined + type: boolean + secretName: +- description: 'Name of the secret in the +- pod''s namespace to use. More info: +- https://kubernetes.io/docs/concepts/storage/volumes#secret' ++ description: 'secretName is the name of ++ the secret in the pod''s namespace to ++ use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: +- description: StorageOS represents a StorageOS ++ description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes + nodes. + properties: + fsType: +- description: Filesystem type to mount. +- Must be a filesystem type supported +- by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to +- be "ext4" if unspecified. ++ description: fsType is the filesystem ++ type to mount. Must be a filesystem ++ type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. + type: string + readOnly: +- description: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly +- setting in VolumeMounts. ++ description: readOnly defaults to false ++ (read/write). ReadOnly here will force ++ the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: +- description: SecretRef specifies the secret ++ description: secretRef specifies the secret + to use for obtaining the StorageOS API + credentials. If not specified, default + values will be attempted. +@@ -7227,12 +7472,12 @@ spec: + type: string + type: object + volumeName: +- description: VolumeName is the human-readable ++ description: volumeName is the human-readable + name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: +- description: VolumeNamespace specifies ++ description: volumeNamespace specifies + the scope of the volume within StorageOS. If + no namespace is specified then the Pod's + namespace will be used. This allows +@@ -7246,29 +7491,30 @@ spec: + type: string + type: object + vsphereVolume: +- description: VsphereVolume represents a vSphere ++ description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets + host machine + properties: + fsType: +- description: Filesystem type to mount. +- Must be a filesystem type supported +- by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to +- be "ext4" if unspecified. ++ description: fsType is filesystem type ++ to mount. Must be a filesystem type ++ supported by the host operating system. ++ Ex. "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. + type: string + storagePolicyID: +- description: Storage Policy Based Management +- (SPBM) profile ID associated with the +- StoragePolicyName. ++ description: storagePolicyID is the storage ++ Policy Based Management (SPBM) profile ++ ID associated with the StoragePolicyName. + type: string + storagePolicyName: +- description: Storage Policy Based Management +- (SPBM) profile name. ++ description: storagePolicyName is the ++ storage Policy Based Management (SPBM) ++ profile name. + type: string + volumePath: +- description: Path that identifies vSphere +- volume vmdk ++ description: volumePath is the path that ++ identifies vSphere volume vmdk + type: string + required: + - volumePath +@@ -7678,9 +7924,6 @@ spec: + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. +- This field is beta-level and is only honored +- when PodAffinityNamespaceSelector feature +- is enabled. + properties: + matchExpressions: + description: matchExpressions is a list +@@ -7740,7 +7983,7 @@ spec: + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null +- namespaceSelector means "this pod's namespace" ++ namespaceSelector means "this pod's namespace". + items: + type: string + type: array +@@ -7849,9 +8092,7 @@ spec: + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty +- selector ({}) matches all namespaces. This +- field is beta-level and is only honored when +- PodAffinityNamespaceSelector feature is enabled. ++ selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list +@@ -7908,7 +8149,7 @@ spec: + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this +- pod's namespace" ++ pod's namespace". + items: + type: string + type: array +@@ -8019,9 +8260,6 @@ spec: + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. +- This field is beta-level and is only honored +- when PodAffinityNamespaceSelector feature +- is enabled. + properties: + matchExpressions: + description: matchExpressions is a list +@@ -8081,7 +8319,7 @@ spec: + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null +- namespaceSelector means "this pod's namespace" ++ namespaceSelector means "this pod's namespace". + items: + type: string + type: array +@@ -8190,9 +8428,7 @@ spec: + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty +- selector ({}) matches all namespaces. This +- field is beta-level and is only honored when +- PodAffinityNamespaceSelector feature is enabled. ++ selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list +@@ -8249,7 +8485,7 @@ spec: + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this +- pod's namespace" ++ pod's namespace". + items: + type: string + type: array +@@ -8387,7 +8623,8 @@ spec: + in the volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, the Kubelet + will not modify the ownership and permissions of any +- volume." ++ volume. Note that this field cannot be set when spec.os.name ++ is windows." + format: int64 + type: integer + fsGroupChangePolicy: +@@ -8398,14 +8635,16 @@ spec: + permissions). It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. Valid + values are "OnRootMismatch" and "Always". If not specified, +- "Always" is used.' ++ "Always" is used. Note that this field cannot be set ++ when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext +- takes precedence for that container. ++ takes precedence for that container. Note that this ++ field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: +@@ -8424,7 +8663,8 @@ spec: + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence +- for that container. ++ for that container. Note that this field cannot be set ++ when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: +@@ -8433,7 +8673,8 @@ spec: + allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext +- takes precedence for that container. ++ takes precedence for that container. Note that this ++ field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies +@@ -8454,7 +8695,8 @@ spec: + type: object + seccompProfile: + description: The seccomp options to use by the containers +- in this pod. ++ in this pod. Note that this field cannot be set when ++ spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile +@@ -8479,7 +8721,8 @@ spec: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID. If unspecified, no groups will be added +- to any container. ++ to any container. Note that this field cannot be set ++ when spec.os.name is windows. + items: + format: int64 + type: integer +@@ -8487,7 +8730,8 @@ spec: + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by +- the container runtime) might fail to launch. ++ the container runtime) might fail to launch. Note that ++ this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set +@@ -8508,7 +8752,8 @@ spec: + all containers. If unspecified, the options within a + container's SecurityContext will be used. If set in + both SecurityContext and PodSecurityContext, the value +- specified in SecurityContext takes precedence. ++ specified in SecurityContext takes precedence. Note ++ that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA +@@ -8593,123 +8838,128 @@ spec: + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: +- description: 'AWSElasticBlockStore represents an AWS ++ description: 'awsElasticBlockStore represents an AWS + Disk resource that is attached to a kubelet''s host + machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: +- description: 'Filesystem type of the volume that +- you want to mount. Tip: Ensure that the filesystem +- type is supported by the host operating system. +- Examples: "ext4", "xfs", "ntfs". Implicitly inferred +- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore ++ description: 'fsType is the filesystem type of the ++ volume that you want to mount. Tip: Ensure that ++ the filesystem type is supported by the host operating ++ system. Examples: "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. More info: ++ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: +- description: 'The partition in the volume that you +- want to mount. If omitted, the default is to mount +- by volume name. Examples: For volume /dev/sda1, +- you specify the partition as "1". Similarly, the +- volume partition for /dev/sda is "0" (or you can +- leave the property empty).' ++ description: 'partition is the partition in the ++ volume that you want to mount. If omitted, the ++ default is to mount by volume name. Examples: ++ For volume /dev/sda1, you specify the partition ++ as "1". Similarly, the volume partition for /dev/sda ++ is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: +- description: 'Specify "true" to force and set the +- ReadOnly property in VolumeMounts to "true". If +- omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' ++ description: 'readOnly value true will force the ++ readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: +- description: 'Unique ID of the persistent disk resource +- in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' ++ description: 'volumeID is unique ID of the persistent ++ disk resource in AWS (Amazon EBS volume). More ++ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: +- description: AzureDisk represents an Azure Data Disk ++ description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: +- description: 'Host Caching mode: None, Read Only, +- Read Write.' ++ description: 'cachingMode is the Host Caching mode: ++ None, Read Only, Read Write.' + type: string + diskName: +- description: The Name of the data disk in the blob +- storage ++ description: diskName is the Name of the data disk ++ in the blob storage + type: string + diskURI: +- description: The URI the data disk in the blob storage ++ description: diskURI is the URI of data disk in ++ the blob storage + type: string + fsType: +- description: Filesystem type to mount. Must be a +- filesystem type supported by the host operating +- system. Ex. "ext4", "xfs", "ntfs". Implicitly ++ description: fsType is Filesystem type to mount. ++ Must be a filesystem type supported by the host ++ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + kind: +- description: 'Expected values Shared: multiple blob +- disks per storage account Dedicated: single blob +- disk per storage account Managed: azure managed +- data disk (only in managed availability set). +- defaults to shared' ++ description: 'kind expected values are Shared: multiple ++ blob disks per storage account Dedicated: single ++ blob disk per storage account Managed: azure ++ managed data disk (only in managed availability ++ set). defaults to shared' + type: string + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly Defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting ++ in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: +- description: AzureFile represents an Azure File Service ++ description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting ++ in VolumeMounts. + type: boolean + secretName: +- description: the name of secret that contains Azure +- Storage Account Name and Key ++ description: secretName is the name of secret that ++ contains Azure Storage Account Name and Key + type: string + shareName: +- description: Share Name ++ description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: +- description: CephFS represents a Ceph FS mount on the ++ description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: +- description: 'Required: Monitors is a collection +- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'monitors is Required: Monitors is ++ a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: +- description: 'Optional: Used as the mounted root, +- rather than the full Ceph tree, default is /' ++ description: 'path is Optional: Used as the mounted ++ root, rather than the full Ceph tree, default ++ is /' + type: string + readOnly: +- description: 'Optional: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly setting +- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'readOnly is Optional: Defaults to ++ false (read/write). ReadOnly here will force the ++ ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: +- description: 'Optional: SecretFile is the path to +- key ring for User, default is /etc/ceph/user.secret ++ description: 'secretFile is Optional: SecretFile ++ is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: +- description: 'Optional: SecretRef is reference to +- the authentication secret for User, default is +- empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'secretRef is Optional: SecretRef is ++ reference to the authentication secret for User, ++ default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: +@@ -8719,31 +8969,32 @@ spec: + type: string + type: object + user: +- description: 'Optional: User is the rados user name, +- default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'user is optional: User is the rados ++ user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: +- description: 'Cinder represents a cinder volume attached ++ description: 'cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: +- description: 'Filesystem type to mount. Must be +- a filesystem type supported by the host operating +- system. Examples: "ext4", "xfs", "ntfs". Implicitly +- inferred to be "ext4" if unspecified. More info: +- https://examples.k8s.io/mysql-cinder-pd/README.md' ++ description: 'fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host ++ operating system. Examples: "ext4", "xfs", "ntfs". ++ Implicitly inferred to be "ext4" if unspecified. ++ More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: +- description: 'Optional: Defaults to false (read/write). ++ description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: +- description: 'Optional: points to a secret object +- containing parameters used to connect to OpenStack.' ++ description: 'secretRef is optional: points to a ++ secret object containing parameters used to connect ++ to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: +@@ -8753,32 +9004,32 @@ spec: + type: string + type: object + volumeID: +- description: 'volume id used to identify the volume ++ description: 'volumeID used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: +- description: ConfigMap represents a configMap that should ++ description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: +- description: 'Optional: mode bits used to set permissions +- on created files by default. Must be an octal +- value between 0000 and 0777 or a decimal value +- between 0 and 511. YAML accepts both octal and +- decimal values, JSON requires decimal values for +- mode bits. Defaults to 0644. Directories within +- the path are not affected by this setting. This +- might be in conflict with other options that affect +- the file mode, like fsGroup, and the result can +- be other mode bits set.' ++ description: 'defaultMode is optional: mode bits ++ used to set permissions on created files by default. ++ Must be an octal value between 0000 and 0777 or ++ a decimal value between 0 and 511. YAML accepts ++ both octal and decimal values, JSON requires decimal ++ values for mode bits. Defaults to 0644. Directories ++ within the path are not affected by this setting. ++ This might be in conflict with other options that ++ affect the file mode, like fsGroup, and the result ++ can be other mode bits set.' + format: int32 + type: integer + items: +- description: If unspecified, each key-value pair +- in the Data field of the referenced ConfigMap ++ description: items if unspecified, each key-value ++ pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified +@@ -8793,26 +9044,28 @@ spec: + a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used to +- set permissions on this file. Must be an +- octal value between 0000 and 0777 or a decimal +- value between 0 and 511. YAML accepts both +- octal and decimal values, JSON requires +- decimal values for mode bits. If not specified, +- the volume defaultMode will be used. This +- might be in conflict with other options +- that affect the file mode, like fsGroup, +- and the result can be other mode bits set.' ++ description: 'mode is Optional: mode bits ++ used to set permissions on this file. Must ++ be an octal value between 0000 and 0777 ++ or a decimal value between 0 and 511. YAML ++ accepts both octal and decimal values, JSON ++ requires decimal values for mode bits. If ++ not specified, the volume defaultMode will ++ be used. This might be in conflict with ++ other options that affect the file mode, ++ like fsGroup, and the result can be other ++ mode bits set.' + format: int32 + type: integer + path: +- description: The relative path of the file +- to map the key to. May not be an absolute +- path. May not contain the path element '..'. +- May not start with the string '..'. ++ description: path is the relative path of ++ the file to map the key to. May not be an ++ absolute path. May not contain the path ++ element '..'. May not start with the string ++ '..'. + type: string + required: + - key +@@ -8825,28 +9078,28 @@ spec: + uid?' + type: string + optional: +- description: Specify whether the ConfigMap or its +- keys must be defined ++ description: optional specify whether the ConfigMap ++ or its keys must be defined + type: boolean + type: object + csi: +- description: CSI (Container Storage Interface) represents ++ description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: +- description: Driver is the name of the CSI driver ++ description: driver is the name of the CSI driver + that handles this volume. Consult with your admin + for the correct name as registered in the cluster. + type: string + fsType: +- description: Filesystem type to mount. Ex. "ext4", +- "xfs", "ntfs". If not provided, the empty value +- is passed to the associated CSI driver which will +- determine the default filesystem to apply. ++ description: fsType to mount. Ex. "ext4", "xfs", ++ "ntfs". If not provided, the empty value is passed ++ to the associated CSI driver which will determine ++ the default filesystem to apply. + type: string + nodePublishSecretRef: +- description: NodePublishSecretRef is a reference ++ description: nodePublishSecretRef is a reference + to the secret object containing sensitive information + to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. +@@ -8863,13 +9116,13 @@ spec: + type: string + type: object + readOnly: +- description: Specifies a read-only configuration ++ description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string +- description: VolumeAttributes stores driver-specific ++ description: volumeAttributes stores driver-specific + properties that are passed to the CSI driver. + Consult your driver's documentation for supported + values. +@@ -8878,7 +9131,7 @@ spec: + - driver + type: object + downwardAPI: +- description: DownwardAPI represents downward API about ++ description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: +@@ -8971,32 +9224,33 @@ spec: + type: array + type: object + emptyDir: +- description: 'EmptyDir represents a temporary directory ++ description: 'emptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: +- description: 'What type of storage medium should +- back this directory. The default is "" which means +- to use the node''s default medium. Must be an +- empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' ++ description: 'medium represents what type of storage ++ medium should back this directory. The default ++ is "" which means to use the node''s default medium. ++ Must be an empty string (default) or Memory. More ++ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string +- description: 'Total amount of local storage required +- for this EmptyDir volume. The size limit is also +- applicable for memory medium. The maximum usage +- on memory medium EmptyDir would be the minimum +- value between the SizeLimit specified here and +- the sum of memory limits of all containers in +- a pod. The default is nil which means that the +- limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' ++ description: 'sizeLimit is the total amount of local ++ storage required for this EmptyDir volume. The ++ size limit is also applicable for memory medium. ++ The maximum usage on memory medium EmptyDir would ++ be the minimum value between the SizeLimit specified ++ here and the sum of memory limits of all containers ++ in a pod. The default is nil which means that ++ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: +- description: "Ephemeral represents a volume that is ++ description: "ephemeral represents a volume that is + handled by a cluster storage driver. The volume's + lifecycle is tied to the pod that defines it - it + will be created before the pod starts, and deleted +@@ -9016,9 +9270,7 @@ spec: + to be used that way - see the documentation of the + driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes +- at the same time. \n This is a beta feature and only +- available when the GenericEphemeralVolume feature +- gate is enabled." ++ at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone +@@ -9058,15 +9310,15 @@ spec: + are also valid here. + properties: + accessModes: +- description: 'AccessModes contains the desired ++ description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: +- description: 'This field can be used to +- specify either: * An existing VolumeSnapshot ++ description: 'dataSource field can be used ++ to specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller +@@ -9099,10 +9351,10 @@ spec: + - name + type: object + dataSourceRef: +- description: 'Specifies the object from +- which to populate the volume with data, +- if a non-empty volume is desired. This +- may be any local object from a non-empty ++ description: 'dataSourceRef specifies the ++ object from which to populate the volume ++ with data, if a non-empty volume is desired. ++ This may be any local object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed if the +@@ -9124,7 +9376,7 @@ spec: + objects. * While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error if +- a disallowed value is specified. (Alpha) ++ a disallowed value is specified. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled.' + properties: +@@ -9149,9 +9401,14 @@ spec: + - name + type: object + resources: +- description: 'Resources represents the minimum +- resources the volume should have. More +- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' ++ description: 'resources represents the minimum ++ resources the volume should have. If RecoverVolumeExpansionFailure ++ feature is enabled users are allowed to ++ specify resource requirements that are ++ lower than previous value but must still ++ be higher than capacity recorded in the ++ status field of the claim. More info: ++ https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: +@@ -9181,8 +9438,8 @@ spec: + type: object + type: object + selector: +- description: A label query over volumes +- to consider for binding. ++ description: selector is a label query over ++ volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list +@@ -9236,8 +9493,9 @@ spec: + type: object + type: object + storageClassName: +- description: 'Name of the StorageClass required +- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' ++ description: 'storageClassName is the name ++ of the StorageClass required by the claim. ++ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type +@@ -9246,7 +9504,7 @@ spec: + in claim spec. + type: string + volumeName: +- description: VolumeName is the binding reference ++ description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object +@@ -9255,74 +9513,75 @@ spec: + type: object + type: object + fc: +- description: FC represents a Fibre Channel resource ++ description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: +- description: 'Filesystem type to mount. Must be +- a filesystem type supported by the host operating +- system. Ex. "ext4", "xfs", "ntfs". Implicitly ++ description: 'fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host ++ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. TODO: how + do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: +- description: 'Optional: FC target lun number' ++ description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: +- description: 'Optional: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly setting +- in VolumeMounts.' ++ description: 'readOnly is Optional: Defaults to ++ false (read/write). ReadOnly here will force the ++ ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: +- description: 'Optional: FC target worldwide names +- (WWNs)' ++ description: 'targetWWNs is Optional: FC target ++ worldwide names (WWNs)' + items: + type: string + type: array + wwids: +- description: 'Optional: FC volume world wide identifiers +- (wwids) Either wwids or combination of targetWWNs +- and lun must be set, but not both simultaneously.' ++ description: 'wwids Optional: FC volume world wide ++ identifiers (wwids) Either wwids or combination ++ of targetWWNs and lun must be set, but not both ++ simultaneously.' + items: + type: string + type: array + type: object + flexVolume: +- description: FlexVolume represents a generic volume ++ description: flexVolume represents a generic volume + resource that is provisioned/attached using an exec + based plugin. + properties: + driver: +- description: Driver is the name of the driver to ++ description: driver is the name of the driver to + use for this volume. + type: string + fsType: +- description: Filesystem type to mount. Must be a +- filesystem type supported by the host operating +- system. Ex. "ext4", "xfs", "ntfs". The default +- filesystem depends on FlexVolume script. ++ description: fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host ++ operating system. Ex. "ext4", "xfs", "ntfs". The ++ default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string +- description: 'Optional: Extra command options if +- any.' ++ description: 'options is Optional: this field holds ++ extra command options if any.' + type: object + readOnly: +- description: 'Optional: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly setting +- in VolumeMounts.' ++ description: 'readOnly is Optional: defaults to ++ false (read/write). ReadOnly here will force the ++ ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: +- description: 'Optional: SecretRef is reference to +- the secret object containing sensitive information +- to pass to the plugin scripts. This may be empty +- if no secret object is specified. If the secret +- object contains more than one secret, all secrets +- are passed to the plugin scripts.' ++ description: 'secretRef is Optional: secretRef is ++ reference to the secret object containing sensitive ++ information to pass to the plugin scripts. This ++ may be empty if no secret object is specified. ++ If the secret object contains more than one secret, ++ all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: +@@ -9335,28 +9594,28 @@ spec: + - driver + type: object + flocker: +- description: Flocker represents a Flocker volume attached ++ description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: +- description: Name of the dataset stored as metadata +- -> name on the dataset for Flocker should be considered +- as deprecated ++ description: datasetName is Name of the dataset ++ stored as metadata -> name on the dataset for ++ Flocker should be considered as deprecated + type: string + datasetUUID: +- description: UUID of the dataset. This is unique +- identifier of a Flocker dataset ++ description: datasetUUID is the UUID of the dataset. ++ This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: +- description: 'GCEPersistentDisk represents a GCE Disk ++ description: 'gcePersistentDisk represents a GCE Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: +- description: 'Filesystem type of the volume that +- you want to mount. Tip: Ensure that the filesystem ++ description: 'fsType is filesystem type of the volume ++ that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +@@ -9364,21 +9623,22 @@ spec: + from compromising the machine' + type: string + partition: +- description: 'The partition in the volume that you +- want to mount. If omitted, the default is to mount +- by volume name. Examples: For volume /dev/sda1, +- you specify the partition as "1". Similarly, the +- volume partition for /dev/sda is "0" (or you can +- leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' ++ description: 'partition is the partition in the ++ volume that you want to mount. If omitted, the ++ default is to mount by volume name. Examples: ++ For volume /dev/sda1, you specify the partition ++ as "1". Similarly, the volume partition for /dev/sda ++ is "0" (or you can leave the property empty). ++ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: +- description: 'Unique name of the PD resource in +- GCE. Used to identify the disk in GCE. More info: +- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' ++ description: 'pdName is unique name of the PD resource ++ in GCE. Used to identify the disk in GCE. More ++ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: +- description: 'ReadOnly here will force the ReadOnly ++ description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean +@@ -9386,7 +9646,7 @@ spec: + - pdName + type: object + gitRepo: +- description: 'GitRepo represents a git repository at ++ description: 'gitRepo represents a git repository at + a particular revision. DEPRECATED: GitRepo is deprecated. + To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo +@@ -9394,37 +9654,38 @@ spec: + container.' + properties: + directory: +- description: Target directory name. Must not contain +- or start with '..'. If '.' is supplied, the volume +- directory will be the git repository. Otherwise, +- if specified, the volume will contain the git +- repository in the subdirectory with the given +- name. ++ description: directory is the target directory name. ++ Must not contain or start with '..'. If '.' is ++ supplied, the volume directory will be the git ++ repository. Otherwise, if specified, the volume ++ will contain the git repository in the subdirectory ++ with the given name. + type: string + repository: +- description: Repository URL ++ description: repository is the URL + type: string + revision: +- description: Commit hash for the specified revision. ++ description: revision is the commit hash for the ++ specified revision. + type: string + required: + - repository + type: object + glusterfs: +- description: 'Glusterfs represents a Glusterfs mount ++ description: 'glusterfs represents a Glusterfs mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: +- description: 'EndpointsName is the endpoint name +- that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' ++ description: 'endpoints is the endpoint name that ++ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: +- description: 'Path is the Glusterfs volume path. ++ description: 'path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: +- description: 'ReadOnly here will force the Glusterfs ++ description: 'readOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean +@@ -9433,7 +9694,7 @@ spec: + - path + type: object + hostPath: +- description: 'HostPath represents a pre-existing file ++ description: 'hostPath represents a pre-existing file + or directory on the host machine that is directly + exposed to the container. This is generally used for + system agents or other privileged things that are +@@ -9444,71 +9705,73 @@ spec: + directories as read/write.' + properties: + path: +- description: 'Path of the directory on the host. ++ description: 'path of the directory on the host. + If the path is a symlink, it will follow the link + to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: +- description: 'Type for HostPath Volume Defaults ++ description: 'type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: +- description: 'ISCSI represents an ISCSI Disk resource ++ description: 'iscsi represents an ISCSI Disk resource + that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: +- description: whether support iSCSI Discovery CHAP +- authentication ++ description: chapAuthDiscovery defines whether support ++ iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: +- description: whether support iSCSI Session CHAP +- authentication ++ description: chapAuthSession defines whether support ++ iSCSI Session CHAP authentication + type: boolean + fsType: +- description: 'Filesystem type of the volume that +- you want to mount. Tip: Ensure that the filesystem +- type is supported by the host operating system. +- Examples: "ext4", "xfs", "ntfs". Implicitly inferred +- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi ++ description: 'fsType is the filesystem type of the ++ volume that you want to mount. Tip: Ensure that ++ the filesystem type is supported by the host operating ++ system. Examples: "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. More info: ++ https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + initiatorName: +- description: Custom iSCSI Initiator Name. If initiatorName +- is specified with iscsiInterface simultaneously, +- new iSCSI interface : +- will be created for the connection. ++ description: initiatorName is the custom iSCSI Initiator ++ Name. If initiatorName is specified with iscsiInterface ++ simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: +- description: Target iSCSI Qualified Name. ++ description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: +- description: iSCSI Interface Name that uses an iSCSI +- transport. Defaults to 'default' (tcp). ++ description: iscsiInterface is the interface Name ++ that uses an iSCSI transport. Defaults to 'default' ++ (tcp). + type: string + lun: +- description: iSCSI Target Lun number. ++ description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: +- description: iSCSI Target Portal List. The portal +- is either an IP or ip_addr:port if the port is +- other than default (typically TCP ports 860 and +- 3260). ++ description: portals is the iSCSI Target Portal ++ List. The portal is either an IP or ip_addr:port ++ if the port is other than default (typically TCP ++ ports 860 and 3260). + items: + type: string + type: array + readOnly: +- description: ReadOnly here will force the ReadOnly ++ description: readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: +- description: CHAP Secret for iSCSI target and initiator +- authentication ++ description: secretRef is the CHAP Secret for iSCSI ++ target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: +@@ -9518,9 +9781,10 @@ spec: + type: string + type: object + targetPortal: +- description: iSCSI Target Portal. The Portal is +- either an IP or ip_addr:port if the port is other +- than default (typically TCP ports 860 and 3260). ++ description: targetPortal is iSCSI Target Portal. ++ The Portal is either an IP or ip_addr:port if ++ the port is other than default (typically TCP ++ ports 860 and 3260). + type: string + required: + - iqn +@@ -9528,24 +9792,24 @@ spec: + - targetPortal + type: object + name: +- description: 'Volume''s name. Must be a DNS_LABEL and +- unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' ++ description: 'name of the volume. Must be a DNS_LABEL ++ and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: +- description: 'NFS represents an NFS mount on the host ++ description: 'nfs represents an NFS mount on the host + that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: +- description: 'Path that is exported by the NFS server. ++ description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: +- description: 'ReadOnly here will force the NFS export ++ description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: +- description: 'Server is the hostname or IP address ++ description: 'server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: +@@ -9553,132 +9817,133 @@ spec: + - server + type: object + persistentVolumeClaim: +- description: 'PersistentVolumeClaimVolumeSource represents ++ description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same + namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: +- description: 'ClaimName is the name of a PersistentVolumeClaim ++ description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: +- description: Will force the ReadOnly setting in +- VolumeMounts. Default false. ++ description: readOnly Will force the ReadOnly setting ++ in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: +- description: PhotonPersistentDisk represents a PhotonController ++ description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: +- description: Filesystem type to mount. Must be a +- filesystem type supported by the host operating +- system. Ex. "ext4", "xfs", "ntfs". Implicitly ++ description: fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host ++ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + pdID: +- description: ID that identifies Photon Controller +- persistent disk ++ description: pdID is the ID that identifies Photon ++ Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: +- description: PortworxVolume represents a portworx volume ++ description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: +- description: FSType represents the filesystem type ++ description: fSType represents the filesystem type + to mount Must be a filesystem type supported by + the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting ++ in VolumeMounts. + type: boolean + volumeID: +- description: VolumeID uniquely identifies a Portworx ++ description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: +- description: Items for all in one resources secrets, +- configmaps, and downward API ++ description: projected items for all in one resources ++ secrets, configmaps, and downward API + properties: + defaultMode: +- description: Mode bits used to set permissions on +- created files by default. Must be an octal value +- between 0000 and 0777 or a decimal value between +- 0 and 511. YAML accepts both octal and decimal +- values, JSON requires decimal values for mode +- bits. Directories within the path are not affected +- by this setting. This might be in conflict with +- other options that affect the file mode, like +- fsGroup, and the result can be other mode bits +- set. ++ description: defaultMode are the mode bits used ++ to set permissions on created files by default. ++ Must be an octal value between 0000 and 0777 or ++ a decimal value between 0 and 511. YAML accepts ++ both octal and decimal values, JSON requires decimal ++ values for mode bits. Directories within the path ++ are not affected by this setting. This might be ++ in conflict with other options that affect the ++ file mode, like fsGroup, and the result can be ++ other mode bits set. + format: int32 + type: integer + sources: +- description: list of volume projections ++ description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: +- description: information about the configMap +- data to project ++ description: configMap information about the ++ configMap data to project + properties: + items: +- description: If unspecified, each key-value +- pair in the Data field of the referenced +- ConfigMap will be projected into the +- volume as a file whose name is the key +- and content is the value. If specified, +- the listed keys will be projected into +- the specified paths, and unlisted keys +- will not be present. If a key is specified +- which is not present in the ConfigMap, +- the volume setup will error unless it +- is marked optional. Paths must be relative +- and may not contain the '..' path or +- start with '..'. ++ description: items if unspecified, each ++ key-value pair in the Data field of ++ the referenced ConfigMap will be projected ++ into the volume as a file whose name ++ is the key and content is the value. ++ If specified, the listed keys will be ++ projected into the specified paths, ++ and unlisted keys will not be present. ++ If a key is specified which is not present ++ in the ConfigMap, the volume setup will ++ error unless it is marked optional. ++ Paths must be relative and may not contain ++ the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits +- used to set permissions on this +- file. Must be an octal value between +- 0000 and 0777 or a decimal value +- between 0 and 511. YAML accepts +- both octal and decimal values, +- JSON requires decimal values for +- mode bits. If not specified, the +- volume defaultMode will be used. +- This might be in conflict with +- other options that affect the +- file mode, like fsGroup, and the +- result can be other mode bits +- set.' ++ description: 'mode is Optional: ++ mode bits used to set permissions ++ on this file. Must be an octal ++ value between 0000 and 0777 or ++ a decimal value between 0 and ++ 511. YAML accepts both octal and ++ decimal values, JSON requires ++ decimal values for mode bits. ++ If not specified, the volume defaultMode ++ will be used. This might be in ++ conflict with other options that ++ affect the file mode, like fsGroup, ++ and the result can be other mode ++ bits set.' + format: int32 + type: integer + path: +- description: The relative path of +- the file to map the key to. May +- not be an absolute path. May not +- contain the path element '..'. +- May not start with the string ++ description: path is the relative ++ path of the file to map the key ++ to. May not be an absolute path. ++ May not contain the path element ++ '..'. May not start with the string + '..'. + type: string + required: +@@ -9693,13 +9958,13 @@ spec: + kind, uid?' + type: string + optional: +- description: Specify whether the ConfigMap +- or its keys must be defined ++ description: optional specify whether ++ the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: +- description: information about the downwardAPI +- data to project ++ description: downwardAPI information about ++ the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume +@@ -9789,53 +10054,53 @@ spec: + type: array + type: object + secret: +- description: information about the secret +- data to project ++ description: secret information about the ++ secret data to project + properties: + items: +- description: If unspecified, each key-value +- pair in the Data field of the referenced +- Secret will be projected into the volume +- as a file whose name is the key and +- content is the value. If specified, +- the listed keys will be projected into +- the specified paths, and unlisted keys +- will not be present. If a key is specified +- which is not present in the Secret, +- the volume setup will error unless it +- is marked optional. Paths must be relative +- and may not contain the '..' path or +- start with '..'. ++ description: items if unspecified, each ++ key-value pair in the Data field of ++ the referenced Secret will be projected ++ into the volume as a file whose name ++ is the key and content is the value. ++ If specified, the listed keys will be ++ projected into the specified paths, ++ and unlisted keys will not be present. ++ If a key is specified which is not present ++ in the Secret, the volume setup will ++ error unless it is marked optional. ++ Paths must be relative and may not contain ++ the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits +- used to set permissions on this +- file. Must be an octal value between +- 0000 and 0777 or a decimal value +- between 0 and 511. YAML accepts +- both octal and decimal values, +- JSON requires decimal values for +- mode bits. If not specified, the +- volume defaultMode will be used. +- This might be in conflict with +- other options that affect the +- file mode, like fsGroup, and the +- result can be other mode bits +- set.' ++ description: 'mode is Optional: ++ mode bits used to set permissions ++ on this file. Must be an octal ++ value between 0000 and 0777 or ++ a decimal value between 0 and ++ 511. YAML accepts both octal and ++ decimal values, JSON requires ++ decimal values for mode bits. ++ If not specified, the volume defaultMode ++ will be used. This might be in ++ conflict with other options that ++ affect the file mode, like fsGroup, ++ and the result can be other mode ++ bits set.' + format: int32 + type: integer + path: +- description: The relative path of +- the file to map the key to. May +- not be an absolute path. May not +- contain the path element '..'. +- May not start with the string ++ description: path is the relative ++ path of the file to map the key ++ to. May not be an absolute path. ++ May not contain the path element ++ '..'. May not start with the string + '..'. + type: string + required: +@@ -9850,16 +10115,16 @@ spec: + kind, uid?' + type: string + optional: +- description: Specify whether the Secret +- or its key must be defined ++ description: optional field specify whether ++ the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: +- description: information about the serviceAccountToken +- data to project ++ description: serviceAccountToken is information ++ about the serviceAccountToken data to project + properties: + audience: +- description: Audience is the intended ++ description: audience is the intended + audience of the token. A recipient of + a token must identify itself with an + identifier specified in the audience +@@ -9868,7 +10133,7 @@ spec: + the identifier of the apiserver. + type: string + expirationSeconds: +- description: ExpirationSeconds is the ++ description: expirationSeconds is the + requested duration of validity of the + service account token. As the token + approaches expiration, the kubelet volume +@@ -9882,7 +10147,7 @@ spec: + format: int64 + type: integer + path: +- description: Path is the path relative ++ description: path is the path relative + to the mount point of the file to project + the token into. + type: string +@@ -9893,36 +10158,36 @@ spec: + type: array + type: object + quobyte: +- description: Quobyte represents a Quobyte mount on the ++ description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: +- description: Group to map volume access to Default ++ description: group to map volume access to Default + is no group + type: string + readOnly: +- description: ReadOnly here will force the Quobyte ++ description: readOnly here will force the Quobyte + volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: +- description: Registry represents a single or multiple ++ description: registry represents a single or multiple + Quobyte Registry services specified as a string + as host:port pair (multiple entries are separated + with commas) which acts as the central registry + for volumes + type: string + tenant: +- description: Tenant owning the given Quobyte volume ++ description: tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned + Quobyte volumes, value is set by the plugin + type: string + user: +- description: User to map volume access to Defaults ++ description: user to map volume access to Defaults + to serivceaccount user + type: string + volume: +- description: Volume is a string that references ++ description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: +@@ -9930,44 +10195,46 @@ spec: + - volume + type: object + rbd: +- description: 'RBD represents a Rados Block Device mount ++ description: 'rbd represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: +- description: 'Filesystem type of the volume that +- you want to mount. Tip: Ensure that the filesystem +- type is supported by the host operating system. +- Examples: "ext4", "xfs", "ntfs". Implicitly inferred +- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd ++ description: 'fsType is the filesystem type of the ++ volume that you want to mount. Tip: Ensure that ++ the filesystem type is supported by the host operating ++ system. Examples: "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. More info: ++ https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + image: +- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'image is the rados image name. More ++ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: +- description: 'Keyring is the path to key ring for ++ description: 'keyring is the path to key ring for + RBDUser. Default is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: +- description: 'A collection of Ceph monitors. More +- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'monitors is a collection of Ceph monitors. ++ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: +- description: 'The rados pool name. Default is rbd. +- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'pool is the rados pool name. Default ++ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: +- description: 'ReadOnly here will force the ReadOnly ++ description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: +- description: 'SecretRef is name of the authentication ++ description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: +@@ -9979,37 +10246,38 @@ spec: + type: string + type: object + user: +- description: 'The rados user name. Default is admin. +- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'user is the rados user name. Default ++ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: +- description: ScaleIO represents a ScaleIO persistent ++ description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: +- description: Filesystem type to mount. Must be a +- filesystem type supported by the host operating +- system. Ex. "ext4", "xfs", "ntfs". Default is +- "xfs". ++ description: fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host ++ operating system. Ex. "ext4", "xfs", "ntfs". Default ++ is "xfs". + type: string + gateway: +- description: The host address of the ScaleIO API +- Gateway. ++ description: gateway is the host address of the ++ ScaleIO API Gateway. + type: string + protectionDomain: +- description: The name of the ScaleIO Protection +- Domain for the configured storage. ++ description: protectionDomain is the name of the ++ ScaleIO Protection Domain for the configured storage. + type: string + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly Defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting ++ in VolumeMounts. + type: boolean + secretRef: +- description: SecretRef references to the secret ++ description: secretRef references to the secret + for ScaleIO user and other sensitive information. + If this is not provided, Login operation will + fail. +@@ -10022,26 +10290,26 @@ spec: + type: string + type: object + sslEnabled: +- description: Flag to enable/disable SSL communication +- with Gateway, default false ++ description: sslEnabled Flag enable/disable SSL ++ communication with Gateway, default false + type: boolean + storageMode: +- description: Indicates whether the storage for a +- volume should be ThickProvisioned or ThinProvisioned. ++ description: storageMode indicates whether the storage ++ for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: +- description: The ScaleIO Storage Pool associated +- with the protection domain. ++ description: storagePool is the ScaleIO Storage ++ Pool associated with the protection domain. + type: string + system: +- description: The name of the storage system as configured +- in ScaleIO. ++ description: system is the name of the storage system ++ as configured in ScaleIO. + type: string + volumeName: +- description: The name of a volume already created +- in the ScaleIO system that is associated with +- this volume source. ++ description: volumeName is the name of a volume ++ already created in the ScaleIO system that is ++ associated with this volume source. + type: string + required: + - gateway +@@ -10049,27 +10317,27 @@ spec: + - system + type: object + secret: +- description: 'Secret represents a secret that should ++ description: 'secret represents a secret that should + populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: +- description: 'Optional: mode bits used to set permissions +- on created files by default. Must be an octal +- value between 0000 and 0777 or a decimal value +- between 0 and 511. YAML accepts both octal and +- decimal values, JSON requires decimal values for +- mode bits. Defaults to 0644. Directories within +- the path are not affected by this setting. This +- might be in conflict with other options that affect +- the file mode, like fsGroup, and the result can +- be other mode bits set.' +- format: int32 +- type: integer ++ description: 'defaultMode is Optional: mode bits ++ used to set permissions on created files by default. ++ Must be an octal value between 0000 and 0777 or ++ a decimal value between 0 and 511. YAML accepts ++ both octal and decimal values, JSON requires decimal ++ values for mode bits. Defaults to 0644. Directories ++ within the path are not affected by this setting. ++ This might be in conflict with other options that ++ affect the file mode, like fsGroup, and the result ++ can be other mode bits set.' ++ format: int32 ++ type: integer + items: +- description: If unspecified, each key-value pair +- in the Data field of the referenced Secret will +- be projected into the volume as a file whose name +- is the key and content is the value. If specified, ++ description: items If unspecified, each key-value ++ pair in the Data field of the referenced Secret ++ will be projected into the volume as a file whose ++ name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in +@@ -10082,26 +10350,28 @@ spec: + a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used to +- set permissions on this file. Must be an +- octal value between 0000 and 0777 or a decimal +- value between 0 and 511. YAML accepts both +- octal and decimal values, JSON requires +- decimal values for mode bits. If not specified, +- the volume defaultMode will be used. This +- might be in conflict with other options +- that affect the file mode, like fsGroup, +- and the result can be other mode bits set.' ++ description: 'mode is Optional: mode bits ++ used to set permissions on this file. Must ++ be an octal value between 0000 and 0777 ++ or a decimal value between 0 and 511. YAML ++ accepts both octal and decimal values, JSON ++ requires decimal values for mode bits. If ++ not specified, the volume defaultMode will ++ be used. This might be in conflict with ++ other options that affect the file mode, ++ like fsGroup, and the result can be other ++ mode bits set.' + format: int32 + type: integer + path: +- description: The relative path of the file +- to map the key to. May not be an absolute +- path. May not contain the path element '..'. +- May not start with the string '..'. ++ description: path is the relative path of ++ the file to map the key to. May not be an ++ absolute path. May not contain the path ++ element '..'. May not start with the string ++ '..'. + type: string + required: + - key +@@ -10109,30 +10379,31 @@ spec: + type: object + type: array + optional: +- description: Specify whether the Secret or its keys +- must be defined ++ description: optional field specify whether the ++ Secret or its keys must be defined + type: boolean + secretName: +- description: 'Name of the secret in the pod''s namespace +- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' ++ description: 'secretName is the name of the secret ++ in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: +- description: StorageOS represents a StorageOS volume ++ description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: +- description: Filesystem type to mount. Must be a +- filesystem type supported by the host operating +- system. Ex. "ext4", "xfs", "ntfs". Implicitly ++ description: fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host ++ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting ++ in VolumeMounts. + type: boolean + secretRef: +- description: SecretRef specifies the secret to use ++ description: secretRef specifies the secret to use + for obtaining the StorageOS API credentials. If + not specified, default values will be attempted. + properties: +@@ -10144,12 +10415,12 @@ spec: + type: string + type: object + volumeName: +- description: VolumeName is the human-readable name ++ description: volumeName is the human-readable name + of the StorageOS volume. Volume names are only + unique within a namespace. + type: string + volumeNamespace: +- description: VolumeNamespace specifies the scope ++ description: volumeNamespace specifies the scope + of the volume within StorageOS. If no namespace + is specified then the Pod's namespace will be + used. This allows the Kubernetes name scoping +@@ -10161,26 +10432,27 @@ spec: + type: string + type: object + vsphereVolume: +- description: VsphereVolume represents a vSphere volume ++ description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: +- description: Filesystem type to mount. Must be a +- filesystem type supported by the host operating +- system. Ex. "ext4", "xfs", "ntfs". Implicitly ++ description: fsType is filesystem type to mount. ++ Must be a filesystem type supported by the host ++ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + storagePolicyID: +- description: Storage Policy Based Management (SPBM) +- profile ID associated with the StoragePolicyName. ++ description: storagePolicyID is the storage Policy ++ Based Management (SPBM) profile ID associated ++ with the StoragePolicyName. + type: string + storagePolicyName: +- description: Storage Policy Based Management (SPBM) +- profile name. ++ description: storagePolicyName is the storage Policy ++ Based Management (SPBM) profile name. + type: string + volumePath: +- description: Path that identifies vSphere volume +- vmdk ++ description: volumePath is the path that identifies ++ vSphere volume vmdk + type: string + required: + - volumePath +@@ -10628,9 +10900,7 @@ spec: + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all +- namespaces. This field is beta-level +- and is only honored when PodAffinityNamespaceSelector +- feature is enabled. ++ namespaces. + properties: + matchExpressions: + description: matchExpressions +@@ -10698,7 +10968,7 @@ spec: + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's +- namespace" ++ namespace". + items: + type: string + type: array +@@ -10817,9 +11087,6 @@ spec: + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. +- This field is beta-level and is only +- honored when PodAffinityNamespaceSelector +- feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a +@@ -10882,7 +11149,7 @@ spec: + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's +- namespace" ++ namespace". + items: + type: string + type: array +@@ -11004,9 +11271,7 @@ spec: + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all +- namespaces. This field is beta-level +- and is only honored when PodAffinityNamespaceSelector +- feature is enabled. ++ namespaces. + properties: + matchExpressions: + description: matchExpressions +@@ -11074,7 +11339,7 @@ spec: + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's +- namespace" ++ namespace". + items: + type: string + type: array +@@ -11193,9 +11458,6 @@ spec: + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. +- This field is beta-level and is only +- honored when PodAffinityNamespaceSelector +- feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a +@@ -11258,7 +11520,7 @@ spec: + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's +- namespace" ++ namespace". + items: + type: string + type: array +@@ -11402,7 +11664,9 @@ spec: + is set (new files created in the volume will be + owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not +- modify the ownership and permissions of any volume." ++ modify the ownership and permissions of any volume. ++ Note that this field cannot be set when spec.os.name ++ is windows." + format: int64 + type: integer + fsGroupChangePolicy: +@@ -11413,7 +11677,9 @@ spec: + based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" +- and "Always". If not specified, "Always" is used.' ++ and "Always". If not specified, "Always" is used. ++ Note that this field cannot be set when spec.os.name ++ is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the +@@ -11421,7 +11687,8 @@ spec: + May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence +- for that container. ++ for that container. Note that this field cannot ++ be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: +@@ -11442,6 +11709,8 @@ spec: + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence for that container. ++ Note that this field cannot be set when spec.os.name ++ is windows. + format: int64 + type: integer + seLinuxOptions: +@@ -11451,7 +11720,8 @@ spec: + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence +- for that container. ++ for that container. Note that this field cannot ++ be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that +@@ -11472,7 +11742,8 @@ spec: + type: object + seccompProfile: + description: The seccomp options to use by the containers +- in this pod. ++ in this pod. Note that this field cannot be set ++ when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile +@@ -11498,7 +11769,9 @@ spec: + description: A list of groups applied to the first + process run in each container, in addition to + the container's primary GID. If unspecified, +- no groups will be added to any container. ++ no groups will be added to any container. Note ++ that this field cannot be set when spec.os.name ++ is windows. + items: + format: int64 + type: integer +@@ -11507,6 +11780,8 @@ spec: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls + (by the container runtime) might fail to launch. ++ Note that this field cannot be set when spec.os.name ++ is windows. + items: + description: Sysctl defines a kernel parameter + to be set +@@ -11528,6 +11803,8 @@ spec: + within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. ++ Note that this field cannot be set when spec.os.name ++ is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the +@@ -11617,77 +11894,78 @@ spec: + pod. + properties: + awsElasticBlockStore: +- description: 'AWSElasticBlockStore represents ++ description: 'awsElasticBlockStore represents + an AWS Disk resource that is attached to a kubelet''s + host machine and then exposed to the pod. More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: +- description: 'Filesystem type of the volume +- that you want to mount. Tip: Ensure that +- the filesystem type is supported by the +- host operating system. Examples: "ext4", +- "xfs", "ntfs". Implicitly inferred to be +- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore ++ description: 'fsType is the filesystem type ++ of the volume that you want to mount. Tip: ++ Ensure that the filesystem type is supported ++ by the host operating system. Examples: ++ "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. More info: ++ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: +- description: 'The partition in the volume +- that you want to mount. If omitted, the +- default is to mount by volume name. Examples: +- For volume /dev/sda1, you specify the partition +- as "1". Similarly, the volume partition +- for /dev/sda is "0" (or you can leave the +- property empty).' ++ description: 'partition is the partition in ++ the volume that you want to mount. If omitted, ++ the default is to mount by volume name. ++ Examples: For volume /dev/sda1, you specify ++ the partition as "1". Similarly, the volume ++ partition for /dev/sda is "0" (or you can ++ leave the property empty).' + format: int32 + type: integer + readOnly: +- description: 'Specify "true" to force and +- set the ReadOnly property in VolumeMounts +- to "true". If omitted, the default is "false". +- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' ++ description: 'readOnly value true will force ++ the readOnly setting in VolumeMounts. More ++ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: +- description: 'Unique ID of the persistent +- disk resource in AWS (Amazon EBS volume). +- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' ++ description: 'volumeID is unique ID of the ++ persistent disk resource in AWS (Amazon ++ EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: +- description: AzureDisk represents an Azure Data ++ description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: +- description: 'Host Caching mode: None, Read +- Only, Read Write.' ++ description: 'cachingMode is the Host Caching ++ mode: None, Read Only, Read Write.' + type: string + diskName: +- description: The Name of the data disk in +- the blob storage ++ description: diskName is the Name of the data ++ disk in the blob storage + type: string + diskURI: +- description: The URI the data disk in the +- blob storage ++ description: diskURI is the URI of data disk ++ in the blob storage + type: string + fsType: +- description: Filesystem type to mount. Must +- be a filesystem type supported by the host +- operating system. Ex. "ext4", "xfs", "ntfs". +- Implicitly inferred to be "ext4" if unspecified. ++ description: fsType is Filesystem type to ++ mount. Must be a filesystem type supported ++ by the host operating system. Ex. "ext4", ++ "xfs", "ntfs". Implicitly inferred to be ++ "ext4" if unspecified. + type: string + kind: +- description: 'Expected values Shared: multiple +- blob disks per storage account Dedicated: ++ description: 'kind expected values are Shared: ++ multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: +- description: Defaults to false (read/write). ++ description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean +@@ -11696,56 +11974,59 @@ spec: + - diskURI + type: object + azureFile: +- description: AzureFile represents an Azure File ++ description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: +- description: Defaults to false (read/write). ++ description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: +- description: the name of secret that contains +- Azure Storage Account Name and Key ++ description: secretName is the name of secret ++ that contains Azure Storage Account Name ++ and Key + type: string + shareName: +- description: Share Name ++ description: shareName is the azure share ++ Name + type: string + required: + - secretName + - shareName + type: object + cephfs: +- description: CephFS represents a Ceph FS mount ++ description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: +- description: 'Required: Monitors is a collection +- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'monitors is Required: Monitors ++ is a collection of Ceph monitors More info: ++ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: +- description: 'Optional: Used as the mounted +- root, rather than the full Ceph tree, default +- is /' ++ description: 'path is Optional: Used as the ++ mounted root, rather than the full Ceph ++ tree, default is /' + type: string + readOnly: +- description: 'Optional: Defaults to false +- (read/write). ReadOnly here will force the +- ReadOnly setting in VolumeMounts. More info: +- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'readOnly is Optional: Defaults ++ to false (read/write). ReadOnly here will ++ force the ReadOnly setting in VolumeMounts. ++ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: +- description: 'Optional: SecretFile is the +- path to key ring for User, default is /etc/ceph/user.secret +- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'secretFile is Optional: SecretFile ++ is the path to key ring for User, default ++ is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: +- description: 'Optional: SecretRef is reference +- to the authentication secret for User, default +- is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'secretRef is Optional: SecretRef ++ is reference to the authentication secret ++ for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More +@@ -11755,34 +12036,35 @@ spec: + type: string + type: object + user: +- description: 'Optional: User is the rados +- user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'user is optional: User is the ++ rados user name, default is admin More info: ++ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: +- description: 'Cinder represents a cinder volume ++ description: 'cinder represents a cinder volume + attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: +- description: 'Filesystem type to mount. Must +- be a filesystem type supported by the host +- operating system. Examples: "ext4", "xfs", +- "ntfs". Implicitly inferred to be "ext4" +- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' ++ description: 'fsType is the filesystem type ++ to mount. Must be a filesystem type supported ++ by the host operating system. Examples: ++ "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. More info: ++ https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: +- description: 'Optional: Defaults to false +- (read/write). ReadOnly here will force the +- ReadOnly setting in VolumeMounts. More info: +- https://examples.k8s.io/mysql-cinder-pd/README.md' ++ description: 'readOnly defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting ++ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: +- description: 'Optional: points to a secret +- object containing parameters used to connect +- to OpenStack.' ++ description: 'secretRef is optional: points ++ to a secret object containing parameters ++ used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More +@@ -11792,32 +12074,33 @@ spec: + type: string + type: object + volumeID: +- description: 'volume id used to identify the ++ description: 'volumeID used to identify the + volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: +- description: ConfigMap represents a configMap ++ description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: +- description: 'Optional: mode bits used to +- set permissions on created files by default. +- Must be an octal value between 0000 and +- 0777 or a decimal value between 0 and 511. +- YAML accepts both octal and decimal values, +- JSON requires decimal values for mode bits. +- Defaults to 0644. Directories within the +- path are not affected by this setting. This +- might be in conflict with other options +- that affect the file mode, like fsGroup, +- and the result can be other mode bits set.' ++ description: 'defaultMode is optional: mode ++ bits used to set permissions on created ++ files by default. Must be an octal value ++ between 0000 and 0777 or a decimal value ++ between 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires decimal ++ values for mode bits. Defaults to 0644. ++ Directories within the path are not affected ++ by this setting. This might be in conflict ++ with other options that affect the file ++ mode, like fsGroup, and the result can be ++ other mode bits set.' + format: int32 + type: integer + items: +- description: If unspecified, each key-value ++ description: items if unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content +@@ -11834,27 +12117,27 @@ spec: + within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used +- to set permissions on this file. Must +- be an octal value between 0000 and +- 0777 or a decimal value between 0 +- and 511. YAML accepts both octal and +- decimal values, JSON requires decimal +- values for mode bits. If not specified, +- the volume defaultMode will be used. +- This might be in conflict with other +- options that affect the file mode, +- like fsGroup, and the result can be +- other mode bits set.' ++ description: 'mode is Optional: mode ++ bits used to set permissions on this ++ file. Must be an octal value between ++ 0000 and 0777 or a decimal value between ++ 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires ++ decimal values for mode bits. If not ++ specified, the volume defaultMode ++ will be used. This might be in conflict ++ with other options that affect the ++ file mode, like fsGroup, and the result ++ can be other mode bits set.' + format: int32 + type: integer + path: +- description: The relative path of the +- file to map the key to. May not be +- an absolute path. May not contain ++ description: path is the relative path ++ of the file to map the key to. May ++ not be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string +@@ -11870,30 +12153,30 @@ spec: + kind, uid?' + type: string + optional: +- description: Specify whether the ConfigMap +- or its keys must be defined ++ description: optional specify whether the ++ ConfigMap or its keys must be defined + type: boolean + type: object + csi: +- description: CSI (Container Storage Interface) ++ description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: +- description: Driver is the name of the CSI ++ description: driver is the name of the CSI + driver that handles this volume. Consult + with your admin for the correct name as + registered in the cluster. + type: string + fsType: +- description: Filesystem type to mount. Ex. +- "ext4", "xfs", "ntfs". If not provided, +- the empty value is passed to the associated +- CSI driver which will determine the default +- filesystem to apply. ++ description: fsType to mount. Ex. "ext4", ++ "xfs", "ntfs". If not provided, the empty ++ value is passed to the associated CSI driver ++ which will determine the default filesystem ++ to apply. + type: string + nodePublishSecretRef: +- description: NodePublishSecretRef is a reference ++ description: nodePublishSecretRef is a reference + to the secret object containing sensitive + information to pass to the CSI driver to + complete the CSI NodePublishVolume and NodeUnpublishVolume +@@ -11910,13 +12193,14 @@ spec: + type: string + type: object + readOnly: +- description: Specifies a read-only configuration +- for the volume. Defaults to false (read/write). ++ description: readOnly specifies a read-only ++ configuration for the volume. Defaults to ++ false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string +- description: VolumeAttributes stores driver-specific ++ description: volumeAttributes stores driver-specific + properties that are passed to the CSI driver. + Consult your driver's documentation for + supported values. +@@ -11925,7 +12209,7 @@ spec: + - driver + type: object + downwardAPI: +- description: DownwardAPI represents downward API ++ description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: +@@ -12026,35 +12310,36 @@ spec: + type: array + type: object + emptyDir: +- description: 'EmptyDir represents a temporary ++ description: 'emptyDir represents a temporary + directory that shares a pod''s lifetime. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: +- description: 'What type of storage medium +- should back this directory. The default +- is "" which means to use the node''s default +- medium. Must be an empty string (default) +- or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' ++ description: 'medium represents what type ++ of storage medium should back this directory. ++ The default is "" which means to use the ++ node''s default medium. Must be an empty ++ string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string +- description: 'Total amount of local storage +- required for this EmptyDir volume. The size +- limit is also applicable for memory medium. +- The maximum usage on memory medium EmptyDir +- would be the minimum value between the SizeLimit +- specified here and the sum of memory limits +- of all containers in a pod. The default +- is nil which means that the limit is undefined. +- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' ++ description: 'sizeLimit is the total amount ++ of local storage required for this EmptyDir ++ volume. The size limit is also applicable ++ for memory medium. The maximum usage on ++ memory medium EmptyDir would be the minimum ++ value between the SizeLimit specified here ++ and the sum of memory limits of all containers ++ in a pod. The default is nil which means ++ that the limit is undefined. More info: ++ http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: +- description: "Ephemeral represents a volume that ++ description: "ephemeral represents a volume that + is handled by a cluster storage driver. The + volume's lifecycle is tied to the pod that defines + it - it will be created before the pod starts, +@@ -12076,9 +12361,7 @@ spec: + - see the documentation of the driver for more + information. \n A pod can use both types of + ephemeral volumes and persistent volumes at +- the same time. \n This is a beta feature and +- only available when the GenericEphemeralVolume +- feature gate is enabled." ++ the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone +@@ -12122,16 +12405,16 @@ spec: + are also valid here. + properties: + accessModes: +- description: 'AccessModes contains ++ description: 'accessModes contains + the desired access modes the volume + should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: +- description: 'This field can be used +- to specify either: * An existing +- VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) ++ description: 'dataSource field can ++ be used to specify either: * An ++ existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified +@@ -12165,12 +12448,12 @@ spec: + - name + type: object + dataSourceRef: +- description: 'Specifies the object +- from which to populate the volume +- with data, if a non-empty volume +- is desired. This may be any local +- object from a non-empty API group +- (non core object) or a PersistentVolumeClaim ++ description: 'dataSourceRef specifies ++ the object from which to populate ++ the volume with data, if a non-empty ++ volume is desired. This may be any ++ local object from a non-empty API ++ group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed + if the type of the specified object +@@ -12195,7 +12478,7 @@ spec: + values (dropping them), DataSourceRef preserves + all values, and generates an error + if a disallowed value is specified. +- (Alpha) Using this field requires ++ (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled.' + properties: +@@ -12221,9 +12504,15 @@ spec: + - name + type: object + resources: +- description: 'Resources represents ++ description: 'resources represents + the minimum resources the volume +- should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' ++ should have. If RecoverVolumeExpansionFailure ++ feature is enabled users are allowed ++ to specify resource requirements ++ that are lower than previous value ++ but must still be higher than capacity ++ recorded in the status field of ++ the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: +@@ -12255,8 +12544,8 @@ spec: + type: object + type: object + selector: +- description: A label query over volumes +- to consider for binding. ++ description: selector is a label query ++ over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions +@@ -12316,9 +12605,9 @@ spec: + type: object + type: object + storageClassName: +- description: 'Name of the StorageClass +- required by the claim. More info: +- https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' ++ description: 'storageClassName is ++ the name of the StorageClass required ++ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what +@@ -12327,7 +12616,7 @@ spec: + when not included in claim spec. + type: string + volumeName: +- description: VolumeName is the binding ++ description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string +@@ -12337,77 +12626,79 @@ spec: + type: object + type: object + fc: +- description: FC represents a Fibre Channel resource ++ description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: +- description: 'Filesystem type to mount. Must +- be a filesystem type supported by the host +- operating system. Ex. "ext4", "xfs", "ntfs". +- Implicitly inferred to be "ext4" if unspecified. +- TODO: how do we prevent errors in the filesystem +- from compromising the machine' ++ description: 'fsType is the filesystem type ++ to mount. Must be a filesystem type supported ++ by the host operating system. Ex. "ext4", ++ "xfs", "ntfs". Implicitly inferred to be ++ "ext4" if unspecified. TODO: how do we prevent ++ errors in the filesystem from compromising ++ the machine' + type: string + lun: +- description: 'Optional: FC target lun number' ++ description: 'lun is Optional: FC target lun ++ number' + format: int32 + type: integer + readOnly: +- description: 'Optional: Defaults to false +- (read/write). ReadOnly here will force the +- ReadOnly setting in VolumeMounts.' ++ description: 'readOnly is Optional: Defaults ++ to false (read/write). ReadOnly here will ++ force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: +- description: 'Optional: FC target worldwide +- names (WWNs)' ++ description: 'targetWWNs is Optional: FC target ++ worldwide names (WWNs)' + items: + type: string + type: array + wwids: +- description: 'Optional: FC volume world wide +- identifiers (wwids) Either wwids or combination +- of targetWWNs and lun must be set, but not +- both simultaneously.' ++ description: 'wwids Optional: FC volume world ++ wide identifiers (wwids) Either wwids or ++ combination of targetWWNs and lun must be ++ set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: +- description: FlexVolume represents a generic volume ++ description: flexVolume represents a generic volume + resource that is provisioned/attached using + an exec based plugin. + properties: + driver: +- description: Driver is the name of the driver ++ description: driver is the name of the driver + to use for this volume. + type: string + fsType: +- description: Filesystem type to mount. Must +- be a filesystem type supported by the host +- operating system. Ex. "ext4", "xfs", "ntfs". +- The default filesystem depends on FlexVolume +- script. ++ description: fsType is the filesystem type ++ to mount. Must be a filesystem type supported ++ by the host operating system. Ex. "ext4", ++ "xfs", "ntfs". The default filesystem depends ++ on FlexVolume script. + type: string + options: + additionalProperties: + type: string +- description: 'Optional: Extra command options +- if any.' ++ description: 'options is Optional: this field ++ holds extra command options if any.' + type: object + readOnly: +- description: 'Optional: Defaults to false +- (read/write). ReadOnly here will force the +- ReadOnly setting in VolumeMounts.' ++ description: 'readOnly is Optional: defaults ++ to false (read/write). ReadOnly here will ++ force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: +- description: 'Optional: SecretRef is reference +- to the secret object containing sensitive +- information to pass to the plugin scripts. +- This may be empty if no secret object is +- specified. If the secret object contains +- more than one secret, all secrets are passed +- to the plugin scripts.' ++ description: 'secretRef is Optional: secretRef ++ is reference to the secret object containing ++ sensitive information to pass to the plugin ++ scripts. This may be empty if no secret ++ object is specified. If the secret object ++ contains more than one secret, all secrets ++ are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More +@@ -12420,53 +12711,55 @@ spec: + - driver + type: object + flocker: +- description: Flocker represents a Flocker volume ++ description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: +- description: Name of the dataset stored as +- metadata -> name on the dataset for Flocker +- should be considered as deprecated ++ description: datasetName is Name of the dataset ++ stored as metadata -> name on the dataset ++ for Flocker should be considered as deprecated + type: string + datasetUUID: +- description: UUID of the dataset. This is +- unique identifier of a Flocker dataset ++ description: datasetUUID is the UUID of the ++ dataset. This is unique identifier of a ++ Flocker dataset + type: string + type: object + gcePersistentDisk: +- description: 'GCEPersistentDisk represents a GCE ++ description: 'gcePersistentDisk represents a GCE + Disk resource that is attached to a kubelet''s + host machine and then exposed to the pod. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: +- description: 'Filesystem type of the volume +- that you want to mount. Tip: Ensure that +- the filesystem type is supported by the +- host operating system. Examples: "ext4", +- "xfs", "ntfs". Implicitly inferred to be +- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk ++ description: 'fsType is filesystem type of ++ the volume that you want to mount. Tip: ++ Ensure that the filesystem type is supported ++ by the host operating system. Examples: ++ "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. More info: ++ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: +- description: 'The partition in the volume +- that you want to mount. If omitted, the +- default is to mount by volume name. Examples: +- For volume /dev/sda1, you specify the partition +- as "1". Similarly, the volume partition +- for /dev/sda is "0" (or you can leave the +- property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' ++ description: 'partition is the partition in ++ the volume that you want to mount. If omitted, ++ the default is to mount by volume name. ++ Examples: For volume /dev/sda1, you specify ++ the partition as "1". Similarly, the volume ++ partition for /dev/sda is "0" (or you can ++ leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: +- description: 'Unique name of the PD resource +- in GCE. Used to identify the disk in GCE. +- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' ++ description: 'pdName is unique name of the ++ PD resource in GCE. Used to identify the ++ disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: +- description: 'ReadOnly here will force the ++ description: 'readOnly here will force the + ReadOnly setting in VolumeMounts. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean +@@ -12474,7 +12767,7 @@ spec: + - pdName + type: object + gitRepo: +- description: 'GitRepo represents a git repository ++ description: 'gitRepo represents a git repository + at a particular revision. DEPRECATED: GitRepo + is deprecated. To provision a container with + a git repo, mount an EmptyDir into an InitContainer +@@ -12482,39 +12775,39 @@ spec: + EmptyDir into the Pod''s container.' + properties: + directory: +- description: Target directory name. Must not +- contain or start with '..'. If '.' is supplied, +- the volume directory will be the git repository. Otherwise, +- if specified, the volume will contain the +- git repository in the subdirectory with +- the given name. ++ description: directory is the target directory ++ name. Must not contain or start with '..'. If ++ '.' is supplied, the volume directory will ++ be the git repository. Otherwise, if specified, ++ the volume will contain the git repository ++ in the subdirectory with the given name. + type: string + repository: +- description: Repository URL ++ description: repository is the URL + type: string + revision: +- description: Commit hash for the specified +- revision. ++ description: revision is the commit hash for ++ the specified revision. + type: string + required: + - repository + type: object + glusterfs: +- description: 'Glusterfs represents a Glusterfs ++ description: 'glusterfs represents a Glusterfs + mount on the host that shares a pod''s lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: +- description: 'EndpointsName is the endpoint +- name that details Glusterfs topology. More +- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' ++ description: 'endpoints is the endpoint name ++ that details Glusterfs topology. More info: ++ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: +- description: 'Path is the Glusterfs volume ++ description: 'path is the Glusterfs volume + path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: +- description: 'ReadOnly here will force the ++ description: 'readOnly here will force the + Glusterfs volume to be mounted with read-only + permissions. Defaults to false. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' +@@ -12524,7 +12817,7 @@ spec: + - path + type: object + hostPath: +- description: 'HostPath represents a pre-existing ++ description: 'hostPath represents a pre-existing + file or directory on the host machine that is + directly exposed to the container. This is generally + used for system agents or other privileged things +@@ -12535,76 +12828,79 @@ spec: + mount host directories as read/write.' + properties: + path: +- description: 'Path of the directory on the ++ description: 'path of the directory on the + host. If the path is a symlink, it will + follow the link to the real path. More info: + https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: +- description: 'Type for HostPath Volume Defaults ++ description: 'type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: +- description: 'ISCSI represents an ISCSI Disk resource ++ description: 'iscsi represents an ISCSI Disk resource + that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: +- description: whether support iSCSI Discovery +- CHAP authentication ++ description: chapAuthDiscovery defines whether ++ support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: +- description: whether support iSCSI Session +- CHAP authentication ++ description: chapAuthSession defines whether ++ support iSCSI Session CHAP authentication + type: boolean + fsType: +- description: 'Filesystem type of the volume +- that you want to mount. Tip: Ensure that +- the filesystem type is supported by the +- host operating system. Examples: "ext4", +- "xfs", "ntfs". Implicitly inferred to be +- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi ++ description: 'fsType is the filesystem type ++ of the volume that you want to mount. Tip: ++ Ensure that the filesystem type is supported ++ by the host operating system. Examples: ++ "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. More info: ++ https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + initiatorName: +- description: Custom iSCSI Initiator Name. +- If initiatorName is specified with iscsiInterface +- simultaneously, new iSCSI interface : will be created for +- the connection. ++ description: initiatorName is the custom iSCSI ++ Initiator Name. If initiatorName is specified ++ with iscsiInterface simultaneously, new ++ iSCSI interface : will be created for the connection. + type: string + iqn: +- description: Target iSCSI Qualified Name. ++ description: iqn is the target iSCSI Qualified ++ Name. + type: string + iscsiInterface: +- description: iSCSI Interface Name that uses +- an iSCSI transport. Defaults to 'default' +- (tcp). ++ description: iscsiInterface is the interface ++ Name that uses an iSCSI transport. Defaults ++ to 'default' (tcp). + type: string + lun: +- description: iSCSI Target Lun number. ++ description: lun represents iSCSI Target Lun ++ number. + format: int32 + type: integer + portals: +- description: iSCSI Target Portal List. The +- portal is either an IP or ip_addr:port if +- the port is other than default (typically ++ description: portals is the iSCSI Target Portal ++ List. The portal is either an IP or ip_addr:port ++ if the port is other than default (typically + TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: +- description: ReadOnly here will force the ++ description: readOnly here will force the + ReadOnly setting in VolumeMounts. Defaults + to false. + type: boolean + secretRef: +- description: CHAP Secret for iSCSI target +- and initiator authentication ++ description: secretRef is the CHAP Secret ++ for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More +@@ -12614,10 +12910,10 @@ spec: + type: string + type: object + targetPortal: +- description: iSCSI Target Portal. The Portal +- is either an IP or ip_addr:port if the port +- is other than default (typically TCP ports +- 860 and 3260). ++ description: targetPortal is iSCSI Target ++ Portal. The Portal is either an IP or ip_addr:port ++ if the port is other than default (typically ++ TCP ports 860 and 3260). + type: string + required: + - iqn +@@ -12625,26 +12921,26 @@ spec: + - targetPortal + type: object + name: +- description: 'Volume''s name. Must be a DNS_LABEL ++ description: 'name of the volume. Must be a DNS_LABEL + and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: +- description: 'NFS represents an NFS mount on the ++ description: 'nfs represents an NFS mount on the + host that shares a pod''s lifetime More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: +- description: 'Path that is exported by the ++ description: 'path that is exported by the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: +- description: 'ReadOnly here will force the ++ description: 'readOnly here will force the + NFS export to be mounted with read-only + permissions. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: +- description: 'Server is the hostname or IP ++ description: 'server is the hostname or IP + address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: +@@ -12652,99 +12948,101 @@ spec: + - server + type: object + persistentVolumeClaim: +- description: 'PersistentVolumeClaimVolumeSource ++ description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: +- description: 'ClaimName is the name of a PersistentVolumeClaim ++ description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this + volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: +- description: Will force the ReadOnly setting +- in VolumeMounts. Default false. ++ description: readOnly Will force the ReadOnly ++ setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: +- description: PhotonPersistentDisk represents a ++ description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: +- description: Filesystem type to mount. Must +- be a filesystem type supported by the host +- operating system. Ex. "ext4", "xfs", "ntfs". +- Implicitly inferred to be "ext4" if unspecified. ++ description: fsType is the filesystem type ++ to mount. Must be a filesystem type supported ++ by the host operating system. Ex. "ext4", ++ "xfs", "ntfs". Implicitly inferred to be ++ "ext4" if unspecified. + type: string + pdID: +- description: ID that identifies Photon Controller +- persistent disk ++ description: pdID is the ID that identifies ++ Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: +- description: PortworxVolume represents a portworx ++ description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: +- description: FSType represents the filesystem ++ description: fSType represents the filesystem + type to mount Must be a filesystem type + supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to + be "ext4" if unspecified. + type: string + readOnly: +- description: Defaults to false (read/write). ++ description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: +- description: VolumeID uniquely identifies ++ description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: +- description: Items for all in one resources secrets, +- configmaps, and downward API ++ description: projected items for all in one resources ++ secrets, configmaps, and downward API + properties: + defaultMode: +- description: Mode bits used to set permissions +- on created files by default. Must be an +- octal value between 0000 and 0777 or a decimal +- value between 0 and 511. YAML accepts both +- octal and decimal values, JSON requires +- decimal values for mode bits. Directories +- within the path are not affected by this +- setting. This might be in conflict with +- other options that affect the file mode, +- like fsGroup, and the result can be other +- mode bits set. ++ description: defaultMode are the mode bits ++ used to set permissions on created files ++ by default. Must be an octal value between ++ 0000 and 0777 or a decimal value between ++ 0 and 511. YAML accepts both octal and decimal ++ values, JSON requires decimal values for ++ mode bits. Directories within the path are ++ not affected by this setting. This might ++ be in conflict with other options that affect ++ the file mode, like fsGroup, and the result ++ can be other mode bits set. + format: int32 + type: integer + sources: +- description: list of volume projections ++ description: sources is the list of volume ++ projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: +- description: information about the configMap +- data to project ++ description: configMap information about ++ the configMap data to project + properties: + items: +- description: If unspecified, each +- key-value pair in the Data field +- of the referenced ConfigMap will +- be projected into the volume as +- a file whose name is the key and +- content is the value. If specified, ++ description: items if unspecified, ++ each key-value pair in the Data ++ field of the referenced ConfigMap ++ will be projected into the volume ++ as a file whose name is the key ++ and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. +@@ -12759,11 +13057,12 @@ spec: + to a path within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key ++ to project. + type: string + mode: +- description: 'Optional: mode +- bits used to set permissions ++ description: 'mode is Optional: ++ mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value +@@ -12781,7 +13080,7 @@ spec: + format: int32 + type: integer + path: +- description: The relative ++ description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain +@@ -12801,14 +13100,14 @@ spec: + apiVersion, kind, uid?' + type: string + optional: +- description: Specify whether the +- ConfigMap or its keys must be +- defined ++ description: optional specify whether ++ the ConfigMap or its keys must ++ be defined + type: boolean + type: object + downwardAPI: +- description: information about the downwardAPI +- data to project ++ description: downwardAPI information ++ about the downwardAPI data to project + properties: + items: + description: Items is a list of +@@ -12905,16 +13204,16 @@ spec: + type: array + type: object + secret: +- description: information about the secret +- data to project ++ description: secret information about ++ the secret data to project + properties: + items: +- description: If unspecified, each +- key-value pair in the Data field +- of the referenced Secret will +- be projected into the volume as +- a file whose name is the key and +- content is the value. If specified, ++ description: items if unspecified, ++ each key-value pair in the Data ++ field of the referenced Secret ++ will be projected into the volume ++ as a file whose name is the key ++ and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. +@@ -12929,11 +13228,12 @@ spec: + to a path within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key ++ to project. + type: string + mode: +- description: 'Optional: mode +- bits used to set permissions ++ description: 'mode is Optional: ++ mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value +@@ -12951,7 +13251,7 @@ spec: + format: int32 + type: integer + path: +- description: The relative ++ description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain +@@ -12971,16 +13271,18 @@ spec: + apiVersion, kind, uid?' + type: string + optional: +- description: Specify whether the +- Secret or its key must be defined ++ description: optional field specify ++ whether the Secret or its key ++ must be defined + type: boolean + type: object + serviceAccountToken: +- description: information about the serviceAccountToken ++ description: serviceAccountToken is ++ information about the serviceAccountToken + data to project + properties: + audience: +- description: Audience is the intended ++ description: audience is the intended + audience of the token. A recipient + of a token must identify itself + with an identifier specified in +@@ -12990,7 +13292,7 @@ spec: + of the apiserver. + type: string + expirationSeconds: +- description: ExpirationSeconds is ++ description: expirationSeconds is + the requested duration of validity + of the service account token. + As the token approaches expiration, +@@ -13006,7 +13308,7 @@ spec: + format: int64 + type: integer + path: +- description: Path is the path relative ++ description: path is the path relative + to the mount point of the file + to project the token into. + type: string +@@ -13017,37 +13319,37 @@ spec: + type: array + type: object + quobyte: +- description: Quobyte represents a Quobyte mount ++ description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: +- description: Group to map volume access to ++ description: group to map volume access to + Default is no group + type: string + readOnly: +- description: ReadOnly here will force the ++ description: readOnly here will force the + Quobyte volume to be mounted with read-only + permissions. Defaults to false. + type: boolean + registry: +- description: Registry represents a single ++ description: registry represents a single + or multiple Quobyte Registry services specified + as a string as host:port pair (multiple + entries are separated with commas) which + acts as the central registry for volumes + type: string + tenant: +- description: Tenant owning the given Quobyte ++ description: tenant owning the given Quobyte + volume in the Backend Used with dynamically + provisioned Quobyte volumes, value is set + by the plugin + type: string + user: +- description: User to map volume access to ++ description: user to map volume access to + Defaults to serivceaccount user + type: string + volume: +- description: Volume is a string that references ++ description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: +@@ -13055,46 +13357,47 @@ spec: + - volume + type: object + rbd: +- description: 'RBD represents a Rados Block Device ++ description: 'rbd represents a Rados Block Device + mount on the host that shares a pod''s lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: +- description: 'Filesystem type of the volume +- that you want to mount. Tip: Ensure that +- the filesystem type is supported by the +- host operating system. Examples: "ext4", +- "xfs", "ntfs". Implicitly inferred to be +- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd ++ description: 'fsType is the filesystem type ++ of the volume that you want to mount. Tip: ++ Ensure that the filesystem type is supported ++ by the host operating system. Examples: ++ "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. More info: ++ https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + image: +- description: 'The rados image name. More info: +- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'image is the rados image name. ++ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: +- description: 'Keyring is the path to key ring ++ description: 'keyring is the path to key ring + for RBDUser. Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: +- description: 'A collection of Ceph monitors. +- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'monitors is a collection of ++ Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: +- description: 'The rados pool name. Default +- is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'pool is the rados pool name. ++ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: +- description: 'ReadOnly here will force the ++ description: 'readOnly here will force the + ReadOnly setting in VolumeMounts. Defaults + to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: +- description: 'SecretRef is name of the authentication ++ description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides + keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: +@@ -13106,38 +13409,39 @@ spec: + type: string + type: object + user: +- description: 'The rados user name. Default +- is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'user is the rados user name. ++ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: +- description: ScaleIO represents a ScaleIO persistent ++ description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: +- description: Filesystem type to mount. Must +- be a filesystem type supported by the host +- operating system. Ex. "ext4", "xfs", "ntfs". +- Default is "xfs". ++ description: fsType is the filesystem type ++ to mount. Must be a filesystem type supported ++ by the host operating system. Ex. "ext4", ++ "xfs", "ntfs". Default is "xfs". + type: string + gateway: +- description: The host address of the ScaleIO +- API Gateway. ++ description: gateway is the host address of ++ the ScaleIO API Gateway. + type: string + protectionDomain: +- description: The name of the ScaleIO Protection +- Domain for the configured storage. ++ description: protectionDomain is the name ++ of the ScaleIO Protection Domain for the ++ configured storage. + type: string + readOnly: +- description: Defaults to false (read/write). ++ description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: +- description: SecretRef references to the secret ++ description: secretRef references to the secret + for ScaleIO user and other sensitive information. + If this is not provided, Login operation + will fail. +@@ -13150,26 +13454,27 @@ spec: + type: string + type: object + sslEnabled: +- description: Flag to enable/disable SSL communication +- with Gateway, default false ++ description: sslEnabled Flag enable/disable ++ SSL communication with Gateway, default ++ false + type: boolean + storageMode: +- description: Indicates whether the storage +- for a volume should be ThickProvisioned ++ description: storageMode indicates whether ++ the storage for a volume should be ThickProvisioned + or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: +- description: The ScaleIO Storage Pool associated +- with the protection domain. ++ description: storagePool is the ScaleIO Storage ++ Pool associated with the protection domain. + type: string + system: +- description: The name of the storage system +- as configured in ScaleIO. ++ description: system is the name of the storage ++ system as configured in ScaleIO. + type: string + volumeName: +- description: The name of a volume already +- created in the ScaleIO system that is associated +- with this volume source. ++ description: volumeName is the name of a volume ++ already created in the ScaleIO system that ++ is associated with this volume source. + type: string + required: + - gateway +@@ -13177,25 +13482,26 @@ spec: + - system + type: object + secret: +- description: 'Secret represents a secret that ++ description: 'secret represents a secret that + should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: +- description: 'Optional: mode bits used to +- set permissions on created files by default. +- Must be an octal value between 0000 and +- 0777 or a decimal value between 0 and 511. +- YAML accepts both octal and decimal values, +- JSON requires decimal values for mode bits. +- Defaults to 0644. Directories within the +- path are not affected by this setting. This +- might be in conflict with other options +- that affect the file mode, like fsGroup, +- and the result can be other mode bits set.' ++ description: 'defaultMode is Optional: mode ++ bits used to set permissions on created ++ files by default. Must be an octal value ++ between 0000 and 0777 or a decimal value ++ between 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires decimal ++ values for mode bits. Defaults to 0644. ++ Directories within the path are not affected ++ by this setting. This might be in conflict ++ with other options that affect the file ++ mode, like fsGroup, and the result can be ++ other mode bits set.' + format: int32 + type: integer + items: +- description: If unspecified, each key-value ++ description: items If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content +@@ -13212,27 +13518,27 @@ spec: + within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used +- to set permissions on this file. Must +- be an octal value between 0000 and +- 0777 or a decimal value between 0 +- and 511. YAML accepts both octal and +- decimal values, JSON requires decimal +- values for mode bits. If not specified, +- the volume defaultMode will be used. +- This might be in conflict with other +- options that affect the file mode, +- like fsGroup, and the result can be +- other mode bits set.' ++ description: 'mode is Optional: mode ++ bits used to set permissions on this ++ file. Must be an octal value between ++ 0000 and 0777 or a decimal value between ++ 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires ++ decimal values for mode bits. If not ++ specified, the volume defaultMode ++ will be used. This might be in conflict ++ with other options that affect the ++ file mode, like fsGroup, and the result ++ can be other mode bits set.' + format: int32 + type: integer + path: +- description: The relative path of the +- file to map the key to. May not be +- an absolute path. May not contain ++ description: path is the relative path ++ of the file to map the key to. May ++ not be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string +@@ -13242,31 +13548,33 @@ spec: + type: object + type: array + optional: +- description: Specify whether the Secret or +- its keys must be defined ++ description: optional field specify whether ++ the Secret or its keys must be defined + type: boolean + secretName: +- description: 'Name of the secret in the pod''s +- namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' ++ description: 'secretName is the name of the ++ secret in the pod''s namespace to use. More ++ info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: +- description: StorageOS represents a StorageOS ++ description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: +- description: Filesystem type to mount. Must +- be a filesystem type supported by the host +- operating system. Ex. "ext4", "xfs", "ntfs". +- Implicitly inferred to be "ext4" if unspecified. ++ description: fsType is the filesystem type ++ to mount. Must be a filesystem type supported ++ by the host operating system. Ex. "ext4", ++ "xfs", "ntfs". Implicitly inferred to be ++ "ext4" if unspecified. + type: string + readOnly: +- description: Defaults to false (read/write). ++ description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: +- description: SecretRef specifies the secret ++ description: secretRef specifies the secret + to use for obtaining the StorageOS API credentials. If + not specified, default values will be attempted. + properties: +@@ -13278,12 +13586,12 @@ spec: + type: string + type: object + volumeName: +- description: VolumeName is the human-readable ++ description: volumeName is the human-readable + name of the StorageOS volume. Volume names + are only unique within a namespace. + type: string + volumeNamespace: +- description: VolumeNamespace specifies the ++ description: volumeNamespace specifies the + scope of the volume within StorageOS. If + no namespace is specified then the Pod's + namespace will be used. This allows the +@@ -13296,27 +13604,29 @@ spec: + type: string + type: object + vsphereVolume: +- description: VsphereVolume represents a vSphere ++ description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: +- description: Filesystem type to mount. Must +- be a filesystem type supported by the host +- operating system. Ex. "ext4", "xfs", "ntfs". +- Implicitly inferred to be "ext4" if unspecified. ++ description: fsType is filesystem type to ++ mount. Must be a filesystem type supported ++ by the host operating system. Ex. "ext4", ++ "xfs", "ntfs". Implicitly inferred to be ++ "ext4" if unspecified. + type: string + storagePolicyID: +- description: Storage Policy Based Management +- (SPBM) profile ID associated with the StoragePolicyName. ++ description: storagePolicyID is the storage ++ Policy Based Management (SPBM) profile ID ++ associated with the StoragePolicyName. + type: string + storagePolicyName: +- description: Storage Policy Based Management +- (SPBM) profile name. ++ description: storagePolicyName is the storage ++ Policy Based Management (SPBM) profile name. + type: string + volumePath: +- description: Path that identifies vSphere +- volume vmdk ++ description: volumePath is the path that identifies ++ vSphere volume vmdk + type: string + required: + - volumePath +@@ -13349,26 +13659,27 @@ spec: + populate this workspace. + properties: + defaultMode: +- description: 'Optional: mode bits used to set permissions +- on created files by default. Must be an octal value +- between 0000 and 0777 or a decimal value between 0 +- and 511. YAML accepts both octal and decimal values, +- JSON requires decimal values for mode bits. Defaults +- to 0644. Directories within the path are not affected +- by this setting. This might be in conflict with other +- options that affect the file mode, like fsGroup, and +- the result can be other mode bits set.' ++ description: 'defaultMode is optional: mode bits used ++ to set permissions on created files by default. Must ++ be an octal value between 0000 and 0777 or a decimal ++ value between 0 and 511. YAML accepts both octal and ++ decimal values, JSON requires decimal values for mode ++ bits. Defaults to 0644. Directories within the path ++ are not affected by this setting. This might be in ++ conflict with other options that affect the file mode, ++ like fsGroup, and the result can be other mode bits ++ set.' + format: int32 + type: integer + items: +- description: If unspecified, each key-value pair in +- the Data field of the referenced ConfigMap will be +- projected into the volume as a file whose name is +- the key and content is the value. If specified, the +- listed keys will be projected into the specified paths, +- and unlisted keys will not be present. If a key is +- specified which is not present in the ConfigMap, the +- volume setup will error unless it is marked optional. ++ description: items if unspecified, each key-value pair ++ in the Data field of the referenced ConfigMap will ++ be projected into the volume as a file whose name ++ is the key and content is the value. If specified, ++ the listed keys will be projected into the specified ++ paths, and unlisted keys will not be present. If a ++ key is specified which is not present in the ConfigMap, ++ the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: +@@ -13376,26 +13687,26 @@ spec: + volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used to set +- permissions on this file. Must be an octal value +- between 0000 and 0777 or a decimal value between +- 0 and 511. YAML accepts both octal and decimal +- values, JSON requires decimal values for mode +- bits. If not specified, the volume defaultMode +- will be used. This might be in conflict with +- other options that affect the file mode, like +- fsGroup, and the result can be other mode bits +- set.' ++ description: 'mode is Optional: mode bits used ++ to set permissions on this file. Must be an ++ octal value between 0000 and 0777 or a decimal ++ value between 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires decimal values ++ for mode bits. If not specified, the volume ++ defaultMode will be used. This might be in conflict ++ with other options that affect the file mode, ++ like fsGroup, and the result can be other mode ++ bits set.' + format: int32 + type: integer + path: +- description: The relative path of the file to +- map the key to. May not be an absolute path. +- May not contain the path element '..'. May not +- start with the string '..'. ++ description: path is the relative path of the ++ file to map the key to. May not be an absolute ++ path. May not contain the path element '..'. ++ May not start with the string '..'. + type: string + required: + - key +@@ -13407,8 +13718,8 @@ spec: + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: +- description: Specify whether the ConfigMap or its keys +- must be defined ++ description: optional specify whether the ConfigMap ++ or its keys must be defined + type: boolean + type: object + emptyDir: +@@ -13417,22 +13728,24 @@ spec: + Either this OR PersistentVolumeClaim can be used.' + properties: + medium: +- description: 'What type of storage medium should back +- this directory. The default is "" which means to use +- the node''s default medium. Must be an empty string +- (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' ++ description: 'medium represents what type of storage ++ medium should back this directory. The default is ++ "" which means to use the node''s default medium. ++ Must be an empty string (default) or Memory. More ++ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string +- description: 'Total amount of local storage required +- for this EmptyDir volume. The size limit is also applicable +- for memory medium. The maximum usage on memory medium +- EmptyDir would be the minimum value between the SizeLimit +- specified here and the sum of memory limits of all +- containers in a pod. The default is nil which means +- that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' ++ description: 'sizeLimit is the total amount of local ++ storage required for this EmptyDir volume. The size ++ limit is also applicable for memory medium. The maximum ++ usage on memory medium EmptyDir would be the minimum ++ value between the SizeLimit specified here and the ++ sum of memory limits of all containers in a pod. The ++ default is nil which means that the limit is undefined. ++ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object +@@ -13446,13 +13759,13 @@ spec: + Either this OR EmptyDir can be used. + properties: + claimName: +- description: 'ClaimName is the name of a PersistentVolumeClaim ++ description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: +- description: Will force the ReadOnly setting in VolumeMounts. +- Default false. ++ description: readOnly Will force the ReadOnly setting ++ in VolumeMounts. Default false. + type: boolean + required: + - claimName +@@ -13462,53 +13775,54 @@ spec: + this workspace. + properties: + defaultMode: +- description: 'Optional: mode bits used to set permissions +- on created files by default. Must be an octal value +- between 0000 and 0777 or a decimal value between 0 +- and 511. YAML accepts both octal and decimal values, +- JSON requires decimal values for mode bits. Defaults +- to 0644. Directories within the path are not affected +- by this setting. This might be in conflict with other +- options that affect the file mode, like fsGroup, and +- the result can be other mode bits set.' ++ description: 'defaultMode is Optional: mode bits used ++ to set permissions on created files by default. Must ++ be an octal value between 0000 and 0777 or a decimal ++ value between 0 and 511. YAML accepts both octal and ++ decimal values, JSON requires decimal values for mode ++ bits. Defaults to 0644. Directories within the path ++ are not affected by this setting. This might be in ++ conflict with other options that affect the file mode, ++ like fsGroup, and the result can be other mode bits ++ set.' + format: int32 + type: integer + items: +- description: If unspecified, each key-value pair in +- the Data field of the referenced Secret will be projected +- into the volume as a file whose name is the key and +- content is the value. If specified, the listed keys +- will be projected into the specified paths, and unlisted +- keys will not be present. If a key is specified which +- is not present in the Secret, the volume setup will +- error unless it is marked optional. Paths must be +- relative and may not contain the '..' path or start +- with '..'. ++ description: items If unspecified, each key-value pair ++ in the Data field of the referenced Secret will be ++ projected into the volume as a file whose name is ++ the key and content is the value. If specified, the ++ listed keys will be projected into the specified paths, ++ and unlisted keys will not be present. If a key is ++ specified which is not present in the Secret, the ++ volume setup will error unless it is marked optional. ++ Paths must be relative and may not contain the '..' ++ path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used to set +- permissions on this file. Must be an octal value +- between 0000 and 0777 or a decimal value between +- 0 and 511. YAML accepts both octal and decimal +- values, JSON requires decimal values for mode +- bits. If not specified, the volume defaultMode +- will be used. This might be in conflict with +- other options that affect the file mode, like +- fsGroup, and the result can be other mode bits +- set.' ++ description: 'mode is Optional: mode bits used ++ to set permissions on this file. Must be an ++ octal value between 0000 and 0777 or a decimal ++ value between 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires decimal values ++ for mode bits. If not specified, the volume ++ defaultMode will be used. This might be in conflict ++ with other options that affect the file mode, ++ like fsGroup, and the result can be other mode ++ bits set.' + format: int32 + type: integer + path: +- description: The relative path of the file to +- map the key to. May not be an absolute path. +- May not contain the path element '..'. May not +- start with the string '..'. ++ description: path is the relative path of the ++ file to map the key to. May not be an absolute ++ path. May not contain the path element '..'. ++ May not start with the string '..'. + type: string + required: + - key +@@ -13516,12 +13830,12 @@ spec: + type: object + type: array + optional: +- description: Specify whether the Secret or its keys +- must be defined ++ description: optional field specify whether the Secret ++ or its keys must be defined + type: boolean + secretName: +- description: 'Name of the secret in the pod''s namespace +- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' ++ description: 'secretName is the name of the secret in ++ the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + subPath: +@@ -13553,18 +13867,18 @@ spec: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: +- description: 'Spec defines the desired characteristics ++ description: 'spec defines the desired characteristics + of a volume requested by a pod author. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: +- description: 'AccessModes contains the desired access ++ description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: +- description: 'This field can be used to specify ++ description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support +@@ -13594,14 +13908,14 @@ spec: + - name + type: object + dataSourceRef: +- description: 'Specifies the object from which to +- populate the volume with data, if a non-empty +- volume is desired. This may be any local object +- from a non-empty API group (non core object) or +- a PersistentVolumeClaim object. When this field +- is specified, volume binding will only succeed +- if the type of the specified object matches some +- installed volume populator or dynamic provisioner. ++ description: 'dataSourceRef specifies the object ++ from which to populate the volume with data, if ++ a non-empty volume is desired. This may be any ++ local object from a non-empty API group (non core ++ object) or a PersistentVolumeClaim object. When ++ this field is specified, volume binding will only ++ succeed if the type of the specified object matches ++ some installed volume populator or dynamic provisioner. + This field will replace the functionality of the + DataSource field and as such if both fields are + non-empty, they must have the same value. For +@@ -13616,7 +13930,7 @@ spec: + DataSource ignores disallowed values (dropping + them), DataSourceRef preserves all values, and + generates an error if a disallowed value is specified. +- (Alpha) Using this field requires the AnyVolumeDataSource ++ (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: +@@ -13639,8 +13953,12 @@ spec: + - name + type: object + resources: +- description: 'Resources represents the minimum resources +- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' ++ description: 'resources represents the minimum resources ++ the volume should have. If RecoverVolumeExpansionFailure ++ feature is enabled users are allowed to specify ++ resource requirements that are lower than previous ++ value but must still be higher than capacity recorded ++ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: +@@ -13668,8 +13986,8 @@ spec: + type: object + type: object + selector: +- description: A label query over volumes to consider +- for binding. ++ description: selector is a label query over volumes ++ to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label +@@ -13719,8 +14037,9 @@ spec: + type: object + type: object + storageClassName: +- description: 'Name of the StorageClass required +- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' ++ description: 'storageClassName is the name of the ++ StorageClass required by the claim. More info: ++ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume +@@ -13728,22 +14047,44 @@ spec: + is implied when not included in claim spec. + type: string + volumeName: +- description: VolumeName is the binding reference ++ description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: +- description: 'Status represents the current information/status ++ description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: +- description: 'AccessModes contains the actual access ++ description: 'accessModes contains the actual access + modes the volume backing the PVC has. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array ++ allocatedResources: ++ additionalProperties: ++ anyOf: ++ - type: integer ++ - type: string ++ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ ++ x-kubernetes-int-or-string: true ++ description: allocatedResources is the storage resource ++ within AllocatedResources tracks the capacity ++ allocated to a PVC. It may be larger than the ++ actual capacity when a volume expansion operation ++ is requested. For storage quota, the larger value ++ from allocatedResources and PVC.spec.resources ++ is used. If allocatedResources is not set, PVC.spec.resources ++ alone is used for quota calculation. If a volume ++ expansion capacity request is lowered, allocatedResources ++ is only lowered if there are no expansion operations ++ in progress and if the actual volume capacity ++ is equal or lower than the requested capacity. ++ This is an alpha field and requires enabling RecoverVolumeExpansionFailure ++ feature. ++ type: object + capacity: + additionalProperties: + anyOf: +@@ -13751,37 +14092,40 @@ spec: + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true +- description: Represents the actual resources of +- the underlying volume. ++ description: capacity represents the actual resources ++ of the underlying volume. + type: object + conditions: +- description: Current Condition of persistent volume +- claim. If underlying persistent volume is being +- resized then the Condition will be set to 'ResizeStarted'. ++ description: conditions is the current Condition ++ of persistent volume claim. If underlying persistent ++ volume is being resized then the Condition will ++ be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails + details about state of pvc + properties: + lastProbeTime: +- description: Last time we probed the condition. ++ description: lastProbeTime is the time we ++ probed the condition. + format: date-time + type: string + lastTransitionTime: +- description: Last time the condition transitioned +- from one status to another. ++ description: lastTransitionTime is the time ++ the condition transitioned from one status ++ to another. + format: date-time + type: string + message: +- description: Human-readable message indicating +- details about last transition. ++ description: message is the human-readable ++ message indicating details about last transition. + type: string + reason: +- description: Unique, this should be a short, +- machine understandable string that gives +- the reason for condition's last transition. +- If it reports "ResizeStarted" that means +- the underlying persistent volume is being +- resized. ++ description: reason is a unique, this should ++ be a short, machine understandable string ++ that gives the reason for condition's last ++ transition. If it reports "ResizeStarted" ++ that means the underlying persistent volume ++ is being resized. + type: string + status: + type: string +@@ -13795,9 +14139,17 @@ spec: + type: object + type: array + phase: +- description: Phase represents the current phase ++ description: phase represents the current phase + of PersistentVolumeClaim. + type: string ++ resizeStatus: ++ description: resizeStatus stores status of resize ++ operation. ResizeStatus is not set by default ++ but when expansion is complete resizeStatus is ++ set to empty string by resize controller or kubelet. ++ This is an alpha field and requires enabling RecoverVolumeExpansionFailure ++ feature. ++ type: string + type: object + type: object + required: +@@ -14118,9 +14470,7 @@ spec: + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty +- selector ({}) matches all namespaces. This +- field is beta-level and is only honored when +- PodAffinityNamespaceSelector feature is enabled. ++ selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list +@@ -14177,7 +14527,7 @@ spec: + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this +- pod's namespace" ++ pod's namespace". + items: + type: string + type: array +@@ -14281,9 +14631,7 @@ spec: + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector +- ({}) matches all namespaces. This field is beta-level +- and is only honored when PodAffinityNamespaceSelector +- feature is enabled. ++ ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label +@@ -14338,7 +14686,7 @@ spec: + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list +- and null namespaceSelector means "this pod's namespace" ++ and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array +@@ -14442,9 +14790,7 @@ spec: + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty +- selector ({}) matches all namespaces. This +- field is beta-level and is only honored when +- PodAffinityNamespaceSelector feature is enabled. ++ selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list +@@ -14501,7 +14847,7 @@ spec: + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this +- pod's namespace" ++ pod's namespace". + items: + type: string + type: array +@@ -14605,9 +14951,7 @@ spec: + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector +- ({}) matches all namespaces. This field is beta-level +- and is only honored when PodAffinityNamespaceSelector +- feature is enabled. ++ ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label +@@ -14662,7 +15006,7 @@ spec: + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list +- and null namespaceSelector means "this pod's namespace" ++ and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array +@@ -14694,11 +15038,11 @@ spec: + run within a pod. + properties: + args: +- description: 'Arguments to the entrypoint. The docker image''s +- CMD is used if this is not provided. Variable references +- $(VAR_NAME) are expanded using the container''s environment. +- If a variable cannot be resolved, the reference in the +- input string will be unchanged. Double $$ are reduced ++ description: 'Arguments to the entrypoint. The container ++ image''s CMD is used if this is not provided. Variable ++ references $(VAR_NAME) are expanded using the container''s ++ environment. If a variable cannot be resolved, the reference ++ in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never be expanded, +@@ -14709,7 +15053,7 @@ spec: + type: array + command: + description: 'Entrypoint array. Not executed within a shell. +- The docker image''s ENTRYPOINT is used if this is not ++ The container image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be +@@ -14885,7 +15229,7 @@ spec: + type: object + type: array + image: +- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images ++ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' +@@ -14907,8 +15251,7 @@ spec: + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to +@@ -14970,9 +15313,11 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle hook' ++ description: Deprecated. TCPSocket is NOT supported ++ as a LifecycleHandler and kept for the backward ++ compatibility. There are no validation of this ++ field and lifecycle hooks will fail in runtime ++ when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect +@@ -14995,19 +15340,17 @@ spec: + container is terminated due to an API request or management + event such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called +- if the container crashes or exits. The reason for +- termination is passed to the handler. The Pod''s termination +- grace period countdown begins before the PreStop hooked ++ if the container crashes or exits. The Pod''s termination ++ grace period countdown begins before the PreStop hook + is executed. Regardless of the outcome of the handler, + the container will eventually terminate within the +- Pod''s termination grace period. Other management +- of the container blocks until the hook completes or +- until the termination grace period is reached. More +- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' ++ Pod''s termination grace period (unless delayed by ++ finalizers). Other management of the container blocks ++ until the hook completes or until the termination ++ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to +@@ -15069,9 +15412,11 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle hook' ++ description: Deprecated. TCPSocket is NOT supported ++ as a LifecycleHandler and kept for the backward ++ compatibility. There are no validation of this ++ field and lifecycle hooks will fail in runtime ++ when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect +@@ -15096,8 +15441,7 @@ spec: + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute +@@ -15119,6 +15463,25 @@ spec: + to 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving a GRPC ++ port. This is a beta field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC service. Number ++ must be in the range 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of the service ++ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default behavior ++ is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: +@@ -15182,9 +15545,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: TCPSocket specifies an action involving ++ a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, +@@ -15287,8 +15649,7 @@ spec: + probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute +@@ -15310,6 +15671,25 @@ spec: + to 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving a GRPC ++ port. This is a beta field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC service. Number ++ must be in the range 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of the service ++ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default behavior ++ is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: +@@ -15373,9 +15753,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: TCPSocket specifies an action involving ++ a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, +@@ -15457,12 +15836,14 @@ spec: + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged +- 2) has CAP_SYS_ADMIN' ++ 2) has CAP_SYS_ADMIN Note that this field cannot be ++ set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities +- granted by the container runtime. ++ granted by the container runtime. Note that this field ++ cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities +@@ -15482,25 +15863,29 @@ spec: + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent +- to root on the host. Defaults to false. ++ to root on the host. Defaults to false. Note that ++ this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType +- feature flag to be enabled. ++ feature flag to be enabled. Note that this field cannot ++ be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only +- root filesystem. Default is false. ++ root filesystem. Default is false. Note that this ++ field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field cannot be set ++ when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: +@@ -15519,6 +15904,8 @@ spec: + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. ++ Note that this field cannot be set when spec.os.name ++ is windows. + format: int64 + type: integer + seLinuxOptions: +@@ -15527,7 +15914,9 @@ spec: + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value +- specified in SecurityContext takes precedence. ++ specified in SecurityContext takes precedence. Note ++ that this field cannot be set when spec.os.name is ++ windows. + properties: + level: + description: Level is SELinux level label that applies +@@ -15550,7 +15939,8 @@ spec: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & + container level, the container options override the +- pod options. ++ pod options. Note that this field cannot be set when ++ spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile +@@ -15576,7 +15966,8 @@ spec: + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field cannot be set ++ when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA +@@ -15623,8 +16014,7 @@ spec: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute +@@ -15646,6 +16036,25 @@ spec: + to 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving a GRPC ++ port. This is a beta field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC service. Number ++ must be in the range 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of the service ++ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default behavior ++ is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: +@@ -15709,9 +16118,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: TCPSocket specifies an action involving ++ a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, +@@ -15924,23 +16332,23 @@ spec: + creating a pod, and it cannot be modified by updating the pod + spec. In order to add an ephemeral container to an existing + pod, use the pod's ephemeralcontainers subresource. This field +- is alpha-level and is only honored by servers that enable the +- EphemeralContainers feature. ++ is beta-level and available on clusters that haven't disabled ++ the EphemeralContainers feature gate. + items: +- description: An EphemeralContainer is a container that may be +- added temporarily to an existing pod for user-initiated activities ++ description: "An EphemeralContainer is a temporary container ++ that you may add to an existing Pod for user-initiated activities + such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when +- they exit or when a pod is removed or restarted. If an ephemeral +- container causes a pod to exceed its resource allocation, +- the pod may be evicted. Ephemeral containers may not be added +- by directly updating the pod spec. They must be added via +- the pod's ephemeralcontainers subresource, and they will appear +- in the pod spec once added. This is an alpha feature enabled +- by the EphemeralContainers feature flag. ++ they exit or when a Pod is removed or restarted. The kubelet ++ may evict a Pod if an ephemeral container causes the Pod to ++ exceed its resource allocation. \n To add an ephemeral container, ++ use the ephemeralcontainers subresource of an existing Pod. ++ Ephemeral containers may not be removed or restarted. \n This ++ is a beta feature available on clusters that haven't disabled ++ the EphemeralContainers feature gate." + properties: + args: +- description: 'Arguments to the entrypoint. The docker image''s ++ description: 'Arguments to the entrypoint. The image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the +@@ -15955,16 +16363,15 @@ spec: + type: array + command: + description: 'Entrypoint array. Not executed within a shell. +- The docker image''s ENTRYPOINT is used if this is not +- provided. Variable references $(VAR_NAME) are expanded +- using the container''s environment. If a variable cannot +- be resolved, the reference in the input string will be +- unchanged. Double $$ are reduced to a single $, which +- allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" +- will produce the string literal "$(VAR_NAME)". Escaped +- references will never be expanded, regardless of whether +- the variable exists or not. Cannot be updated. More info: +- https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' ++ The image''s ENTRYPOINT is used if this is not provided. ++ Variable references $(VAR_NAME) are expanded using the ++ container''s environment. If a variable cannot be resolved, ++ the reference in the input string will be unchanged. Double ++ $$ are reduced to a single $, which allows for escaping ++ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce ++ the string literal "$(VAR_NAME)". Escaped references will ++ never be expanded, regardless of whether the variable ++ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array +@@ -16131,7 +16538,7 @@ spec: + type: object + type: array + image: +- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' ++ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. +@@ -16149,8 +16556,7 @@ spec: + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to +@@ -16212,9 +16618,11 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle hook' ++ description: Deprecated. TCPSocket is NOT supported ++ as a LifecycleHandler and kept for the backward ++ compatibility. There are no validation of this ++ field and lifecycle hooks will fail in runtime ++ when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect +@@ -16237,19 +16645,17 @@ spec: + container is terminated due to an API request or management + event such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called +- if the container crashes or exits. The reason for +- termination is passed to the handler. The Pod''s termination +- grace period countdown begins before the PreStop hooked ++ if the container crashes or exits. The Pod''s termination ++ grace period countdown begins before the PreStop hook + is executed. Regardless of the outcome of the handler, + the container will eventually terminate within the +- Pod''s termination grace period. Other management +- of the container blocks until the hook completes or +- until the termination grace period is reached. More +- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' ++ Pod''s termination grace period (unless delayed by ++ finalizers). Other management of the container blocks ++ until the hook completes or until the termination ++ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to +@@ -16311,9 +16717,11 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle hook' ++ description: Deprecated. TCPSocket is NOT supported ++ as a LifecycleHandler and kept for the backward ++ compatibility. There are no validation of this ++ field and lifecycle hooks will fail in runtime ++ when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect +@@ -16336,8 +16744,7 @@ spec: + description: Probes are not allowed for ephemeral containers. + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute +@@ -16359,6 +16766,25 @@ spec: + to 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving a GRPC ++ port. This is a beta field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC service. Number ++ must be in the range 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of the service ++ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default behavior ++ is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: +@@ -16422,9 +16848,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: TCPSocket specifies an action involving ++ a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, +@@ -16510,12 +16935,15 @@ spec: + - containerPort + type: object + type: array ++ x-kubernetes-list-map-keys: ++ - containerPort ++ - protocol ++ x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute +@@ -16537,6 +16965,25 @@ spec: + to 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving a GRPC ++ port. This is a beta field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC service. Number ++ must be in the range 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of the service ++ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default behavior ++ is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: +@@ -16600,9 +17047,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: TCPSocket specifies an action involving ++ a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, +@@ -16685,12 +17131,14 @@ spec: + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged +- 2) has CAP_SYS_ADMIN' ++ 2) has CAP_SYS_ADMIN Note that this field cannot be ++ set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities +- granted by the container runtime. ++ granted by the container runtime. Note that this field ++ cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities +@@ -16710,25 +17158,29 @@ spec: + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent +- to root on the host. Defaults to false. ++ to root on the host. Defaults to false. Note that ++ this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType +- feature flag to be enabled. ++ feature flag to be enabled. Note that this field cannot ++ be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only +- root filesystem. Default is false. ++ root filesystem. Default is false. Note that this ++ field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field cannot be set ++ when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: +@@ -16747,6 +17199,8 @@ spec: + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. ++ Note that this field cannot be set when spec.os.name ++ is windows. + format: int64 + type: integer + seLinuxOptions: +@@ -16755,7 +17209,9 @@ spec: + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value +- specified in SecurityContext takes precedence. ++ specified in SecurityContext takes precedence. Note ++ that this field cannot be set when spec.os.name is ++ windows. + properties: + level: + description: Level is SELinux level label that applies +@@ -16778,7 +17234,8 @@ spec: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & + container level, the container options override the +- pod options. ++ pod options. Note that this field cannot be set when ++ spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile +@@ -16804,7 +17261,8 @@ spec: + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field cannot be set ++ when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA +@@ -16843,8 +17301,7 @@ spec: + description: Probes are not allowed for ephemeral containers. + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute +@@ -16866,6 +17323,25 @@ spec: + to 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving a GRPC ++ port. This is a beta field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC service. Number ++ must be in the range 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of the service ++ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default behavior ++ is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: +@@ -16929,9 +17405,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: TCPSocket specifies an action involving ++ a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, +@@ -16993,12 +17468,14 @@ spec: + EOF. Default is false + type: boolean + targetContainerName: +- description: If set, the name of the container from PodSpec ++ description: "If set, the name of the container from PodSpec + that this ephemeral container targets. The ephemeral container + will be run in the namespaces (IPC, PID, etc) of this +- container. If not set then the ephemeral container is +- run in whatever namespaces are shared for the pod. Note +- that the container runtime must support this feature. ++ container. If not set then the ephemeral container uses ++ the namespaces configured in the Pod spec. \n The container ++ runtime must implement support for this feature. If the ++ runtime does not support namespace targeting then the ++ result of setting this field is undefined." + type: string + terminationMessagePath: + description: 'Optional: Path at which the file to which +@@ -17047,6 +17524,7 @@ spec: + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. ++ Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume +@@ -17136,8 +17614,7 @@ spec: + to secrets in the same namespace to use for pulling any of the + images used by this PodSpec. If specified, these secrets will + be passed to individual puller implementations for them to use. +- For example, in the case of docker, only DockerConfig type secrets +- are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' ++ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. +@@ -17167,11 +17644,11 @@ spec: + run within a pod. + properties: + args: +- description: 'Arguments to the entrypoint. The docker image''s +- CMD is used if this is not provided. Variable references +- $(VAR_NAME) are expanded using the container''s environment. +- If a variable cannot be resolved, the reference in the +- input string will be unchanged. Double $$ are reduced ++ description: 'Arguments to the entrypoint. The container ++ image''s CMD is used if this is not provided. Variable ++ references $(VAR_NAME) are expanded using the container''s ++ environment. If a variable cannot be resolved, the reference ++ in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never be expanded, +@@ -17182,7 +17659,7 @@ spec: + type: array + command: + description: 'Entrypoint array. Not executed within a shell. +- The docker image''s ENTRYPOINT is used if this is not ++ The container image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be +@@ -17358,7 +17835,7 @@ spec: + type: object + type: array + image: +- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images ++ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' +@@ -17380,8 +17857,7 @@ spec: + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to +@@ -17443,9 +17919,11 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle hook' ++ description: Deprecated. TCPSocket is NOT supported ++ as a LifecycleHandler and kept for the backward ++ compatibility. There are no validation of this ++ field and lifecycle hooks will fail in runtime ++ when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect +@@ -17468,19 +17946,17 @@ spec: + container is terminated due to an API request or management + event such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called +- if the container crashes or exits. The reason for +- termination is passed to the handler. The Pod''s termination +- grace period countdown begins before the PreStop hooked ++ if the container crashes or exits. The Pod''s termination ++ grace period countdown begins before the PreStop hook + is executed. Regardless of the outcome of the handler, + the container will eventually terminate within the +- Pod''s termination grace period. Other management +- of the container blocks until the hook completes or +- until the termination grace period is reached. More +- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' ++ Pod''s termination grace period (unless delayed by ++ finalizers). Other management of the container blocks ++ until the hook completes or until the termination ++ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to +@@ -17542,9 +18018,11 @@ spec: + - port + type: object + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: +- implement a realistic TCP lifecycle hook' ++ description: Deprecated. TCPSocket is NOT supported ++ as a LifecycleHandler and kept for the backward ++ compatibility. There are no validation of this ++ field and lifecycle hooks will fail in runtime ++ when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect +@@ -17569,8 +18047,7 @@ spec: + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute +@@ -17592,6 +18069,25 @@ spec: + to 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving a GRPC ++ port. This is a beta field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC service. Number ++ must be in the range 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of the service ++ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default behavior ++ is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: +@@ -17655,9 +18151,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: TCPSocket specifies an action involving ++ a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, +@@ -17760,8 +18255,7 @@ spec: + probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute +@@ -17783,6 +18277,25 @@ spec: + to 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving a GRPC ++ port. This is a beta field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC service. Number ++ must be in the range 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of the service ++ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default behavior ++ is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: +@@ -17846,9 +18359,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: TCPSocket specifies an action involving ++ a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, +@@ -17930,12 +18442,14 @@ spec: + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged +- 2) has CAP_SYS_ADMIN' ++ 2) has CAP_SYS_ADMIN Note that this field cannot be ++ set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities +- granted by the container runtime. ++ granted by the container runtime. Note that this field ++ cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities +@@ -17955,25 +18469,29 @@ spec: + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent +- to root on the host. Defaults to false. ++ to root on the host. Defaults to false. Note that ++ this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType +- feature flag to be enabled. ++ feature flag to be enabled. Note that this field cannot ++ be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only +- root filesystem. Default is false. ++ root filesystem. Default is false. Note that this ++ field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field cannot be set ++ when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: +@@ -17992,6 +18510,8 @@ spec: + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. ++ Note that this field cannot be set when spec.os.name ++ is windows. + format: int64 + type: integer + seLinuxOptions: +@@ -18000,7 +18520,9 @@ spec: + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value +- specified in SecurityContext takes precedence. ++ specified in SecurityContext takes precedence. Note ++ that this field cannot be set when spec.os.name is ++ windows. + properties: + level: + description: Level is SELinux level label that applies +@@ -18023,7 +18545,8 @@ spec: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & + container level, the container options override the +- pod options. ++ pod options. Note that this field cannot be set when ++ spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile +@@ -18049,7 +18572,8 @@ spec: + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field cannot be set ++ when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA +@@ -18096,8 +18620,7 @@ spec: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: +- description: One and only one of the following should +- be specified. Exec specifies the action to take. ++ description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute +@@ -18119,6 +18642,25 @@ spec: + to 3. Minimum value is 1. + format: int32 + type: integer ++ grpc: ++ description: GRPC specifies an action involving a GRPC ++ port. This is a beta field and requires enabling GRPCContainerProbe ++ feature gate. ++ properties: ++ port: ++ description: Port number of the gRPC service. Number ++ must be in the range 1 to 65535. ++ format: int32 ++ type: integer ++ service: ++ description: "Service is the name of the service ++ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). ++ \n If this is not specified, the default behavior ++ is defined by gRPC." ++ type: string ++ required: ++ - port ++ type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: +@@ -18182,9 +18724,8 @@ spec: + format: int32 + type: integer + tcpSocket: +- description: 'TCPSocket specifies an action involving +- a TCP port. TCP hooks not yet supported TODO: implement +- a realistic TCP lifecycle hook' ++ description: TCPSocket specifies an action involving ++ a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, +@@ -18355,6 +18896,34 @@ spec: + https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + x-kubernetes-map-type: atomic ++ os: ++ description: "Specifies the OS of the containers in the pod. Some ++ pod and container fields are restricted if this is set. \n If ++ the OS field is set to linux, the following fields must be unset: ++ -securityContext.windowsOptions \n If the OS field is set to ++ windows, following fields must be unset: - spec.hostPID - spec.hostIPC ++ - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile ++ - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy ++ - spec.securityContext.sysctls - spec.shareProcessNamespace ++ - spec.securityContext.runAsUser - spec.securityContext.runAsGroup ++ - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions ++ - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities ++ - spec.containers[*].securityContext.readOnlyRootFilesystem ++ - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation ++ - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser ++ - spec.containers[*].securityContext.runAsGroup This is a beta ++ field and requires the IdentifyPodOS feature" ++ properties: ++ name: ++ description: 'Name is the name of the operating system. The ++ currently supported values are linux and windows. Additional ++ value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration ++ Clients should expect to handle additional values and treat ++ unrecognized values in this field as os: null' ++ type: string ++ required: ++ - name ++ type: object + overhead: + additionalProperties: + anyOf: +@@ -18371,15 +18940,12 @@ spec: + the overhead already set. If RuntimeClass is configured and + selected in the PodSpec, Overhead will be set to the value defined + in the corresponding RuntimeClass, otherwise it will remain +- unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md +- This field is beta-level as of Kubernetes v1.18, and is only +- honored by servers that enable the PodOverhead feature.' ++ unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods + with lower priority. One of Never, PreemptLowerPriority. Defaults +- to PreemptLowerPriority if unset. This field is beta-level, +- gated by the NonPreemptingPriority feature-gate. ++ to PreemptLowerPriority if unset. + type: string + priority: + description: The priority value. Various system components use +@@ -18425,8 +18991,7 @@ spec: + no RuntimeClass resource matches the named class, the pod will + not be run. If unset or empty, the "legacy" RuntimeClass will + be used, which is an implicit class with an empty definition +- that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class +- This is a beta feature as of Kubernetes v1.14.' ++ that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified +@@ -18446,7 +19011,8 @@ spec: + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and +- permissions of any volume." ++ permissions of any volume. Note that this field cannot be ++ set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: +@@ -18456,14 +19022,16 @@ spec: + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" +- and "Always". If not specified, "Always" is used.' ++ and "Always". If not specified, "Always" is used. Note that ++ this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext +- takes precedence for that container. ++ takes precedence for that container. Note that this field ++ cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: +@@ -18481,6 +19049,8 @@ spec: + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. ++ Note that this field cannot be set when spec.os.name is ++ windows. + format: int64 + type: integer + seLinuxOptions: +@@ -18489,7 +19059,8 @@ spec: + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence +- for that container. ++ for that container. Note that this field cannot be set when ++ spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies +@@ -18510,7 +19081,8 @@ spec: + type: object + seccompProfile: + description: The seccomp options to use by the containers +- in this pod. ++ in this pod. Note that this field cannot be set when spec.os.name ++ is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined +@@ -18533,6 +19105,8 @@ spec: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. ++ Note that this field cannot be set when spec.os.name is ++ windows. + items: + format: int64 + type: integer +@@ -18540,7 +19114,8 @@ spec: + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container +- runtime) might fail to launch. ++ runtime) might fail to launch. Note that this field cannot ++ be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: +@@ -18560,7 +19135,8 @@ spec: + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext +- takes precedence. ++ takes precedence. Note that this field cannot be set when ++ spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission +@@ -18740,12 +19316,15 @@ spec: + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global +- minimum. For example, in a 3-zone cluster, MaxSkew is +- set to 1, and pods with the same labelSelector spread +- as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | +- - if MaxSkew is 1, incoming pod can only be scheduled +- to zone3 to become 1/1/1; scheduling it onto zone1(zone2) +- would make the ActualSkew(2-0) on zone1(zone2) violate ++ minimum. The global minimum is the minimum number of matching ++ pods in an eligible domain or zero if the number of eligible ++ domains is less than MinDomains. For example, in a 3-zone ++ cluster, MaxSkew is set to 1, and pods with the same labelSelector ++ spread as 2/2/1: In this case, the global minimum is 1. ++ | zone1 | zone2 | zone3 | | P P | P P | P | - ++ if MaxSkew is 1, incoming pod can only be scheduled to ++ zone3 to become 2/2/2; scheduling it onto zone1(zone2) ++ would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that +@@ -18753,12 +19332,44 @@ spec: + and 0 is not allowed.' + format: int32 + type: integer ++ minDomains: ++ description: "MinDomains indicates a minimum number of eligible ++ domains. When the number of eligible domains with matching ++ topology keys is less than minDomains, Pod Topology Spread ++ treats \"global minimum\" as 0, and then the calculation ++ of Skew is performed. And when the number of eligible ++ domains with matching topology keys equals or greater ++ than minDomains, this value has no effect on scheduling. ++ As a result, when the number of eligible domains is less ++ than minDomains, scheduler won't schedule more than maxSkew ++ Pods to those domains. If value is nil, the constraint ++ behaves as if MinDomains is equal to 1. Valid values are ++ integers greater than 0. When value is not nil, WhenUnsatisfiable ++ must be DoNotSchedule. \n For example, in a 3-zone cluster, ++ MaxSkew is set to 2, MinDomains is set to 5 and pods with ++ the same labelSelector spread as 2/2/2: | zone1 | zone2 ++ | zone3 | | P P | P P | P P | The number of domains ++ is less than 5(MinDomains), so \"global minimum\" is treated ++ as 0. In this situation, new pod with the same labelSelector ++ cannot be scheduled, because computed skew will be 3(3 ++ - 0) if new Pod is scheduled to any of the three zones, ++ it will violate MaxSkew. \n This is an alpha field and ++ requires enabling MinDomainsInPodTopologySpread feature ++ gate." ++ format: int32 ++ type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number +- of pods into each bucket. It's a required field. ++ of pods into each bucket. We define a domain as a particular ++ instance of a topology. Also, we define an eligible domain ++ as a domain whose nodes match the node selector. e.g. ++ If TopologyKey is "kubernetes.io/hostname", each Node ++ is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", ++ each zone is a domain of that topology. It's a required ++ field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with +@@ -18768,7 +19379,7 @@ spec: + pod in any location, but giving higher precedence to + topologies that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming pod if and +- only if every possible node assigment for that pod would ++ only if every possible node assignment for that pod would + violate "MaxSkew" on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 3/1/1: | zone1 | zone2 | +@@ -18797,122 +19408,124 @@ spec: + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: +- description: 'AWSElasticBlockStore represents an AWS Disk ++ description: 'awsElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: +- description: 'Filesystem type of the volume that you +- want to mount. Tip: Ensure that the filesystem type +- is supported by the host operating system. Examples: ++ description: 'fsType is the filesystem type of the volume ++ that you want to mount. Tip: Ensure that the filesystem ++ type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: +- description: 'The partition in the volume that you want +- to mount. If omitted, the default is to mount by volume +- name. Examples: For volume /dev/sda1, you specify +- the partition as "1". Similarly, the volume partition +- for /dev/sda is "0" (or you can leave the property +- empty).' ++ description: 'partition is the partition in the volume ++ that you want to mount. If omitted, the default is ++ to mount by volume name. Examples: For volume /dev/sda1, ++ you specify the partition as "1". Similarly, the volume ++ partition for /dev/sda is "0" (or you can leave the ++ property empty).' + format: int32 + type: integer + readOnly: +- description: 'Specify "true" to force and set the ReadOnly +- property in VolumeMounts to "true". If omitted, the +- default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' ++ description: 'readOnly value true will force the readOnly ++ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: +- description: 'Unique ID of the persistent disk resource +- in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' ++ description: 'volumeID is unique ID of the persistent ++ disk resource in AWS (Amazon EBS volume). More info: ++ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: +- description: AzureDisk represents an Azure Data Disk mount ++ description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: +- description: 'Host Caching mode: None, Read Only, Read +- Write.' ++ description: 'cachingMode is the Host Caching mode: ++ None, Read Only, Read Write.' + type: string + diskName: +- description: The Name of the data disk in the blob storage ++ description: diskName is the Name of the data disk in ++ the blob storage + type: string + diskURI: +- description: The URI the data disk in the blob storage ++ description: diskURI is the URI of data disk in the ++ blob storage + type: string + fsType: +- description: Filesystem type to mount. Must be a filesystem +- type supported by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to be "ext4" if +- unspecified. ++ description: fsType is Filesystem type to mount. Must ++ be a filesystem type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. + type: string + kind: +- description: 'Expected values Shared: multiple blob +- disks per storage account Dedicated: single blob +- disk per storage account Managed: azure managed data +- disk (only in managed availability set). defaults ++ description: 'kind expected values are Shared: multiple ++ blob disks per storage account Dedicated: single ++ blob disk per storage account Managed: azure managed ++ data disk (only in managed availability set). defaults + to shared' + type: string + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly Defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: +- description: AzureFile represents an Azure File Service ++ description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: +- description: the name of secret that contains Azure +- Storage Account Name and Key ++ description: secretName is the name of secret that ++ contains Azure Storage Account Name and Key + type: string + shareName: +- description: Share Name ++ description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: +- description: CephFS represents a Ceph FS mount on the host ++ description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: +- description: 'Required: Monitors is a collection of +- Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'monitors is Required: Monitors is a collection ++ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: +- description: 'Optional: Used as the mounted root, rather +- than the full Ceph tree, default is /' ++ description: 'path is Optional: Used as the mounted ++ root, rather than the full Ceph tree, default is /' + type: string + readOnly: +- description: 'Optional: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly setting in VolumeMounts. +- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'readOnly is Optional: Defaults to false ++ (read/write). ReadOnly here will force the ReadOnly ++ setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: +- description: 'Optional: SecretFile is the path to key +- ring for User, default is /etc/ceph/user.secret More +- info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'secretFile is Optional: SecretFile is ++ the path to key ring for User, default is /etc/ceph/user.secret ++ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: +- description: 'Optional: SecretRef is reference to the +- authentication secret for User, default is empty. +- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'secretRef is Optional: SecretRef is reference ++ to the authentication secret for User, default is ++ empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +@@ -18921,30 +19534,30 @@ spec: + type: string + type: object + user: +- description: 'Optional: User is the rados user name, +- default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' ++ description: 'user is optional: User is the rados user ++ name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: +- description: 'Cinder represents a cinder volume attached ++ description: 'cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: +- description: 'Filesystem type to mount. Must be a filesystem +- type supported by the host operating system. Examples: +- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" +- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' ++ description: 'fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host operating ++ system. Examples: "ext4", "xfs", "ntfs". Implicitly ++ inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: +- description: 'Optional: Defaults to false (read/write). ++ description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: +- description: 'Optional: points to a secret object containing +- parameters used to connect to OpenStack.' ++ description: 'secretRef is optional: points to a secret ++ object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +@@ -18953,37 +19566,38 @@ spec: + type: string + type: object + volumeID: +- description: 'volume id used to identify the volume +- in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' ++ description: 'volumeID used to identify the volume in ++ cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: +- description: ConfigMap represents a configMap that should ++ description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: +- description: 'Optional: mode bits used to set permissions +- on created files by default. Must be an octal value +- between 0000 and 0777 or a decimal value between 0 +- and 511. YAML accepts both octal and decimal values, +- JSON requires decimal values for mode bits. Defaults +- to 0644. Directories within the path are not affected +- by this setting. This might be in conflict with other +- options that affect the file mode, like fsGroup, and +- the result can be other mode bits set.' ++ description: 'defaultMode is optional: mode bits used ++ to set permissions on created files by default. Must ++ be an octal value between 0000 and 0777 or a decimal ++ value between 0 and 511. YAML accepts both octal and ++ decimal values, JSON requires decimal values for mode ++ bits. Defaults to 0644. Directories within the path ++ are not affected by this setting. This might be in ++ conflict with other options that affect the file mode, ++ like fsGroup, and the result can be other mode bits ++ set.' + format: int32 + type: integer + items: +- description: If unspecified, each key-value pair in +- the Data field of the referenced ConfigMap will be +- projected into the volume as a file whose name is +- the key and content is the value. If specified, the +- listed keys will be projected into the specified paths, +- and unlisted keys will not be present. If a key is +- specified which is not present in the ConfigMap, the +- volume setup will error unless it is marked optional. ++ description: items if unspecified, each key-value pair ++ in the Data field of the referenced ConfigMap will ++ be projected into the volume as a file whose name ++ is the key and content is the value. If specified, ++ the listed keys will be projected into the specified ++ paths, and unlisted keys will not be present. If a ++ key is specified which is not present in the ConfigMap, ++ the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: +@@ -18991,26 +19605,26 @@ spec: + volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used to set +- permissions on this file. Must be an octal value +- between 0000 and 0777 or a decimal value between +- 0 and 511. YAML accepts both octal and decimal +- values, JSON requires decimal values for mode +- bits. If not specified, the volume defaultMode +- will be used. This might be in conflict with +- other options that affect the file mode, like +- fsGroup, and the result can be other mode bits +- set.' ++ description: 'mode is Optional: mode bits used ++ to set permissions on this file. Must be an ++ octal value between 0000 and 0777 or a decimal ++ value between 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires decimal values ++ for mode bits. If not specified, the volume ++ defaultMode will be used. This might be in conflict ++ with other options that affect the file mode, ++ like fsGroup, and the result can be other mode ++ bits set.' + format: int32 + type: integer + path: +- description: The relative path of the file to +- map the key to. May not be an absolute path. +- May not contain the path element '..'. May not +- start with the string '..'. ++ description: path is the relative path of the ++ file to map the key to. May not be an absolute ++ path. May not contain the path element '..'. ++ May not start with the string '..'. + type: string + required: + - key +@@ -19022,28 +19636,28 @@ spec: + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: +- description: Specify whether the ConfigMap or its keys +- must be defined ++ description: optional specify whether the ConfigMap ++ or its keys must be defined + type: boolean + type: object + csi: +- description: CSI (Container Storage Interface) represents ++ description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: +- description: Driver is the name of the CSI driver that ++ description: driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. + type: string + fsType: +- description: Filesystem type to mount. Ex. "ext4", "xfs", +- "ntfs". If not provided, the empty value is passed +- to the associated CSI driver which will determine +- the default filesystem to apply. ++ description: fsType to mount. Ex. "ext4", "xfs", "ntfs". ++ If not provided, the empty value is passed to the ++ associated CSI driver which will determine the default ++ filesystem to apply. + type: string + nodePublishSecretRef: +- description: NodePublishSecretRef is a reference to ++ description: nodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, +@@ -19058,13 +19672,13 @@ spec: + type: string + type: object + readOnly: +- description: Specifies a read-only configuration for +- the volume. Defaults to false (read/write). ++ description: readOnly specifies a read-only configuration ++ for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string +- description: VolumeAttributes stores driver-specific ++ description: volumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. + type: object +@@ -19072,7 +19686,7 @@ spec: + - driver + type: object + downwardAPI: +- description: DownwardAPI represents downward API about the ++ description: downwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: +@@ -19162,31 +19776,33 @@ spec: + type: array + type: object + emptyDir: +- description: 'EmptyDir represents a temporary directory ++ description: 'emptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: +- description: 'What type of storage medium should back +- this directory. The default is "" which means to use +- the node''s default medium. Must be an empty string +- (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' ++ description: 'medium represents what type of storage ++ medium should back this directory. The default is ++ "" which means to use the node''s default medium. ++ Must be an empty string (default) or Memory. More ++ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string +- description: 'Total amount of local storage required +- for this EmptyDir volume. The size limit is also applicable +- for memory medium. The maximum usage on memory medium +- EmptyDir would be the minimum value between the SizeLimit +- specified here and the sum of memory limits of all +- containers in a pod. The default is nil which means +- that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' ++ description: 'sizeLimit is the total amount of local ++ storage required for this EmptyDir volume. The size ++ limit is also applicable for memory medium. The maximum ++ usage on memory medium EmptyDir would be the minimum ++ value between the SizeLimit specified here and the ++ sum of memory limits of all containers in a pod. The ++ default is nil which means that the limit is undefined. ++ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: +- description: "Ephemeral represents a volume that is handled ++ description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is + tied to the pod that defines it - it will be created before + the pod starts, and deleted when the pod is removed. \n +@@ -19204,8 +19820,7 @@ spec: + CSI driver is meant to be used that way - see the documentation + of the driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes at the +- same time. \n This is a beta feature and only available +- when the GenericEphemeralVolume feature gate is enabled." ++ same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC +@@ -19243,18 +19858,18 @@ spec: + also valid here. + properties: + accessModes: +- description: 'AccessModes contains the desired ++ description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: +- description: 'This field can be used to specify +- either: * An existing VolumeSnapshot object +- (snapshot.storage.k8s.io/VolumeSnapshot) * +- An existing PVC (PersistentVolumeClaim) If +- the provisioner or an external controller ++ description: 'dataSource field can be used to ++ specify either: * An existing VolumeSnapshot ++ object (snapshot.storage.k8s.io/VolumeSnapshot) ++ * An existing PVC (PersistentVolumeClaim) ++ If the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. If the AnyVolumeDataSource +@@ -19282,17 +19897,17 @@ spec: + - name + type: object + dataSourceRef: +- description: 'Specifies the object from which +- to populate the volume with data, if a non-empty +- volume is desired. This may be any local object +- from a non-empty API group (non core object) +- or a PersistentVolumeClaim object. When this +- field is specified, volume binding will only +- succeed if the type of the specified object +- matches some installed volume populator or +- dynamic provisioner. This field will replace +- the functionality of the DataSource field +- and as such if both fields are non-empty, ++ description: 'dataSourceRef specifies the object ++ from which to populate the volume with data, ++ if a non-empty volume is desired. This may ++ be any local object from a non-empty API group ++ (non core object) or a PersistentVolumeClaim ++ object. When this field is specified, volume ++ binding will only succeed if the type of the ++ specified object matches some installed volume ++ populator or dynamic provisioner. This field ++ will replace the functionality of the DataSource ++ field and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, both fields (DataSource and + DataSourceRef) will be set to the same value +@@ -19305,7 +19920,7 @@ spec: + objects. * While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed +- value is specified. (Alpha) Using this field ++ value is specified. (Beta) Using this field + requires the AnyVolumeDataSource feature gate + to be enabled.' + properties: +@@ -19329,9 +19944,13 @@ spec: + - name + type: object + resources: +- description: 'Resources represents the minimum +- resources the volume should have. More info: +- https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' ++ description: 'resources represents the minimum ++ resources the volume should have. If RecoverVolumeExpansionFailure ++ feature is enabled users are allowed to specify ++ resource requirements that are lower than ++ previous value but must still be higher than ++ capacity recorded in the status field of the ++ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: +@@ -19360,8 +19979,8 @@ spec: + type: object + type: object + selector: +- description: A label query over volumes to consider +- for binding. ++ description: selector is a label query over ++ volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list +@@ -19412,8 +20031,9 @@ spec: + type: object + type: object + storageClassName: +- description: 'Name of the StorageClass required +- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' ++ description: 'storageClassName is the name of ++ the StorageClass required by the claim. More ++ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of +@@ -19422,7 +20042,7 @@ spec: + claim spec. + type: string + volumeName: +- description: VolumeName is the binding reference ++ description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object +@@ -19431,32 +20051,34 @@ spec: + type: object + type: object + fc: +- description: FC represents a Fibre Channel resource that ++ description: fc represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: +- description: 'Filesystem type to mount. Must be a filesystem +- type supported by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to be "ext4" if +- unspecified. TODO: how do we prevent errors in the +- filesystem from compromising the machine' ++ description: 'fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. TODO: how do we prevent ++ errors in the filesystem from compromising the machine' + type: string + lun: +- description: 'Optional: FC target lun number' ++ description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: +- description: 'Optional: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly setting in VolumeMounts.' ++ description: 'readOnly is Optional: Defaults to false ++ (read/write). ReadOnly here will force the ReadOnly ++ setting in VolumeMounts.' + type: boolean + targetWWNs: +- description: 'Optional: FC target worldwide names (WWNs)' ++ description: 'targetWWNs is Optional: FC target worldwide ++ names (WWNs)' + items: + type: string + type: array + wwids: +- description: 'Optional: FC volume world wide identifiers ++ description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs + and lun must be set, but not both simultaneously.' + items: +@@ -19464,35 +20086,37 @@ spec: + type: array + type: object + flexVolume: +- description: FlexVolume represents a generic volume resource ++ description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: +- description: Driver is the name of the driver to use ++ description: driver is the name of the driver to use + for this volume. + type: string + fsType: +- description: Filesystem type to mount. Must be a filesystem +- type supported by the host operating system. Ex. "ext4", +- "xfs", "ntfs". The default filesystem depends on FlexVolume +- script. ++ description: fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". The default filesystem ++ depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string +- description: 'Optional: Extra command options if any.' ++ description: 'options is Optional: this field holds ++ extra command options if any.' + type: object + readOnly: +- description: 'Optional: Defaults to false (read/write). +- ReadOnly here will force the ReadOnly setting in VolumeMounts.' ++ description: 'readOnly is Optional: defaults to false ++ (read/write). ReadOnly here will force the ReadOnly ++ setting in VolumeMounts.' + type: boolean + secretRef: +- description: 'Optional: SecretRef is reference to the +- secret object containing sensitive information to +- pass to the plugin scripts. This may be empty if no +- secret object is specified. If the secret object contains +- more than one secret, all secrets are passed to the +- plugin scripts.' ++ description: 'secretRef is Optional: secretRef is reference ++ to the secret object containing sensitive information ++ to pass to the plugin scripts. This may be empty if ++ no secret object is specified. If the secret object ++ contains more than one secret, all secrets are passed ++ to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +@@ -19504,49 +20128,50 @@ spec: + - driver + type: object + flocker: +- description: Flocker represents a Flocker volume attached ++ description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: +- description: Name of the dataset stored as metadata +- -> name on the dataset for Flocker should be considered +- as deprecated ++ description: datasetName is Name of the dataset stored ++ as metadata -> name on the dataset for Flocker should ++ be considered as deprecated + type: string + datasetUUID: +- description: UUID of the dataset. This is unique identifier +- of a Flocker dataset ++ description: datasetUUID is the UUID of the dataset. ++ This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: +- description: 'GCEPersistentDisk represents a GCE Disk resource ++ description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: +- description: 'Filesystem type of the volume that you +- want to mount. Tip: Ensure that the filesystem type +- is supported by the host operating system. Examples: ++ description: 'fsType is filesystem type of the volume ++ that you want to mount. Tip: Ensure that the filesystem ++ type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: +- description: 'The partition in the volume that you want +- to mount. If omitted, the default is to mount by volume +- name. Examples: For volume /dev/sda1, you specify +- the partition as "1". Similarly, the volume partition +- for /dev/sda is "0" (or you can leave the property +- empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' ++ description: 'partition is the partition in the volume ++ that you want to mount. If omitted, the default is ++ to mount by volume name. Examples: For volume /dev/sda1, ++ you specify the partition as "1". Similarly, the volume ++ partition for /dev/sda is "0" (or you can leave the ++ property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: +- description: 'Unique name of the PD resource in GCE. +- Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' ++ description: 'pdName is unique name of the PD resource ++ in GCE. Used to identify the disk in GCE. More info: ++ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: +- description: 'ReadOnly here will force the ReadOnly ++ description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean +@@ -19554,42 +20179,43 @@ spec: + - pdName + type: object + gitRepo: +- description: 'GitRepo represents a git repository at a particular ++ description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an + InitContainer that clones the repo using git, then mount + the EmptyDir into the Pod''s container.' + properties: + directory: +- description: Target directory name. Must not contain +- or start with '..'. If '.' is supplied, the volume +- directory will be the git repository. Otherwise, ++ description: directory is the target directory name. ++ Must not contain or start with '..'. If '.' is supplied, ++ the volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: +- description: Repository URL ++ description: repository is the URL + type: string + revision: +- description: Commit hash for the specified revision. ++ description: revision is the commit hash for the specified ++ revision. + type: string + required: + - repository + type: object + glusterfs: +- description: 'Glusterfs represents a Glusterfs mount on ++ description: 'glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: +- description: 'EndpointsName is the endpoint name that +- details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' ++ description: 'endpoints is the endpoint name that details ++ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: +- description: 'Path is the Glusterfs volume path. More ++ description: 'path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: +- description: 'ReadOnly here will force the Glusterfs ++ description: 'readOnly here will force the Glusterfs + volume to be mounted with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean +@@ -19598,7 +20224,7 @@ spec: + - path + type: object + hostPath: +- description: 'HostPath represents a pre-existing file or ++ description: 'hostPath represents a pre-existing file or + directory on the host machine that is directly exposed + to the container. This is generally used for system agents + or other privileged things that are allowed to see the +@@ -19609,68 +20235,71 @@ spec: + as read/write.' + properties: + path: +- description: 'Path of the directory on the host. If ++ description: 'path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: +- description: 'Type for HostPath Volume Defaults to "" ++ description: 'type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: +- description: 'ISCSI represents an ISCSI Disk resource that ++ description: 'iscsi represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: +- description: whether support iSCSI Discovery CHAP authentication ++ description: chapAuthDiscovery defines whether support ++ iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: +- description: whether support iSCSI Session CHAP authentication ++ description: chapAuthSession defines whether support ++ iSCSI Session CHAP authentication + type: boolean + fsType: +- description: 'Filesystem type of the volume that you +- want to mount. Tip: Ensure that the filesystem type +- is supported by the host operating system. Examples: ++ description: 'fsType is the filesystem type of the volume ++ that you want to mount. Tip: Ensure that the filesystem ++ type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: +- description: Custom iSCSI Initiator Name. If initiatorName +- is specified with iscsiInterface simultaneously, new +- iSCSI interface : will +- be created for the connection. ++ description: initiatorName is the custom iSCSI Initiator ++ Name. If initiatorName is specified with iscsiInterface ++ simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: +- description: Target iSCSI Qualified Name. ++ description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: +- description: iSCSI Interface Name that uses an iSCSI +- transport. Defaults to 'default' (tcp). ++ description: iscsiInterface is the interface Name that ++ uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: +- description: iSCSI Target Lun number. ++ description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: +- description: iSCSI Target Portal List. The portal is +- either an IP or ip_addr:port if the port is other +- than default (typically TCP ports 860 and 3260). ++ description: portals is the iSCSI Target Portal List. ++ The portal is either an IP or ip_addr:port if the ++ port is other than default (typically TCP ports 860 ++ and 3260). + items: + type: string + type: array + readOnly: +- description: ReadOnly here will force the ReadOnly setting ++ description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: +- description: CHAP Secret for iSCSI target and initiator +- authentication ++ description: secretRef is the CHAP Secret for iSCSI ++ target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +@@ -19679,9 +20308,10 @@ spec: + type: string + type: object + targetPortal: +- description: iSCSI Target Portal. The Portal is either +- an IP or ip_addr:port if the port is other than default +- (typically TCP ports 860 and 3260). ++ description: targetPortal is iSCSI Target Portal. The ++ Portal is either an IP or ip_addr:port if the port ++ is other than default (typically TCP ports 860 and ++ 3260). + type: string + required: + - iqn +@@ -19689,24 +20319,24 @@ spec: + - targetPortal + type: object + name: +- description: 'Volume''s name. Must be a DNS_LABEL and unique +- within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' ++ description: 'name of the volume. Must be a DNS_LABEL and ++ unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: +- description: 'NFS represents an NFS mount on the host that ++ description: 'nfs represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: +- description: 'Path that is exported by the NFS server. ++ description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: +- description: 'ReadOnly here will force the NFS export ++ description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: +- description: 'Server is the hostname or IP address of ++ description: 'server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: +@@ -19714,89 +20344,89 @@ spec: + - server + type: object + persistentVolumeClaim: +- description: 'PersistentVolumeClaimVolumeSource represents ++ description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: +- description: 'ClaimName is the name of a PersistentVolumeClaim ++ description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: +- description: Will force the ReadOnly setting in VolumeMounts. +- Default false. ++ description: readOnly Will force the ReadOnly setting ++ in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: +- description: PhotonPersistentDisk represents a PhotonController ++ description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: +- description: Filesystem type to mount. Must be a filesystem +- type supported by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to be "ext4" if +- unspecified. ++ description: fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. + type: string + pdID: +- description: ID that identifies Photon Controller persistent +- disk ++ description: pdID is the ID that identifies Photon Controller ++ persistent disk + type: string + required: + - pdID + type: object + portworxVolume: +- description: PortworxVolume represents a portworx volume ++ description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: +- description: FSType represents the filesystem type to ++ description: fSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. + type: string + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: +- description: VolumeID uniquely identifies a Portworx ++ description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: +- description: Items for all in one resources secrets, configmaps, +- and downward API ++ description: projected items for all in one resources secrets, ++ configmaps, and downward API + properties: + defaultMode: +- description: Mode bits used to set permissions on created +- files by default. Must be an octal value between 0000 +- and 0777 or a decimal value between 0 and 511. YAML +- accepts both octal and decimal values, JSON requires +- decimal values for mode bits. Directories within the +- path are not affected by this setting. This might +- be in conflict with other options that affect the +- file mode, like fsGroup, and the result can be other +- mode bits set. ++ description: defaultMode are the mode bits used to set ++ permissions on created files by default. Must be an ++ octal value between 0000 and 0777 or a decimal value ++ between 0 and 511. YAML accepts both octal and decimal ++ values, JSON requires decimal values for mode bits. ++ Directories within the path are not affected by this ++ setting. This might be in conflict with other options ++ that affect the file mode, like fsGroup, and the result ++ can be other mode bits set. + format: int32 + type: integer + sources: +- description: list of volume projections ++ description: sources is the list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: +- description: information about the configMap data +- to project ++ description: configMap information about the configMap ++ data to project + properties: + items: +- description: If unspecified, each key-value ++ description: items if unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content +@@ -19813,27 +20443,27 @@ spec: + within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used +- to set permissions on this file. Must +- be an octal value between 0000 and +- 0777 or a decimal value between 0 +- and 511. YAML accepts both octal and +- decimal values, JSON requires decimal +- values for mode bits. If not specified, +- the volume defaultMode will be used. +- This might be in conflict with other +- options that affect the file mode, +- like fsGroup, and the result can be +- other mode bits set.' ++ description: 'mode is Optional: mode ++ bits used to set permissions on this ++ file. Must be an octal value between ++ 0000 and 0777 or a decimal value between ++ 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires ++ decimal values for mode bits. If not ++ specified, the volume defaultMode ++ will be used. This might be in conflict ++ with other options that affect the ++ file mode, like fsGroup, and the result ++ can be other mode bits set.' + format: int32 + type: integer + path: +- description: The relative path of the +- file to map the key to. May not be +- an absolute path. May not contain ++ description: path is the relative path ++ of the file to map the key to. May ++ not be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string +@@ -19849,13 +20479,13 @@ spec: + kind, uid?' + type: string + optional: +- description: Specify whether the ConfigMap +- or its keys must be defined ++ description: optional specify whether the ++ ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: +- description: information about the downwardAPI +- data to project ++ description: downwardAPI information about the ++ downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume +@@ -19939,11 +20569,11 @@ spec: + type: array + type: object + secret: +- description: information about the secret data +- to project ++ description: secret information about the secret ++ data to project + properties: + items: +- description: If unspecified, each key-value ++ description: items if unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content +@@ -19960,27 +20590,27 @@ spec: + within a volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used +- to set permissions on this file. Must +- be an octal value between 0000 and +- 0777 or a decimal value between 0 +- and 511. YAML accepts both octal and +- decimal values, JSON requires decimal +- values for mode bits. If not specified, +- the volume defaultMode will be used. +- This might be in conflict with other +- options that affect the file mode, +- like fsGroup, and the result can be +- other mode bits set.' ++ description: 'mode is Optional: mode ++ bits used to set permissions on this ++ file. Must be an octal value between ++ 0000 and 0777 or a decimal value between ++ 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires ++ decimal values for mode bits. If not ++ specified, the volume defaultMode ++ will be used. This might be in conflict ++ with other options that affect the ++ file mode, like fsGroup, and the result ++ can be other mode bits set.' + format: int32 + type: integer + path: +- description: The relative path of the +- file to map the key to. May not be +- an absolute path. May not contain ++ description: path is the relative path ++ of the file to map the key to. May ++ not be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string +@@ -19996,16 +20626,16 @@ spec: + kind, uid?' + type: string + optional: +- description: Specify whether the Secret or +- its key must be defined ++ description: optional field specify whether ++ the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: +- description: information about the serviceAccountToken +- data to project ++ description: serviceAccountToken is information ++ about the serviceAccountToken data to project + properties: + audience: +- description: Audience is the intended audience ++ description: audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise +@@ -20013,7 +20643,7 @@ spec: + to the identifier of the apiserver. + type: string + expirationSeconds: +- description: ExpirationSeconds is the requested ++ description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively +@@ -20026,7 +20656,7 @@ spec: + format: int64 + type: integer + path: +- description: Path is the path relative to ++ description: path is the path relative to + the mount point of the file to project the + token into. + type: string +@@ -20037,35 +20667,35 @@ spec: + type: array + type: object + quobyte: +- description: Quobyte represents a Quobyte mount on the host ++ description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: +- description: Group to map volume access to Default is ++ description: group to map volume access to Default is + no group + type: string + readOnly: +- description: ReadOnly here will force the Quobyte volume ++ description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults + to false. + type: boolean + registry: +- description: Registry represents a single or multiple ++ description: registry represents a single or multiple + Quobyte Registry services specified as a string as + host:port pair (multiple entries are separated with + commas) which acts as the central registry for volumes + type: string + tenant: +- description: Tenant owning the given Quobyte volume ++ description: tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: +- description: User to map volume access to Defaults to ++ description: user to map volume access to Defaults to + serivceaccount user + type: string + volume: +- description: Volume is a string that references an already ++ description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: +@@ -20073,43 +20703,44 @@ spec: + - volume + type: object + rbd: +- description: 'RBD represents a Rados Block Device mount ++ description: 'rbd represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: +- description: 'Filesystem type of the volume that you +- want to mount. Tip: Ensure that the filesystem type +- is supported by the host operating system. Examples: ++ description: 'fsType is the filesystem type of the volume ++ that you want to mount. Tip: Ensure that the filesystem ++ type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: +- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'image is the rados image name. More info: ++ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: +- description: 'Keyring is the path to key ring for RBDUser. ++ description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: +- description: 'A collection of Ceph monitors. More info: +- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'monitors is a collection of Ceph monitors. ++ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: +- description: 'The rados pool name. Default is rbd. More +- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'pool is the rados pool name. Default is ++ rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: +- description: 'ReadOnly here will force the ReadOnly ++ description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: +- description: 'SecretRef is name of the authentication ++ description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: +@@ -20120,35 +20751,36 @@ spec: + type: string + type: object + user: +- description: 'The rados user name. Default is admin. +- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' ++ description: 'user is the rados user name. Default is ++ admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: +- description: ScaleIO represents a ScaleIO persistent volume ++ description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: +- description: Filesystem type to mount. Must be a filesystem +- type supported by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Default is "xfs". ++ description: fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: +- description: The host address of the ScaleIO API Gateway. ++ description: gateway is the host address of the ScaleIO ++ API Gateway. + type: string + protectionDomain: +- description: The name of the ScaleIO Protection Domain +- for the configured storage. ++ description: protectionDomain is the name of the ScaleIO ++ Protection Domain for the configured storage. + type: string + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly Defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: +- description: SecretRef references to the secret for ++ description: secretRef references to the secret for + ScaleIO user and other sensitive information. If this + is not provided, Login operation will fail. + properties: +@@ -20159,26 +20791,26 @@ spec: + type: string + type: object + sslEnabled: +- description: Flag to enable/disable SSL communication ++ description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: +- description: Indicates whether the storage for a volume +- should be ThickProvisioned or ThinProvisioned. Default +- is ThinProvisioned. ++ description: storageMode indicates whether the storage ++ for a volume should be ThickProvisioned or ThinProvisioned. ++ Default is ThinProvisioned. + type: string + storagePool: +- description: The ScaleIO Storage Pool associated with +- the protection domain. ++ description: storagePool is the ScaleIO Storage Pool ++ associated with the protection domain. + type: string + system: +- description: The name of the storage system as configured +- in ScaleIO. ++ description: system is the name of the storage system ++ as configured in ScaleIO. + type: string + volumeName: +- description: The name of a volume already created in +- the ScaleIO system that is associated with this volume +- source. ++ description: volumeName is the name of a volume already ++ created in the ScaleIO system that is associated with ++ this volume source. + type: string + required: + - gateway +@@ -20186,57 +20818,58 @@ spec: + - system + type: object + secret: +- description: 'Secret represents a secret that should populate ++ description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: +- description: 'Optional: mode bits used to set permissions +- on created files by default. Must be an octal value +- between 0000 and 0777 or a decimal value between 0 +- and 511. YAML accepts both octal and decimal values, +- JSON requires decimal values for mode bits. Defaults +- to 0644. Directories within the path are not affected +- by this setting. This might be in conflict with other +- options that affect the file mode, like fsGroup, and +- the result can be other mode bits set.' ++ description: 'defaultMode is Optional: mode bits used ++ to set permissions on created files by default. Must ++ be an octal value between 0000 and 0777 or a decimal ++ value between 0 and 511. YAML accepts both octal and ++ decimal values, JSON requires decimal values for mode ++ bits. Defaults to 0644. Directories within the path ++ are not affected by this setting. This might be in ++ conflict with other options that affect the file mode, ++ like fsGroup, and the result can be other mode bits ++ set.' + format: int32 + type: integer + items: +- description: If unspecified, each key-value pair in +- the Data field of the referenced Secret will be projected +- into the volume as a file whose name is the key and +- content is the value. If specified, the listed keys +- will be projected into the specified paths, and unlisted +- keys will not be present. If a key is specified which +- is not present in the Secret, the volume setup will +- error unless it is marked optional. Paths must be +- relative and may not contain the '..' path or start +- with '..'. ++ description: items If unspecified, each key-value pair ++ in the Data field of the referenced Secret will be ++ projected into the volume as a file whose name is ++ the key and content is the value. If specified, the ++ listed keys will be projected into the specified paths, ++ and unlisted keys will not be present. If a key is ++ specified which is not present in the Secret, the ++ volume setup will error unless it is marked optional. ++ Paths must be relative and may not contain the '..' ++ path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: +- description: The key to project. ++ description: key is the key to project. + type: string + mode: +- description: 'Optional: mode bits used to set +- permissions on this file. Must be an octal value +- between 0000 and 0777 or a decimal value between +- 0 and 511. YAML accepts both octal and decimal +- values, JSON requires decimal values for mode +- bits. If not specified, the volume defaultMode +- will be used. This might be in conflict with +- other options that affect the file mode, like +- fsGroup, and the result can be other mode bits +- set.' ++ description: 'mode is Optional: mode bits used ++ to set permissions on this file. Must be an ++ octal value between 0000 and 0777 or a decimal ++ value between 0 and 511. YAML accepts both octal ++ and decimal values, JSON requires decimal values ++ for mode bits. If not specified, the volume ++ defaultMode will be used. This might be in conflict ++ with other options that affect the file mode, ++ like fsGroup, and the result can be other mode ++ bits set.' + format: int32 + type: integer + path: +- description: The relative path of the file to +- map the key to. May not be an absolute path. +- May not contain the path element '..'. May not +- start with the string '..'. ++ description: path is the relative path of the ++ file to map the key to. May not be an absolute ++ path. May not contain the path element '..'. ++ May not start with the string '..'. + type: string + required: + - key +@@ -20244,30 +20877,30 @@ spec: + type: object + type: array + optional: +- description: Specify whether the Secret or its keys +- must be defined ++ description: optional field specify whether the Secret ++ or its keys must be defined + type: boolean + secretName: +- description: 'Name of the secret in the pod''s namespace +- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' ++ description: 'secretName is the name of the secret in ++ the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: +- description: StorageOS represents a StorageOS volume attached ++ description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: +- description: Filesystem type to mount. Must be a filesystem +- type supported by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to be "ext4" if +- unspecified. ++ description: fsType is the filesystem type to mount. ++ Must be a filesystem type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. + type: string + readOnly: +- description: Defaults to false (read/write). ReadOnly +- here will force the ReadOnly setting in VolumeMounts. ++ description: readOnly defaults to false (read/write). ++ ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: +- description: SecretRef specifies the secret to use for ++ description: secretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. + properties: +@@ -20278,12 +20911,12 @@ spec: + type: string + type: object + volumeName: +- description: VolumeName is the human-readable name of ++ description: volumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. + type: string + volumeNamespace: +- description: VolumeNamespace specifies the scope of ++ description: volumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within +@@ -20295,25 +20928,26 @@ spec: + type: string + type: object + vsphereVolume: +- description: VsphereVolume represents a vSphere volume attached ++ description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: +- description: Filesystem type to mount. Must be a filesystem +- type supported by the host operating system. Ex. "ext4", +- "xfs", "ntfs". Implicitly inferred to be "ext4" if +- unspecified. ++ description: fsType is filesystem type to mount. Must ++ be a filesystem type supported by the host operating ++ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred ++ to be "ext4" if unspecified. + type: string + storagePolicyID: +- description: Storage Policy Based Management (SPBM) +- profile ID associated with the StoragePolicyName. ++ description: storagePolicyID is the storage Policy Based ++ Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: +- description: Storage Policy Based Management (SPBM) +- profile name. ++ description: storagePolicyName is the storage Policy ++ Based Management (SPBM) profile name. + type: string + volumePath: +- description: Path that identifies vSphere volume vmdk ++ description: volumePath is the path that identifies ++ vSphere volume vmdk + type: string + required: + - volumePath diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml new file mode 100644 index 0000000000..93861be229 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/sinker_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/sinker_deployment.yaml +index 6e5ed47f..1df579f4 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/sinker_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/sinker_deployment.yaml +@@ -22,7 +22,7 @@ spec: + - --config-path=/etc/config/config.yaml + - --job-config-path=/etc/job-config + - --dry-run=false +- image: gcr.io/k8s-prow/sinker:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/sinker:v20220630-695df9040a + env: + # Use KUBECONFIG envvar rather than --kubeconfig flag in order to provide multiple configs to merge. + - name: KUBECONFIG diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml new file mode 100644 index 0000000000..febeca6950 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/statusreconciler_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/statusreconciler_deployment.yaml +index 3d3e1686..fd318ade 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/statusreconciler_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/statusreconciler_deployment.yaml +@@ -33,7 +33,7 @@ spec: + terminationGracePeriodSeconds: 180 + containers: + - name: statusreconciler +- image: gcr.io/k8s-prow/status-reconciler:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/status-reconciler:v20220630-695df9040a + imagePullPolicy: Always + args: + - --dry-run=false diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml new file mode 100644 index 0000000000..78181cb69b --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/tide_deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/tide_deployment.yaml +index 3135e24f..e12ad0cf 100644 +--- a/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/tide_deployment.yaml ++++ b/github/ci/prow-deploy/kustom/base/manifests/test_infra/current/tide_deployment.yaml +@@ -34,7 +34,7 @@ spec: + serviceAccountName: tide + containers: + - name: tide +- image: gcr.io/k8s-prow/tide:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/tide:v20220630-695df9040a + args: + - --dry-run=false + - --github-endpoint=http://ghproxy diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml new file mode 100644 index 0000000000..c7e4a9b282 --- /dev/null +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml @@ -0,0 +1,13 @@ +diff --git a/github/ci/prow-deploy/kustom/overlays/ibmcloud-production/resources/prow-exporter-deployment.yaml b/github/ci/prow-deploy/kustom/overlays/ibmcloud-production/resources/prow-exporter-deployment.yaml +index 897eaebb..63d2a166 100644 +--- a/github/ci/prow-deploy/kustom/overlays/ibmcloud-production/resources/prow-exporter-deployment.yaml ++++ b/github/ci/prow-deploy/kustom/overlays/ibmcloud-production/resources/prow-exporter-deployment.yaml +@@ -20,7 +20,7 @@ spec: + terminationGracePeriodSeconds: 30 + containers: + - name: prow-exporter +- image: gcr.io/k8s-prow/exporter:v20220526-c15dd4997d ++ image: gcr.io/k8s-prow/exporter:v20220630-695df9040a + imagePullPolicy: Always + ports: + - name: metrics diff --git a/robots/cmd/botreview/main.go b/robots/cmd/botreview/main.go index 3d298f44bd..51b95b094d 100644 --- a/robots/cmd/botreview/main.go +++ b/robots/cmd/botreview/main.go @@ -122,7 +122,10 @@ func main() { reviewer := review.NewReviewer(log, github.PullRequestActionEdited, o.org, o.repo, o.pullRequestNumber, user.Login, o.dryRun) botReviewResults, err := reviewer.ReviewLocalCode() if err != nil { - log.Errorf("error while reviewing: %v", err) + log.Info("no review results, cancelling review comments") + } + if len(botReviewResults) == 0 { + return } err = reviewer.AttachReviewComments(botReviewResults, githubClient) From 3facf536bbbfb9366339acc4bca50848e99a059d Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Mon, 11 Jul 2022 16:35:55 +0200 Subject: [PATCH 05/17] fix, image_update: exclude release branch configs Also use base and head for calculating the diff from a PR Signed-off-by: Daniel Hiller --- .../botreview/review/image_update.go | 9 ++- .../botreview/review/image_update_test.go | 73 +++++++++++++++++++ external-plugins/botreview/review/review.go | 18 +++-- robots/cmd/botreview/main.go | 1 + 4 files changed, 92 insertions(+), 9 deletions(-) diff --git a/external-plugins/botreview/review/image_update.go b/external-plugins/botreview/review/image_update.go index f514c47c29..75d2843022 100644 --- a/external-plugins/botreview/review/image_update.go +++ b/external-plugins/botreview/review/image_update.go @@ -38,10 +38,14 @@ These are the suspicious hunks I found: ` ) -var prowJobImageUpdateHunkBodyMatcher *regexp.Regexp +var ( + prowJobImageUpdateHunkBodyMatcher *regexp.Regexp + prowJobReleaseBranchFileNameMatcher *regexp.Regexp +) func init() { prowJobImageUpdateHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) + prowJobReleaseBranchFileNameMatcher = regexp.MustCompile(`.*\/[\w-]+-[0-9-\.]+\.yaml`) } type ProwJobImageUpdateResult struct { @@ -78,7 +82,8 @@ func (t *ProwJobImageUpdate) AddIfRelevant(fileDiff *diff.FileDiff) { // * who are not yaml if strings.TrimPrefix(fileDiff.OrigName, "a/") != fileName || !strings.HasSuffix(fileName, ".yaml") || - !strings.HasPrefix(fileName, "github/ci/prow-deploy/files/jobs") { + !strings.HasPrefix(fileName, "github/ci/prow-deploy/files/jobs") || + prowJobReleaseBranchFileNameMatcher.MatchString(fileName) { return } diff --git a/external-plugins/botreview/review/image_update_test.go b/external-plugins/botreview/review/image_update_test.go index 02720b5211..d851d1ab85 100644 --- a/external-plugins/botreview/review/image_update_test.go +++ b/external-plugins/botreview/review/image_update_test.go @@ -87,3 +87,76 @@ func TestProwJobImageUpdate_Review(t1 *testing.T) { }) } } + +func TestProwJobImageUpdate_AddIfRelevant(t1 *testing.T) { + type fields struct { + relevantFileDiffs []*diff.FileDiff + notMatchingHunks []*diff.Hunk + } + type args struct { + fileDiff *diff.FileDiff + } + tests := []struct { + name string + fields fields + args args + expectedRelevantFileDiffs []*diff.FileDiff + }{ + { + name: "release branch config is ignored", + fields: fields{ + relevantFileDiffs: nil, + notMatchingHunks: nil, + }, + args: args{ + fileDiff: &diff.FileDiff{ + OrigName: "a/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits-0.54.yaml", + OrigTime: nil, + NewName: "b/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits-0.54.yaml", + NewTime: nil, + Extended: nil, + Hunks: nil, + }, + }, + }, + { + name: "non-release branch config is added", + fields: fields{ + relevantFileDiffs: nil, + notMatchingHunks: nil, + }, + args: args{ + fileDiff: &diff.FileDiff{ + OrigName: "a/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml", + OrigTime: nil, + NewName: "b/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml", + NewTime: nil, + Extended: nil, + Hunks: nil, + }, + }, + expectedRelevantFileDiffs: []*diff.FileDiff{ + { + OrigName: "a/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml", + OrigTime: nil, + NewName: "b/github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml", + NewTime: nil, + Extended: nil, + Hunks: nil, + }, + }, + }, + } + for _, tt := range tests { + t1.Run(tt.name, func(t1 *testing.T) { + t := &ProwJobImageUpdate{ + relevantFileDiffs: tt.fields.relevantFileDiffs, + notMatchingHunks: tt.fields.notMatchingHunks, + } + t.AddIfRelevant(tt.args.fileDiff) + if !reflect.DeepEqual(tt.expectedRelevantFileDiffs, t.relevantFileDiffs) { + t1.Errorf("expectedRelevantFileDiffs not equal: %v\n, was\n%v", tt.expectedRelevantFileDiffs, t.relevantFileDiffs) + } + }) + } +} diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go index 3336ac7ccd..68b27ea92f 100644 --- a/external-plugins/botreview/review/review.go +++ b/external-plugins/botreview/review/review.go @@ -71,13 +71,14 @@ func (n BasicResult) String() string { } type Reviewer struct { - l *logrus.Entry - org string - repo string - num int - user string - action github.PullRequestEventAction - dryRun bool + l *logrus.Entry + org string + repo string + num int + user string + action github.PullRequestEventAction + dryRun bool + BaseSHA string } func NewReviewer(l *logrus.Entry, action github.PullRequestEventAction, org string, repo string, num int, user string, dryRun bool) *Reviewer { @@ -113,6 +114,9 @@ func (r *Reviewer) ReviewLocalCode() ([]BotReviewResult, error) { r.info("preparing review") diffCommand := exec.Command("git", "diff", "..main") + if r.BaseSHA != "" { + diffCommand = exec.Command("git", "diff", fmt.Sprintf("%s..%s", r.BaseSHA, "HEAD")) + } output, err := diffCommand.Output() if err != nil { r.fatalF("could not fetch diff output: %v", err) diff --git a/robots/cmd/botreview/main.go b/robots/cmd/botreview/main.go index 51b95b094d..c50bfda606 100644 --- a/robots/cmd/botreview/main.go +++ b/robots/cmd/botreview/main.go @@ -120,6 +120,7 @@ func main() { // Perform review reviewer := review.NewReviewer(log, github.PullRequestActionEdited, o.org, o.repo, o.pullRequestNumber, user.Login, o.dryRun) + reviewer.BaseSHA = pullRequest.Base.SHA botReviewResults, err := reviewer.ReviewLocalCode() if err != nil { log.Info("no review results, cancelling review comments") From 12f3a35360ac216415e1a3992c8c15e7c1a1f2eb Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Mon, 21 Nov 2022 13:57:33 +0100 Subject: [PATCH 06/17] fix, prow_autobump: utility images Signed-off-by: Daniel Hiller --- .../botreview/review/prow_autobump.go | 2 +- .../botreview/review/prow_autobump_test.go | 29 +- ...-crd_prowjob_customresourcedefinition.yaml | 10021 ---------------- 3 files changed, 23 insertions(+), 10029 deletions(-) diff --git a/external-plugins/botreview/review/prow_autobump.go b/external-plugins/botreview/review/prow_autobump.go index ec4b099446..5446a13208 100644 --- a/external-plugins/botreview/review/prow_autobump.go +++ b/external-plugins/botreview/review/prow_autobump.go @@ -45,7 +45,7 @@ These are the suspicious hunks I found: var prowAutobumpHunkBodyMatcher *regexp.Regexp func init() { - prowAutobumpHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) + prowAutobumpHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+(image|clonerefs|initupload|entrypoint|sidecar): [^\s]+$[\n]^\+[\s]+(image|clonerefs|initupload|entrypoint|sidecar): [^\s]+)$`) } type ProwAutobumpResult struct { diff --git a/external-plugins/botreview/review/prow_autobump_test.go b/external-plugins/botreview/review/prow_autobump_test.go index 5e10c991a9..3d739a25cd 100644 --- a/external-plugins/botreview/review/prow_autobump_test.go +++ b/external-plugins/botreview/review/prow_autobump_test.go @@ -54,7 +54,7 @@ func TestProwAutobump_Review(t1 *testing.T) { tests := []struct { name string fields fields - want *ProwJobImageUpdateResult + want *ProwAutobumpResult }{ { name: "simple prow autobump", @@ -72,28 +72,43 @@ func TestProwAutobump_Review(t1 *testing.T) { diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml"], }, }, - want: &ProwJobImageUpdateResult{}, + want: &ProwAutobumpResult{}, }, { - name: "mixed image bump", + name: "prow autobump with crd update", fields: fields{ relevantFileDiffs: []*diff.FileDiff{ diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml"], - diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml"], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml"], }, }, - want: &ProwJobImageUpdateResult{ + want: &ProwAutobumpResult{ notMatchingHunks: []*diff.Hunk{ - diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks[0], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"].Hunks[0], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"].Hunks[1], + diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"].Hunks[2], }, }, }, diff --git a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml index 402b1b2d48..d7985c0e05 100644 --- a/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml +++ b/external-plugins/botreview/review/testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml @@ -29,10024 +29,3 @@ index 7728be61..f90f6b97 100644 https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override -@@ -1551,9 +1551,8 @@ spec: - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the -- following should be specified. Exec -- specifies the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -1628,11 +1627,12 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies -- an action involving a TCP port. -- TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle -- hook' -+ description: Deprecated. TCPSocket -+ is NOT supported as a LifecycleHandler -+ and kept for the backward compatibility. -+ There are no validation of this -+ field and lifecycle hooks will fail -+ in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name -@@ -1660,22 +1660,20 @@ spec: - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container -- crashes or exits. The reason for termination -- is passed to the handler. The Pod''s -- termination grace period countdown begins -- before the PreStop hooked is executed. -- Regardless of the outcome of the handler, -- the container will eventually terminate -- within the Pod''s termination grace -- period. Other management of the container -- blocks until the hook completes or until -- the termination grace period is reached. -- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' -+ crashes or exits. The Pod''s termination -+ grace period countdown begins before -+ the PreStop hook is executed. Regardless -+ of the outcome of the handler, the container -+ will eventually terminate within the -+ Pod''s termination grace period (unless -+ delayed by finalizers). Other management -+ of the container blocks until the hook -+ completes or until the termination grace -+ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the -- following should be specified. Exec -- specifies the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -1750,11 +1748,12 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies -- an action involving a TCP port. -- TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle -- hook' -+ description: Deprecated. TCPSocket -+ is NOT supported as a LifecycleHandler -+ and kept for the backward compatibility. -+ There are no validation of this -+ field and lifecycle hooks will fail -+ in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name -@@ -1783,9 +1782,8 @@ spec: - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following -- should be specified. Exec specifies -- the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -1810,6 +1808,28 @@ spec: - 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action -+ involving a GRPC port. This is a beta -+ field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC -+ service. Number must be in the range -+ 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name -+ of the service to place in the gRPC -+ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the -+ default behavior is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http - request to perform. -@@ -1883,10 +1903,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action -- involving a TCP port. TCP hooks not -- yet supported TODO: implement a realistic -- TCP lifecycle hook' -+ description: TCPSocket specifies an action -+ involving a TCP port. - properties: - host: - description: 'Optional: Host name -@@ -2005,9 +2023,8 @@ spec: - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following -- should be specified. Exec specifies -- the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -2032,6 +2049,28 @@ spec: - 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action -+ involving a GRPC port. This is a beta -+ field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC -+ service. Number must be in the range -+ 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name -+ of the service to place in the gRPC -+ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the -+ default behavior is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http - request to perform. -@@ -2105,10 +2144,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action -- involving a TCP port. TCP hooks not -- yet supported TODO: implement a realistic -- TCP lifecycle hook' -+ description: TCPSocket specifies an action -+ involving a TCP port. - properties: - host: - description: 'Optional: Host name -@@ -2210,13 +2247,17 @@ spec: - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged -- 2) has CAP_SYS_ADMIN' -+ 2) has CAP_SYS_ADMIN Note that this -+ field cannot be set when spec.os.name -+ is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted -- by the container runtime. -+ by the container runtime. Note that -+ this field cannot be set when spec.os.name -+ is windows. - properties: - add: - description: Added capabilities -@@ -2237,7 +2278,9 @@ spec: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on -- the host. Defaults to false. -+ the host. Defaults to false. Note that -+ this field cannot be set when spec.os.name -+ is windows. - type: boolean - procMount: - description: procMount denotes the type -@@ -2246,12 +2289,14 @@ spec: - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature -- flag to be enabled. -+ flag to be enabled. Note that this field -+ cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default -- is false. -+ is false. Note that this field cannot -+ be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint -@@ -2260,7 +2305,8 @@ spec: - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field -+ cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: -@@ -2283,7 +2329,8 @@ spec: - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field -+ cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: -@@ -2294,7 +2341,8 @@ spec: - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field -+ cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level -@@ -2318,7 +2366,8 @@ spec: - by this container. If seccomp options - are provided at both the pod & container - level, the container options override -- the pod options. -+ the pod options. Note that this field -+ cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates -@@ -2350,6 +2399,8 @@ spec: - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. -+ Note that this field cannot be set when -+ spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is -@@ -2409,9 +2460,8 @@ spec: - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following -- should be specified. Exec specifies -- the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -2436,6 +2486,28 @@ spec: - 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action -+ involving a GRPC port. This is a beta -+ field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC -+ service. Number must be in the range -+ 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name -+ of the service to place in the gRPC -+ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the -+ default behavior is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http - request to perform. -@@ -2509,10 +2581,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action -- involving a TCP port. TCP hooks not -- yet supported TODO: implement a realistic -- TCP lifecycle hook' -+ description: TCPSocket specifies an action -+ involving a TCP port. - properties: - host: - description: 'Optional: Host name -@@ -2703,8 +2773,8 @@ spec: - properties: - args: - description: 'Arguments to the entrypoint. The -- docker image''s CMD is used if this is not -- provided. Variable references $(VAR_NAME) -+ container image''s CMD is used if this is -+ not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double -@@ -2720,7 +2790,7 @@ spec: - type: array - command: - description: 'Entrypoint array. Not executed -- within a shell. The docker image''s ENTRYPOINT -+ within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable -@@ -2912,7 +2982,7 @@ spec: - type: object - type: array - image: -- description: 'Docker image name. More info: -+ description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container -@@ -2939,9 +3009,8 @@ spec: - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the -- following should be specified. Exec -- specifies the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -3014,10 +3083,12 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies an -- action involving a TCP port. TCP hooks -- not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: Deprecated. TCPSocket is -+ NOT supported as a LifecycleHandler -+ and kept for the backward compatibility. -+ There are no validation of this field -+ and lifecycle hooks will fail in runtime -+ when tcp handler is specified. - properties: - host: - description: 'Optional: Host name -@@ -3044,21 +3115,20 @@ spec: - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes -- or exits. The reason for termination is -- passed to the handler. The Pod''s termination -- grace period countdown begins before the -- PreStop hooked is executed. Regardless -- of the outcome of the handler, the container -- will eventually terminate within the Pod''s -- termination grace period. Other management -- of the container blocks until the hook -- completes or until the termination grace -- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' -+ or exits. The Pod''s termination grace -+ period countdown begins before the PreStop -+ hook is executed. Regardless of the outcome -+ of the handler, the container will eventually -+ terminate within the Pod''s termination -+ grace period (unless delayed by finalizers). -+ Other management of the container blocks -+ until the hook completes or until the -+ termination grace period is reached. More -+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the -- following should be specified. Exec -- specifies the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -3131,10 +3201,12 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies an -- action involving a TCP port. TCP hooks -- not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: Deprecated. TCPSocket is -+ NOT supported as a LifecycleHandler -+ and kept for the backward compatibility. -+ There are no validation of this field -+ and lifecycle hooks will fail in runtime -+ when tcp handler is specified. - properties: - host: - description: 'Optional: Host name -@@ -3161,9 +3233,8 @@ spec: - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following -- should be specified. Exec specifies the -- action to take. -+ description: Exec specifies the action to -+ take. - properties: - command: - description: Command is the command -@@ -3188,6 +3259,28 @@ spec: - Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving -+ a GRPC port. This is a beta field and -+ requires enabling GRPCContainerProbe feature -+ gate. -+ properties: -+ port: -+ description: Port number of the gRPC -+ service. Number must be in the range -+ 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of -+ the service to place in the gRPC HealthCheckRequest -+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default -+ behavior is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http - request to perform. -@@ -3261,10 +3354,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action -- involving a TCP port. TCP hooks not yet -- supported TODO: implement a realistic -- TCP lifecycle hook' -+ description: TCPSocket specifies an action -+ involving a TCP port. - properties: - host: - description: 'Optional: Host name to -@@ -3378,9 +3469,8 @@ spec: - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following -- should be specified. Exec specifies the -- action to take. -+ description: Exec specifies the action to -+ take. - properties: - command: - description: Command is the command -@@ -3405,6 +3495,28 @@ spec: - Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving -+ a GRPC port. This is a beta field and -+ requires enabling GRPCContainerProbe feature -+ gate. -+ properties: -+ port: -+ description: Port number of the gRPC -+ service. Number must be in the range -+ 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of -+ the service to place in the gRPC HealthCheckRequest -+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default -+ behavior is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http - request to perform. -@@ -3478,10 +3590,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action -- involving a TCP port. TCP hooks not yet -- supported TODO: implement a realistic -- TCP lifecycle hook' -+ description: TCPSocket specifies an action -+ involving a TCP port. - properties: - host: - description: 'Optional: Host name to -@@ -3573,13 +3683,17 @@ spec: - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: -- 1) run as Privileged 2) has CAP_SYS_ADMIN' -+ 1) run as Privileged 2) has CAP_SYS_ADMIN -+ Note that this field cannot be set when -+ spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by -- the container runtime. -+ the container runtime. Note that this -+ field cannot be set when spec.os.name -+ is windows. - properties: - add: - description: Added capabilities -@@ -3600,7 +3714,9 @@ spec: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on -- the host. Defaults to false. -+ the host. Defaults to false. Note that -+ this field cannot be set when spec.os.name -+ is windows. - type: boolean - procMount: - description: procMount denotes the type -@@ -3609,12 +3725,14 @@ spec: - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag -- to be enabled. -+ to be enabled. Note that this field cannot -+ be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is -- false. -+ false. Note that this field cannot be -+ set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint -@@ -3622,7 +3740,8 @@ spec: - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field -+ cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: -@@ -3645,7 +3764,8 @@ spec: - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field -+ cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: -@@ -3656,7 +3776,8 @@ spec: - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field -+ cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level -@@ -3680,7 +3801,8 @@ spec: - by this container. If seccomp options - are provided at both the pod & container - level, the container options override -- the pod options. -+ the pod options. Note that this field -+ cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates -@@ -3711,7 +3833,9 @@ spec: - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified -- in SecurityContext takes precedence. -+ in SecurityContext takes precedence. Note -+ that this field cannot be set when spec.os.name -+ is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where -@@ -3767,9 +3891,8 @@ spec: - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following -- should be specified. Exec specifies the -- action to take. -+ description: Exec specifies the action to -+ take. - properties: - command: - description: Command is the command -@@ -3794,6 +3917,28 @@ spec: - Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving -+ a GRPC port. This is a beta field and -+ requires enabling GRPCContainerProbe feature -+ gate. -+ properties: -+ port: -+ description: Port number of the gRPC -+ service. Number must be in the range -+ 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of -+ the service to place in the gRPC HealthCheckRequest -+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default -+ behavior is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http - request to perform. -@@ -3867,10 +4012,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action -- involving a TCP port. TCP hooks not yet -- supported TODO: implement a realistic -- TCP lifecycle hook' -+ description: TCPSocket specifies an action -+ involving a TCP port. - properties: - host: - description: 'Optional: Host name to -@@ -4058,7 +4201,7 @@ spec: - properties: - args: - description: 'Arguments to the entrypoint. -- The docker image''s CMD is used if this -+ The container image''s CMD is used if this - is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference -@@ -4075,7 +4218,7 @@ spec: - type: array - command: - description: 'Entrypoint array. Not executed -- within a shell. The docker image''s ENTRYPOINT -+ within a shell. The container image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable -@@ -4275,7 +4418,7 @@ spec: - type: object - type: array - image: -- description: 'Docker image name. More info: -+ description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override -@@ -4304,9 +4447,8 @@ spec: - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the -- following should be specified. Exec -- specifies the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -4381,11 +4523,12 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies -- an action involving a TCP port. -- TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle -- hook' -+ description: Deprecated. TCPSocket -+ is NOT supported as a LifecycleHandler -+ and kept for the backward compatibility. -+ There are no validation of this -+ field and lifecycle hooks will fail -+ in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name -@@ -4413,22 +4556,20 @@ spec: - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container -- crashes or exits. The reason for termination -- is passed to the handler. The Pod''s -- termination grace period countdown begins -- before the PreStop hooked is executed. -- Regardless of the outcome of the handler, -- the container will eventually terminate -- within the Pod''s termination grace -- period. Other management of the container -- blocks until the hook completes or until -- the termination grace period is reached. -- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' -+ crashes or exits. The Pod''s termination -+ grace period countdown begins before -+ the PreStop hook is executed. Regardless -+ of the outcome of the handler, the container -+ will eventually terminate within the -+ Pod''s termination grace period (unless -+ delayed by finalizers). Other management -+ of the container blocks until the hook -+ completes or until the termination grace -+ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the -- following should be specified. Exec -- specifies the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -4503,11 +4644,12 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies -- an action involving a TCP port. -- TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle -- hook' -+ description: Deprecated. TCPSocket -+ is NOT supported as a LifecycleHandler -+ and kept for the backward compatibility. -+ There are no validation of this -+ field and lifecycle hooks will fail -+ in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name -@@ -4536,9 +4678,8 @@ spec: - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following -- should be specified. Exec specifies -- the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -4563,6 +4704,28 @@ spec: - 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action -+ involving a GRPC port. This is a beta -+ field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC -+ service. Number must be in the range -+ 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name -+ of the service to place in the gRPC -+ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the -+ default behavior is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http - request to perform. -@@ -4636,10 +4799,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action -- involving a TCP port. TCP hooks not -- yet supported TODO: implement a realistic -- TCP lifecycle hook' -+ description: TCPSocket specifies an action -+ involving a TCP port. - properties: - host: - description: 'Optional: Host name -@@ -4758,9 +4919,8 @@ spec: - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following -- should be specified. Exec specifies -- the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -4785,6 +4945,28 @@ spec: - 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action -+ involving a GRPC port. This is a beta -+ field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC -+ service. Number must be in the range -+ 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name -+ of the service to place in the gRPC -+ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the -+ default behavior is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http - request to perform. -@@ -4858,10 +5040,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action -- involving a TCP port. TCP hooks not -- yet supported TODO: implement a realistic -- TCP lifecycle hook' -+ description: TCPSocket specifies an action -+ involving a TCP port. - properties: - host: - description: 'Optional: Host name -@@ -4963,13 +5143,17 @@ spec: - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged -- 2) has CAP_SYS_ADMIN' -+ 2) has CAP_SYS_ADMIN Note that this -+ field cannot be set when spec.os.name -+ is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted -- by the container runtime. -+ by the container runtime. Note that -+ this field cannot be set when spec.os.name -+ is windows. - properties: - add: - description: Added capabilities -@@ -4990,7 +5174,9 @@ spec: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on -- the host. Defaults to false. -+ the host. Defaults to false. Note that -+ this field cannot be set when spec.os.name -+ is windows. - type: boolean - procMount: - description: procMount denotes the type -@@ -4999,12 +5185,14 @@ spec: - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature -- flag to be enabled. -+ flag to be enabled. Note that this field -+ cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default -- is false. -+ is false. Note that this field cannot -+ be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint -@@ -5013,7 +5201,8 @@ spec: - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field -+ cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: -@@ -5036,7 +5225,8 @@ spec: - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field -+ cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: -@@ -5047,7 +5237,8 @@ spec: - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field -+ cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level -@@ -5071,7 +5262,8 @@ spec: - by this container. If seccomp options - are provided at both the pod & container - level, the container options override -- the pod options. -+ the pod options. Note that this field -+ cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates -@@ -5103,6 +5295,8 @@ spec: - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. -+ Note that this field cannot be set when -+ spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is -@@ -5162,9 +5356,8 @@ spec: - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following -- should be specified. Exec specifies -- the action to take. -+ description: Exec specifies the action -+ to take. - properties: - command: - description: Command is the command -@@ -5189,6 +5382,28 @@ spec: - 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action -+ involving a GRPC port. This is a beta -+ field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC -+ service. Number must be in the range -+ 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name -+ of the service to place in the gRPC -+ HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the -+ default behavior is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http - request to perform. -@@ -5262,10 +5477,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action -- involving a TCP port. TCP hooks not -- yet supported TODO: implement a realistic -- TCP lifecycle hook' -+ description: TCPSocket specifies an action -+ involving a TCP port. - properties: - host: - description: 'Optional: Host name -@@ -5459,139 +5672,144 @@ spec: - in the pod. - properties: - awsElasticBlockStore: -- description: 'AWSElasticBlockStore represents -+ description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to - a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: -- description: 'Filesystem type of the volume -- that you want to mount. Tip: Ensure -- that the filesystem type is supported -- by the host operating system. Examples: -- "ext4", "xfs", "ntfs". Implicitly inferred -- to be "ext4" if unspecified. More info: -- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -+ description: 'fsType is the filesystem -+ type of the volume that you want to -+ mount. Tip: Ensure that the filesystem -+ type is supported by the host operating -+ system. Examples: "ext4", "xfs", "ntfs". -+ Implicitly inferred to be "ext4" if -+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: -- description: 'The partition in the volume -- that you want to mount. If omitted, -- the default is to mount by volume name. -- Examples: For volume /dev/sda1, you -- specify the partition as "1". Similarly, -- the volume partition for /dev/sda is -- "0" (or you can leave the property empty).' -+ description: 'partition is the partition -+ in the volume that you want to mount. -+ If omitted, the default is to mount -+ by volume name. Examples: For volume -+ /dev/sda1, you specify the partition -+ as "1". Similarly, the volume partition -+ for /dev/sda is "0" (or you can leave -+ the property empty).' - format: int32 - type: integer - readOnly: -- description: 'Specify "true" to force -- and set the ReadOnly property in VolumeMounts -- to "true". If omitted, the default is -- "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' -+ description: 'readOnly value true will -+ force the readOnly setting in VolumeMounts. -+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: -- description: 'Unique ID of the persistent -- disk resource in AWS (Amazon EBS volume). -- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' -+ description: 'volumeID is unique ID of -+ the persistent disk resource in AWS -+ (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: -- description: AzureDisk represents an Azure -+ description: azureDisk represents an Azure - Data Disk mount on the host and bind mount - to the pod. - properties: - cachingMode: -- description: 'Host Caching mode: None, -- Read Only, Read Write.' -+ description: 'cachingMode is the Host -+ Caching mode: None, Read Only, Read -+ Write.' - type: string - diskName: -- description: The Name of the data disk -- in the blob storage -+ description: diskName is the Name of the -+ data disk in the blob storage - type: string - diskURI: -- description: The URI the data disk in -- the blob storage -+ description: diskURI is the URI of data -+ disk in the blob storage - type: string - fsType: -- description: Filesystem type to mount. -- Must be a filesystem type supported -- by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to -- be "ext4" if unspecified. -+ description: fsType is Filesystem type -+ to mount. Must be a filesystem type -+ supported by the host operating system. -+ Ex. "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. - type: string - kind: -- description: 'Expected values Shared: -- multiple blob disks per storage account Dedicated: -- single blob disk per storage account Managed: -- azure managed data disk (only in managed -- availability set). defaults to shared' -+ description: 'kind expected values are -+ Shared: multiple blob disks per storage -+ account Dedicated: single blob disk -+ per storage account Managed: azure -+ managed data disk (only in managed availability -+ set). defaults to shared' - type: string - readOnly: -- description: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly -- setting in VolumeMounts. -+ description: readOnly Defaults to false -+ (read/write). ReadOnly here will force -+ the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: -- description: AzureFile represents an Azure -+ description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. - properties: - readOnly: -- description: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly -- setting in VolumeMounts. -+ description: readOnly defaults to false -+ (read/write). ReadOnly here will force -+ the ReadOnly setting in VolumeMounts. - type: boolean - secretName: -- description: the name of secret that contains -- Azure Storage Account Name and Key -+ description: secretName is the name of -+ secret that contains Azure Storage Account -+ Name and Key - type: string - shareName: -- description: Share Name -+ description: shareName is the azure share -+ Name - type: string - required: - - secretName - - shareName - type: object - cephfs: -- description: CephFS represents a Ceph FS mount -+ description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime - properties: - monitors: -- description: 'Required: Monitors is a -- collection of Ceph monitors More info: -- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'monitors is Required: Monitors -+ is a collection of Ceph monitors More -+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: -- description: 'Optional: Used as the mounted -- root, rather than the full Ceph tree, -- default is /' -+ description: 'path is Optional: Used as -+ the mounted root, rather than the full -+ Ceph tree, default is /' - type: string - readOnly: -- description: 'Optional: Defaults to false -- (read/write). ReadOnly here will force -- the ReadOnly setting in VolumeMounts. -+ description: 'readOnly is Optional: Defaults -+ to false (read/write). ReadOnly here -+ will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: -- description: 'Optional: SecretFile is -- the path to key ring for User, default -- is /etc/ceph/user.secret More info: -- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'secretFile is Optional: -+ SecretFile is the path to key ring for -+ User, default is /etc/ceph/user.secret -+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: -- description: 'Optional: SecretRef is reference -- to the authentication secret for User, -- default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'secretRef is Optional: SecretRef -+ is reference to the authentication secret -+ for User, default is empty. More info: -+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. -@@ -5601,36 +5819,36 @@ spec: - type: string - type: object - user: -- description: 'Optional: User is the rados -- user name, default is admin More info: -- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'user is optional: User is -+ the rados user name, default is admin -+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: -- description: 'Cinder represents a cinder volume -+ description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: -- description: 'Filesystem type to mount. -- Must be a filesystem type supported -- by the host operating system. Examples: -- "ext4", "xfs", "ntfs". Implicitly inferred -- to be "ext4" if unspecified. More info: -- https://examples.k8s.io/mysql-cinder-pd/README.md' -+ description: 'fsType is the filesystem -+ type to mount. Must be a filesystem -+ type supported by the host operating -+ system. Examples: "ext4", "xfs", "ntfs". -+ Implicitly inferred to be "ext4" if -+ unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: -- description: 'Optional: Defaults to false -+ description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: -- description: 'Optional: points to a secret -- object containing parameters used to -- connect to OpenStack.' -+ description: 'secretRef is optional: points -+ to a secret object containing parameters -+ used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. -@@ -5640,76 +5858,76 @@ spec: - type: string - type: object - volumeID: -- description: 'volume id used to identify -+ description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: -- description: ConfigMap represents a configMap -+ description: configMap represents a configMap - that should populate this volume - properties: - defaultMode: -- description: 'Optional: mode bits used -- to set permissions on created files -- by default. Must be an octal value between -- 0000 and 0777 or a decimal value between -- 0 and 511. YAML accepts both octal and -- decimal values, JSON requires decimal -- values for mode bits. Defaults to 0644. -- Directories within the path are not -- affected by this setting. This might -- be in conflict with other options that -- affect the file mode, like fsGroup, -- and the result can be other mode bits -- set.' -+ description: 'defaultMode is optional: -+ mode bits used to set permissions on -+ created files by default. Must be an -+ octal value between 0000 and 0777 or -+ a decimal value between 0 and 511. YAML -+ accepts both octal and decimal values, -+ JSON requires decimal values for mode -+ bits. Defaults to 0644. Directories -+ within the path are not affected by -+ this setting. This might be in conflict -+ with other options that affect the file -+ mode, like fsGroup, and the result can -+ be other mode bits set.' - format: int32 - type: integer - items: -- description: If unspecified, each key-value -- pair in the Data field of the referenced -- ConfigMap will be projected into the -- volume as a file whose name is the key -- and content is the value. If specified, -- the listed keys will be projected into -- the specified paths, and unlisted keys -- will not be present. If a key is specified -- which is not present in the ConfigMap, -- the volume setup will error unless it -- is marked optional. Paths must be relative -- and may not contain the '..' path or -- start with '..'. -+ description: items if unspecified, each -+ key-value pair in the Data field of -+ the referenced ConfigMap will be projected -+ into the volume as a file whose name -+ is the key and content is the value. -+ If specified, the listed keys will be -+ projected into the specified paths, -+ and unlisted keys will not be present. -+ If a key is specified which is not present -+ in the ConfigMap, the volume setup will -+ error unless it is marked optional. -+ Paths must be relative and may not contain -+ the '..' path or start with '..'. - items: - description: Maps a string key to a - path within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits -- used to set permissions on this -- file. Must be an octal value between -- 0000 and 0777 or a decimal value -- between 0 and 511. YAML accepts -- both octal and decimal values, -- JSON requires decimal values for -- mode bits. If not specified, the -- volume defaultMode will be used. -- This might be in conflict with -- other options that affect the -- file mode, like fsGroup, and the -- result can be other mode bits -- set.' -+ description: 'mode is Optional: -+ mode bits used to set permissions -+ on this file. Must be an octal -+ value between 0000 and 0777 or -+ a decimal value between 0 and -+ 511. YAML accepts both octal and -+ decimal values, JSON requires -+ decimal values for mode bits. -+ If not specified, the volume defaultMode -+ will be used. This might be in -+ conflict with other options that -+ affect the file mode, like fsGroup, -+ and the result can be other mode -+ bits set.' - format: int32 - type: integer - path: -- description: The relative path of -- the file to map the key to. May -- not be an absolute path. May not -- contain the path element '..'. -- May not start with the string -+ description: path is the relative -+ path of the file to map the key -+ to. May not be an absolute path. -+ May not contain the path element -+ '..'. May not start with the string - '..'. - type: string - required: -@@ -5724,30 +5942,30 @@ spec: - kind, uid?' - type: string - optional: -- description: Specify whether the ConfigMap -- or its keys must be defined -+ description: optional specify whether -+ the ConfigMap or its keys must be defined - type: boolean - type: object - csi: -- description: CSI (Container Storage Interface) -+ description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). - properties: - driver: -- description: Driver is the name of the -+ description: driver is the name of the - CSI driver that handles this volume. - Consult with your admin for the correct - name as registered in the cluster. - type: string - fsType: -- description: Filesystem type to mount. -- Ex. "ext4", "xfs", "ntfs". If not provided, -- the empty value is passed to the associated -+ description: fsType to mount. Ex. "ext4", -+ "xfs", "ntfs". If not provided, the -+ empty value is passed to the associated - CSI driver which will determine the - default filesystem to apply. - type: string - nodePublishSecretRef: -- description: NodePublishSecretRef is a -+ description: nodePublishSecretRef is a - reference to the secret object containing - sensitive information to pass to the - CSI driver to complete the CSI NodePublishVolume -@@ -5765,13 +5983,14 @@ spec: - type: string - type: object - readOnly: -- description: Specifies a read-only configuration -- for the volume. Defaults to false (read/write). -+ description: readOnly specifies a read-only -+ configuration for the volume. Defaults -+ to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string -- description: VolumeAttributes stores driver-specific -+ description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. -@@ -5780,7 +5999,7 @@ spec: - - driver - type: object - downwardAPI: -- description: DownwardAPI represents downward -+ description: downwardAPI represents downward - API about the pod that should populate this - volume - properties: -@@ -5889,36 +6108,37 @@ spec: - type: array - type: object - emptyDir: -- description: 'EmptyDir represents a temporary -+ description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: -- description: 'What type of storage medium -- should back this directory. The default -- is "" which means to use the node''s -- default medium. Must be an empty string -- (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' -+ description: 'medium represents what type -+ of storage medium should back this directory. -+ The default is "" which means to use -+ the node''s default medium. Must be -+ an empty string (default) or Memory. -+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string -- description: 'Total amount of local storage -- required for this EmptyDir volume. The -- size limit is also applicable for memory -- medium. The maximum usage on memory -- medium EmptyDir would be the minimum -- value between the SizeLimit specified -- here and the sum of memory limits of -- all containers in a pod. The default -- is nil which means that the limit is -- undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' -+ description: 'sizeLimit is the total amount -+ of local storage required for this EmptyDir -+ volume. The size limit is also applicable -+ for memory medium. The maximum usage -+ on memory medium EmptyDir would be the -+ minimum value between the SizeLimit -+ specified here and the sum of memory -+ limits of all containers in a pod. The -+ default is nil which means that the -+ limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: -- description: "Ephemeral represents a volume -+ description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before -@@ -5941,10 +6161,7 @@ spec: - used that way - see the documentation of - the driver for more information. \n A pod - can use both types of ephemeral volumes -- and persistent volumes at the same time. -- \n This is a beta feature and only available -- when the GenericEphemeralVolume feature -- gate is enabled." -+ and persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a -@@ -5991,7 +6208,7 @@ spec: - valid here. - properties: - accessModes: -- description: 'AccessModes contains -+ description: 'accessModes contains - the desired access modes the - volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' -@@ -5999,10 +6216,10 @@ spec: - type: string - type: array - dataSource: -- description: 'This field can be -- used to specify either: * An -- existing VolumeSnapshot object -- (snapshot.storage.k8s.io/VolumeSnapshot) -+ description: 'dataSource field -+ can be used to specify either: -+ * An existing VolumeSnapshot -+ object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified -@@ -6037,11 +6254,11 @@ spec: - - name - type: object - dataSourceRef: -- description: 'Specifies the object -- from which to populate the volume -- with data, if a non-empty volume -- is desired. This may be any -- local object from a non-empty -+ description: 'dataSourceRef specifies -+ the object from which to populate -+ the volume with data, if a non-empty -+ volume is desired. This may -+ be any local object from a non-empty - API group (non core object) - or a PersistentVolumeClaim object. - When this field is specified, -@@ -6071,7 +6288,7 @@ spec: - them), DataSourceRef preserves - all values, and generates an - error if a disallowed value -- is specified. (Alpha) Using -+ is specified. (Beta) Using - this field requires the AnyVolumeDataSource - feature gate to be enabled.' - properties: -@@ -6098,9 +6315,16 @@ spec: - - name - type: object - resources: -- description: 'Resources represents -+ description: 'resources represents - the minimum resources the volume -- should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' -+ should have. If RecoverVolumeExpansionFailure -+ feature is enabled users are -+ allowed to specify resource -+ requirements that are lower -+ than previous value but must -+ still be higher than capacity -+ recorded in the status field -+ of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: -@@ -6132,8 +6356,9 @@ spec: - type: object - type: object - selector: -- description: A label query over -- volumes to consider for binding. -+ description: selector is a label -+ query over volumes to consider -+ for binding. - properties: - matchExpressions: - description: matchExpressions -@@ -6201,7 +6426,8 @@ spec: - type: object - type: object - storageClassName: -- description: 'Name of the StorageClass -+ description: 'storageClassName -+ is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string -@@ -6213,7 +6439,7 @@ spec: - in claim spec. - type: string - volumeName: -- description: VolumeName is the -+ description: volumeName is the - binding reference to the PersistentVolume - backing this claim. - type: string -@@ -6223,79 +6449,82 @@ spec: - type: object - type: object - fc: -- description: FC represents a Fibre Channel -+ description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the pod. - properties: - fsType: -- description: 'Filesystem type to mount. -- Must be a filesystem type supported -- by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to -- be "ext4" if unspecified. TODO: how -- do we prevent errors in the filesystem -- from compromising the machine' -+ description: 'fsType is the filesystem -+ type to mount. Must be a filesystem -+ type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. -+ TODO: how do we prevent errors in the -+ filesystem from compromising the machine' - type: string - lun: -- description: 'Optional: FC target lun -- number' -+ description: 'lun is Optional: FC target -+ lun number' - format: int32 - type: integer - readOnly: -- description: 'Optional: Defaults to false -- (read/write). ReadOnly here will force -- the ReadOnly setting in VolumeMounts.' -+ description: 'readOnly is Optional: Defaults -+ to false (read/write). ReadOnly here -+ will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: -- description: 'Optional: FC target worldwide -- names (WWNs)' -+ description: 'targetWWNs is Optional: -+ FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: -- description: 'Optional: FC volume world -- wide identifiers (wwids) Either wwids -- or combination of targetWWNs and lun -- must be set, but not both simultaneously.' -+ description: 'wwids Optional: FC volume -+ world wide identifiers (wwids) Either -+ wwids or combination of targetWWNs and -+ lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: -- description: FlexVolume represents a generic -+ description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. - properties: - driver: -- description: Driver is the name of the -+ description: driver is the name of the - driver to use for this volume. - type: string - fsType: -- description: Filesystem type to mount. -- Must be a filesystem type supported -- by the host operating system. Ex. "ext4", -- "xfs", "ntfs". The default filesystem -- depends on FlexVolume script. -+ description: fsType is the filesystem -+ type to mount. Must be a filesystem -+ type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". The -+ default filesystem depends on FlexVolume -+ script. - type: string - options: - additionalProperties: - type: string -- description: 'Optional: Extra command -- options if any.' -+ description: 'options is Optional: this -+ field holds extra command options if -+ any.' - type: object - readOnly: -- description: 'Optional: Defaults to false -- (read/write). ReadOnly here will force -- the ReadOnly setting in VolumeMounts.' -+ description: 'readOnly is Optional: defaults -+ to false (read/write). ReadOnly here -+ will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: -- description: 'Optional: SecretRef is reference -- to the secret object containing sensitive -- information to pass to the plugin scripts. -- This may be empty if no secret object -- is specified. If the secret object contains -- more than one secret, all secrets are -- passed to the plugin scripts.' -+ description: 'secretRef is Optional: secretRef -+ is reference to the secret object containing -+ sensitive information to pass to the -+ plugin scripts. This may be empty if -+ no secret object is specified. If the -+ secret object contains more than one -+ secret, all secrets are passed to the -+ plugin scripts.' - properties: - name: - description: 'Name of the referent. -@@ -6308,56 +6537,58 @@ spec: - - driver - type: object - flocker: -- description: Flocker represents a Flocker -+ description: flocker represents a Flocker - volume attached to a kubelet's host machine. - This depends on the Flocker control service - being running - properties: - datasetName: -- description: Name of the dataset stored -- as metadata -> name on the dataset for -- Flocker should be considered as deprecated -+ description: datasetName is Name of the -+ dataset stored as metadata -> name on -+ the dataset for Flocker should be considered -+ as deprecated - type: string - datasetUUID: -- description: UUID of the dataset. This -- is unique identifier of a Flocker dataset -+ description: datasetUUID is the UUID of -+ the dataset. This is unique identifier -+ of a Flocker dataset - type: string - type: object - gcePersistentDisk: -- description: 'GCEPersistentDisk represents -+ description: 'gcePersistentDisk represents - a GCE Disk resource that is attached to - a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: -- description: 'Filesystem type of the volume -- that you want to mount. Tip: Ensure -- that the filesystem type is supported -- by the host operating system. Examples: -- "ext4", "xfs", "ntfs". Implicitly inferred -- to be "ext4" if unspecified. More info: -- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -+ description: 'fsType is filesystem type -+ of the volume that you want to mount. -+ Tip: Ensure that the filesystem type -+ is supported by the host operating system. -+ Examples: "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. -+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: -- description: 'The partition in the volume -- that you want to mount. If omitted, -- the default is to mount by volume name. -- Examples: For volume /dev/sda1, you -- specify the partition as "1". Similarly, -- the volume partition for /dev/sda is -- "0" (or you can leave the property empty). -- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' -+ description: 'partition is the partition -+ in the volume that you want to mount. -+ If omitted, the default is to mount -+ by volume name. Examples: For volume -+ /dev/sda1, you specify the partition -+ as "1". Similarly, the volume partition -+ for /dev/sda is "0" (or you can leave -+ the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: -- description: 'Unique name of the PD resource -- in GCE. Used to identify the disk in -- GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' -+ description: 'pdName is unique name of -+ the PD resource in GCE. Used to identify -+ the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: -- description: 'ReadOnly here will force -+ description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean -@@ -6365,7 +6596,7 @@ spec: - - pdName - type: object - gitRepo: -- description: 'GitRepo represents a git repository -+ description: 'gitRepo represents a git repository - at a particular revision. DEPRECATED: GitRepo - is deprecated. To provision a container - with a git repo, mount an EmptyDir into -@@ -6374,40 +6605,40 @@ spec: - container.' - properties: - directory: -- description: Target directory name. Must -- not contain or start with '..'. If -- '.' is supplied, the volume directory -- will be the git repository. Otherwise, -+ description: directory is the target directory -+ name. Must not contain or start with -+ '..'. If '.' is supplied, the volume -+ directory will be the git repository. Otherwise, - if specified, the volume will contain - the git repository in the subdirectory - with the given name. - type: string - repository: -- description: Repository URL -+ description: repository is the URL - type: string - revision: -- description: Commit hash for the specified -- revision. -+ description: revision is the commit hash -+ for the specified revision. - type: string - required: - - repository - type: object - glusterfs: -- description: 'Glusterfs represents a Glusterfs -+ description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: -- description: 'EndpointsName is the endpoint -+ description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: -- description: 'Path is the Glusterfs volume -+ description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: -- description: 'ReadOnly here will force -+ description: 'readOnly here will force - the Glusterfs volume to be mounted with - read-only permissions. Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' -@@ -6417,7 +6648,7 @@ spec: - - path - type: object - hostPath: -- description: 'HostPath represents a pre-existing -+ description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other -@@ -6429,78 +6660,82 @@ spec: - not mount host directories as read/write.' - properties: - path: -- description: 'Path of the directory on -+ description: 'path of the directory on - the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: -- description: 'Type for HostPath Volume -+ description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: -- description: 'ISCSI represents an ISCSI Disk -+ description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: -- description: whether support iSCSI Discovery -- CHAP authentication -+ description: chapAuthDiscovery defines -+ whether support iSCSI Discovery CHAP -+ authentication - type: boolean - chapAuthSession: -- description: whether support iSCSI Session -- CHAP authentication -+ description: chapAuthSession defines whether -+ support iSCSI Session CHAP authentication - type: boolean - fsType: -- description: 'Filesystem type of the volume -- that you want to mount. Tip: Ensure -- that the filesystem type is supported -- by the host operating system. Examples: -- "ext4", "xfs", "ntfs". Implicitly inferred -- to be "ext4" if unspecified. More info: -- https://kubernetes.io/docs/concepts/storage/volumes#iscsi -+ description: 'fsType is the filesystem -+ type of the volume that you want to -+ mount. Tip: Ensure that the filesystem -+ type is supported by the host operating -+ system. Examples: "ext4", "xfs", "ntfs". -+ Implicitly inferred to be "ext4" if -+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - initiatorName: -- description: Custom iSCSI Initiator Name. -- If initiatorName is specified with iscsiInterface -- simultaneously, new iSCSI interface -- : will be -- created for the connection. -+ description: initiatorName is the custom -+ iSCSI Initiator Name. If initiatorName -+ is specified with iscsiInterface simultaneously, -+ new iSCSI interface : will be created for the connection. - type: string - iqn: -- description: Target iSCSI Qualified Name. -+ description: iqn is the target iSCSI Qualified -+ Name. - type: string - iscsiInterface: -- description: iSCSI Interface Name that -- uses an iSCSI transport. Defaults to -- 'default' (tcp). -+ description: iscsiInterface is the interface -+ Name that uses an iSCSI transport. Defaults -+ to 'default' (tcp). - type: string - lun: -- description: iSCSI Target Lun number. -+ description: lun represents iSCSI Target -+ Lun number. - format: int32 - type: integer - portals: -- description: iSCSI Target Portal List. -- The portal is either an IP or ip_addr:port -- if the port is other than default (typically -- TCP ports 860 and 3260). -+ description: portals is the iSCSI Target -+ Portal List. The portal is either an -+ IP or ip_addr:port if the port is other -+ than default (typically TCP ports 860 -+ and 3260). - items: - type: string - type: array - readOnly: -- description: ReadOnly here will force -+ description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: -- description: CHAP Secret for iSCSI target -- and initiator authentication -+ description: secretRef is the CHAP Secret -+ for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. -@@ -6510,10 +6745,11 @@ spec: - type: string - type: object - targetPortal: -- description: iSCSI Target Portal. The -- Portal is either an IP or ip_addr:port -- if the port is other than default (typically -- TCP ports 860 and 3260). -+ description: targetPortal is iSCSI Target -+ Portal. The Portal is either an IP or -+ ip_addr:port if the port is other than -+ default (typically TCP ports 860 and -+ 3260). - type: string - required: - - iqn -@@ -6521,26 +6757,27 @@ spec: - - targetPortal - type: object - name: -- description: 'Volume''s name. Must be a DNS_LABEL -- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' -+ description: 'name of the volume. Must be -+ a DNS_LABEL and unique within the pod. More -+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: -- description: 'NFS represents an NFS mount -+ description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: -- description: 'Path that is exported by -+ description: 'path that is exported by - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: -- description: 'ReadOnly here will force -+ description: 'readOnly here will force - the NFS export to be mounted with read-only - permissions. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: -- description: 'Server is the hostname or -+ description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string -@@ -6549,98 +6786,100 @@ spec: - - server - type: object - persistentVolumeClaim: -- description: 'PersistentVolumeClaimVolumeSource -+ description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: -- description: 'ClaimName is the name of -+ description: 'claimName is the name of - a PersistentVolumeClaim in the same - namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: -- description: Will force the ReadOnly setting -- in VolumeMounts. Default false. -+ description: readOnly Will force the ReadOnly -+ setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: -- description: PhotonPersistentDisk represents -+ description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine - properties: - fsType: -- description: Filesystem type to mount. -- Must be a filesystem type supported -- by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to -- be "ext4" if unspecified. -+ description: fsType is the filesystem -+ type to mount. Must be a filesystem -+ type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. - type: string - pdID: -- description: ID that identifies Photon -- Controller persistent disk -+ description: pdID is the ID that identifies -+ Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: -- description: PortworxVolume represents a portworx -+ description: portworxVolume represents a portworx - volume attached and mounted on kubelets - host machine - properties: - fsType: -- description: FSType represents the filesystem -+ description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: -- description: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly -- setting in VolumeMounts. -+ description: readOnly defaults to false -+ (read/write). ReadOnly here will force -+ the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: -- description: VolumeID uniquely identifies -+ description: volumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: -- description: Items for all in one resources -- secrets, configmaps, and downward API -+ description: projected items for all in one -+ resources secrets, configmaps, and downward -+ API - properties: - defaultMode: -- description: Mode bits used to set permissions -- on created files by default. Must be -- an octal value between 0000 and 0777 -- or a decimal value between 0 and 511. -- YAML accepts both octal and decimal -- values, JSON requires decimal values -- for mode bits. Directories within the -- path are not affected by this setting. -- This might be in conflict with other -- options that affect the file mode, like -- fsGroup, and the result can be other -- mode bits set. -+ description: defaultMode are the mode -+ bits used to set permissions on created -+ files by default. Must be an octal value -+ between 0000 and 0777 or a decimal value -+ between 0 and 511. YAML accepts both -+ octal and decimal values, JSON requires -+ decimal values for mode bits. Directories -+ within the path are not affected by -+ this setting. This might be in conflict -+ with other options that affect the file -+ mode, like fsGroup, and the result can -+ be other mode bits set. - format: int32 - type: integer - sources: -- description: list of volume projections -+ description: sources is the list of volume -+ projections - items: - description: Projection that may be - projected along with other supported - volume types - properties: - configMap: -- description: information about the -- configMap data to project -+ description: configMap information -+ about the configMap data to project - properties: - items: -- description: If unspecified, -+ description: items if unspecified, - each key-value pair in the - Data field of the referenced - ConfigMap will be projected -@@ -6662,26 +6901,26 @@ spec: - key to a path within a volume. - properties: - key: -- description: The key to -- project. -+ description: key is the -+ key to project. - type: string - mode: -- description: 'Optional: -- mode bits used to set -- permissions on this -- file. Must be an octal -- value between 0000 and -- 0777 or a decimal value -- between 0 and 511. YAML -- accepts both octal and -- decimal values, JSON -- requires decimal values -- for mode bits. If not -- specified, the volume -- defaultMode will be -- used. This might be -- in conflict with other -- options that affect -+ description: 'mode is -+ Optional: mode bits -+ used to set permissions -+ on this file. Must be -+ an octal value between -+ 0000 and 0777 or a decimal -+ value between 0 and -+ 511. YAML accepts both -+ octal and decimal values, -+ JSON requires decimal -+ values for mode bits. -+ If not specified, the -+ volume defaultMode will -+ be used. This might -+ be in conflict with -+ other options that affect - the file mode, like - fsGroup, and the result - can be other mode bits -@@ -6689,14 +6928,14 @@ spec: - format: int32 - type: integer - path: -- description: The relative -- path of the file to -- map the key to. May -- not be an absolute path. -- May not contain the -- path element '..'. May -- not start with the string -- '..'. -+ description: path is the -+ relative path of the -+ file to map the key -+ to. May not be an absolute -+ path. May not contain -+ the path element '..'. -+ May not start with the -+ string '..'. - type: string - required: - - key -@@ -6710,14 +6949,15 @@ spec: - apiVersion, kind, uid?' - type: string - optional: -- description: Specify whether -- the ConfigMap or its keys -- must be defined -+ description: optional specify -+ whether the ConfigMap or its -+ keys must be defined - type: boolean - type: object - downwardAPI: -- description: information about the -- downwardAPI data to project -+ description: downwardAPI information -+ about the downwardAPI data to -+ project - properties: - items: - description: Items is a list -@@ -6824,11 +7064,11 @@ spec: - type: array - type: object - secret: -- description: information about the -- secret data to project -+ description: secret information -+ about the secret data to project - properties: - items: -- description: If unspecified, -+ description: items if unspecified, - each key-value pair in the - Data field of the referenced - Secret will be projected into -@@ -6850,26 +7090,26 @@ spec: - key to a path within a volume. - properties: - key: -- description: The key to -- project. -+ description: key is the -+ key to project. - type: string - mode: -- description: 'Optional: -- mode bits used to set -- permissions on this -- file. Must be an octal -- value between 0000 and -- 0777 or a decimal value -- between 0 and 511. YAML -- accepts both octal and -- decimal values, JSON -- requires decimal values -- for mode bits. If not -- specified, the volume -- defaultMode will be -- used. This might be -- in conflict with other -- options that affect -+ description: 'mode is -+ Optional: mode bits -+ used to set permissions -+ on this file. Must be -+ an octal value between -+ 0000 and 0777 or a decimal -+ value between 0 and -+ 511. YAML accepts both -+ octal and decimal values, -+ JSON requires decimal -+ values for mode bits. -+ If not specified, the -+ volume defaultMode will -+ be used. This might -+ be in conflict with -+ other options that affect - the file mode, like - fsGroup, and the result - can be other mode bits -@@ -6877,14 +7117,14 @@ spec: - format: int32 - type: integer - path: -- description: The relative -- path of the file to -- map the key to. May -- not be an absolute path. -- May not contain the -- path element '..'. May -- not start with the string -- '..'. -+ description: path is the -+ relative path of the -+ file to map the key -+ to. May not be an absolute -+ path. May not contain -+ the path element '..'. -+ May not start with the -+ string '..'. - type: string - required: - - key -@@ -6898,17 +7138,18 @@ spec: - apiVersion, kind, uid?' - type: string - optional: -- description: Specify whether -- the Secret or its key must -- be defined -+ description: optional field -+ specify whether the Secret -+ or its key must be defined - type: boolean - type: object - serviceAccountToken: -- description: information about the -- serviceAccountToken data to project -+ description: serviceAccountToken -+ is information about the serviceAccountToken -+ data to project - properties: - audience: -- description: Audience is the -+ description: audience is the - intended audience of the token. - A recipient of a token must - identify itself with an identifier -@@ -6919,7 +7160,7 @@ spec: - of the apiserver. - type: string - expirationSeconds: -- description: ExpirationSeconds -+ description: expirationSeconds - is the requested duration - of validity of the service - account token. As the token -@@ -6937,7 +7178,7 @@ spec: - format: int64 - type: integer - path: -- description: Path is the path -+ description: path is the path - relative to the mount point - of the file to project the - token into. -@@ -6949,20 +7190,20 @@ spec: - type: array - type: object - quobyte: -- description: Quobyte represents a Quobyte -+ description: quobyte represents a Quobyte - mount on the host that shares a pod's lifetime - properties: - group: -- description: Group to map volume access -+ description: group to map volume access - to Default is no group - type: string - readOnly: -- description: ReadOnly here will force -+ description: readOnly here will force - the Quobyte volume to be mounted with - read-only permissions. Defaults to false. - type: boolean - registry: -- description: Registry represents a single -+ description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with -@@ -6970,17 +7211,17 @@ spec: - for volumes - type: string - tenant: -- description: Tenant owning the given Quobyte -+ description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin - type: string - user: -- description: User to map volume access -+ description: user to map volume access - to Defaults to serivceaccount user - type: string - volume: -- description: Volume is a string that references -+ description: volume is a string that references - an already created Quobyte volume by - name. - type: string -@@ -6989,47 +7230,47 @@ spec: - - volume - type: object - rbd: -- description: 'RBD represents a Rados Block -+ description: 'rbd represents a Rados Block - Device mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: -- description: 'Filesystem type of the volume -- that you want to mount. Tip: Ensure -- that the filesystem type is supported -- by the host operating system. Examples: -- "ext4", "xfs", "ntfs". Implicitly inferred -- to be "ext4" if unspecified. More info: -- https://kubernetes.io/docs/concepts/storage/volumes#rbd -+ description: 'fsType is the filesystem -+ type of the volume that you want to -+ mount. Tip: Ensure that the filesystem -+ type is supported by the host operating -+ system. Examples: "ext4", "xfs", "ntfs". -+ Implicitly inferred to be "ext4" if -+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - image: -- description: 'The rados image name. More -- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'image is the rados image -+ name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: -- description: 'Keyring is the path to key -+ description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: -- description: 'A collection of Ceph monitors. -- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'monitors is a collection -+ of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: -- description: 'The rados pool name. Default -- is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'pool is the rados pool name. -+ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: -- description: 'ReadOnly here will force -+ description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: -- description: 'SecretRef is name of the -+ description: 'secretRef is name of the - authentication secret for RBDUser. If - provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -@@ -7042,39 +7283,41 @@ spec: - type: string - type: object - user: -- description: 'The rados user name. Default -- is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'user is the rados user name. -+ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: -- description: ScaleIO represents a ScaleIO -+ description: scaleIO represents a ScaleIO - persistent volume attached and mounted on - Kubernetes nodes. - properties: - fsType: -- description: Filesystem type to mount. -- Must be a filesystem type supported -- by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Default is "xfs". -+ description: fsType is the filesystem -+ type to mount. Must be a filesystem -+ type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Default -+ is "xfs". - type: string - gateway: -- description: The host address of the ScaleIO -- API Gateway. -+ description: gateway is the host address -+ of the ScaleIO API Gateway. - type: string - protectionDomain: -- description: The name of the ScaleIO Protection -- Domain for the configured storage. -+ description: protectionDomain is the name -+ of the ScaleIO Protection Domain for -+ the configured storage. - type: string - readOnly: -- description: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly -- setting in VolumeMounts. -+ description: readOnly Defaults to false -+ (read/write). ReadOnly here will force -+ the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: -- description: SecretRef references to the -+ description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. -@@ -7087,27 +7330,29 @@ spec: - type: string - type: object - sslEnabled: -- description: Flag to enable/disable SSL -- communication with Gateway, default -+ description: sslEnabled Flag enable/disable -+ SSL communication with Gateway, default - false - type: boolean - storageMode: -- description: Indicates whether the storage -- for a volume should be ThickProvisioned -+ description: storageMode indicates whether -+ the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: -- description: The ScaleIO Storage Pool -- associated with the protection domain. -+ description: storagePool is the ScaleIO -+ Storage Pool associated with the protection -+ domain. - type: string - system: -- description: The name of the storage system -- as configured in ScaleIO. -+ description: system is the name of the -+ storage system as configured in ScaleIO. - type: string - volumeName: -- description: The name of a volume already -- created in the ScaleIO system that is -- associated with this volume source. -+ description: volumeName is the name of -+ a volume already created in the ScaleIO -+ system that is associated with this -+ volume source. - type: string - required: - - gateway -@@ -7115,70 +7360,70 @@ spec: - - system - type: object - secret: -- description: 'Secret represents a secret that -+ description: 'secret represents a secret that - should populate this volume. More info: - https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: -- description: 'Optional: mode bits used -- to set permissions on created files -- by default. Must be an octal value between -- 0000 and 0777 or a decimal value between -- 0 and 511. YAML accepts both octal and -- decimal values, JSON requires decimal -- values for mode bits. Defaults to 0644. -- Directories within the path are not -- affected by this setting. This might -- be in conflict with other options that -- affect the file mode, like fsGroup, -- and the result can be other mode bits -- set.' -+ description: 'defaultMode is Optional: -+ mode bits used to set permissions on -+ created files by default. Must be an -+ octal value between 0000 and 0777 or -+ a decimal value between 0 and 511. YAML -+ accepts both octal and decimal values, -+ JSON requires decimal values for mode -+ bits. Defaults to 0644. Directories -+ within the path are not affected by -+ this setting. This might be in conflict -+ with other options that affect the file -+ mode, like fsGroup, and the result can -+ be other mode bits set.' - format: int32 - type: integer - items: -- description: If unspecified, each key-value -- pair in the Data field of the referenced -- Secret will be projected into the volume -- as a file whose name is the key and -- content is the value. If specified, -- the listed keys will be projected into -- the specified paths, and unlisted keys -- will not be present. If a key is specified -- which is not present in the Secret, -- the volume setup will error unless it -- is marked optional. Paths must be relative -- and may not contain the '..' path or -- start with '..'. -+ description: items If unspecified, each -+ key-value pair in the Data field of -+ the referenced Secret will be projected -+ into the volume as a file whose name -+ is the key and content is the value. -+ If specified, the listed keys will be -+ projected into the specified paths, -+ and unlisted keys will not be present. -+ If a key is specified which is not present -+ in the Secret, the volume setup will -+ error unless it is marked optional. -+ Paths must be relative and may not contain -+ the '..' path or start with '..'. - items: - description: Maps a string key to a - path within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits -- used to set permissions on this -- file. Must be an octal value between -- 0000 and 0777 or a decimal value -- between 0 and 511. YAML accepts -- both octal and decimal values, -- JSON requires decimal values for -- mode bits. If not specified, the -- volume defaultMode will be used. -- This might be in conflict with -- other options that affect the -- file mode, like fsGroup, and the -- result can be other mode bits -- set.' -+ description: 'mode is Optional: -+ mode bits used to set permissions -+ on this file. Must be an octal -+ value between 0000 and 0777 or -+ a decimal value between 0 and -+ 511. YAML accepts both octal and -+ decimal values, JSON requires -+ decimal values for mode bits. -+ If not specified, the volume defaultMode -+ will be used. This might be in -+ conflict with other options that -+ affect the file mode, like fsGroup, -+ and the result can be other mode -+ bits set.' - format: int32 - type: integer - path: -- description: The relative path of -- the file to map the key to. May -- not be an absolute path. May not -- contain the path element '..'. -- May not start with the string -+ description: path is the relative -+ path of the file to map the key -+ to. May not be an absolute path. -+ May not contain the path element -+ '..'. May not start with the string - '..'. - type: string - required: -@@ -7187,34 +7432,34 @@ spec: - type: object - type: array - optional: -- description: Specify whether the Secret -- or its keys must be defined -+ description: optional field specify whether -+ the Secret or its keys must be defined - type: boolean - secretName: -- description: 'Name of the secret in the -- pod''s namespace to use. More info: -- https://kubernetes.io/docs/concepts/storage/volumes#secret' -+ description: 'secretName is the name of -+ the secret in the pod''s namespace to -+ use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: -- description: StorageOS represents a StorageOS -+ description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: -- description: Filesystem type to mount. -- Must be a filesystem type supported -- by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to -- be "ext4" if unspecified. -+ description: fsType is the filesystem -+ type to mount. Must be a filesystem -+ type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. - type: string - readOnly: -- description: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly -- setting in VolumeMounts. -+ description: readOnly defaults to false -+ (read/write). ReadOnly here will force -+ the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: -- description: SecretRef specifies the secret -+ description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. -@@ -7227,12 +7472,12 @@ spec: - type: string - type: object - volumeName: -- description: VolumeName is the human-readable -+ description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: -- description: VolumeNamespace specifies -+ description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows -@@ -7246,29 +7491,30 @@ spec: - type: string - type: object - vsphereVolume: -- description: VsphereVolume represents a vSphere -+ description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets - host machine - properties: - fsType: -- description: Filesystem type to mount. -- Must be a filesystem type supported -- by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to -- be "ext4" if unspecified. -+ description: fsType is filesystem type -+ to mount. Must be a filesystem type -+ supported by the host operating system. -+ Ex. "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. - type: string - storagePolicyID: -- description: Storage Policy Based Management -- (SPBM) profile ID associated with the -- StoragePolicyName. -+ description: storagePolicyID is the storage -+ Policy Based Management (SPBM) profile -+ ID associated with the StoragePolicyName. - type: string - storagePolicyName: -- description: Storage Policy Based Management -- (SPBM) profile name. -+ description: storagePolicyName is the -+ storage Policy Based Management (SPBM) -+ profile name. - type: string - volumePath: -- description: Path that identifies vSphere -- volume vmdk -+ description: volumePath is the path that -+ identifies vSphere volume vmdk - type: string - required: - - volumePath -@@ -7678,9 +7924,6 @@ spec: - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. -- This field is beta-level and is only honored -- when PodAffinityNamespaceSelector feature -- is enabled. - properties: - matchExpressions: - description: matchExpressions is a list -@@ -7740,7 +7983,7 @@ spec: - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null -- namespaceSelector means "this pod's namespace" -+ namespaceSelector means "this pod's namespace". - items: - type: string - type: array -@@ -7849,9 +8092,7 @@ spec: - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty -- selector ({}) matches all namespaces. This -- field is beta-level and is only honored when -- PodAffinityNamespaceSelector feature is enabled. -+ selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list -@@ -7908,7 +8149,7 @@ spec: - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this -- pod's namespace" -+ pod's namespace". - items: - type: string - type: array -@@ -8019,9 +8260,6 @@ spec: - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. -- This field is beta-level and is only honored -- when PodAffinityNamespaceSelector feature -- is enabled. - properties: - matchExpressions: - description: matchExpressions is a list -@@ -8081,7 +8319,7 @@ spec: - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null -- namespaceSelector means "this pod's namespace" -+ namespaceSelector means "this pod's namespace". - items: - type: string - type: array -@@ -8190,9 +8428,7 @@ spec: - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty -- selector ({}) matches all namespaces. This -- field is beta-level and is only honored when -- PodAffinityNamespaceSelector feature is enabled. -+ selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list -@@ -8249,7 +8485,7 @@ spec: - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this -- pod's namespace" -+ pod's namespace". - items: - type: string - type: array -@@ -8387,7 +8623,8 @@ spec: - in the volume will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, the Kubelet - will not modify the ownership and permissions of any -- volume." -+ volume. Note that this field cannot be set when spec.os.name -+ is windows." - format: int64 - type: integer - fsGroupChangePolicy: -@@ -8398,14 +8635,16 @@ spec: - permissions). It will have no effect on ephemeral volume - types such as: secret, configmaps and emptydir. Valid - values are "OnRootMismatch" and "Always". If not specified, -- "Always" is used.' -+ "Always" is used. Note that this field cannot be set -+ when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext -- takes precedence for that container. -+ takes precedence for that container. Note that this -+ field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: -@@ -8424,7 +8663,8 @@ spec: - if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence -- for that container. -+ for that container. Note that this field cannot be set -+ when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: -@@ -8433,7 +8673,8 @@ spec: - allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext -- takes precedence for that container. -+ takes precedence for that container. Note that this -+ field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies -@@ -8454,7 +8695,8 @@ spec: - type: object - seccompProfile: - description: The seccomp options to use by the containers -- in this pod. -+ in this pod. Note that this field cannot be set when -+ spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile -@@ -8479,7 +8721,8 @@ spec: - description: A list of groups applied to the first process - run in each container, in addition to the container's - primary GID. If unspecified, no groups will be added -- to any container. -+ to any container. Note that this field cannot be set -+ when spec.os.name is windows. - items: - format: int64 - type: integer -@@ -8487,7 +8730,8 @@ spec: - sysctls: - description: Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls (by -- the container runtime) might fail to launch. -+ the container runtime) might fail to launch. Note that -+ this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be - set -@@ -8508,7 +8752,8 @@ spec: - all containers. If unspecified, the options within a - container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value -- specified in SecurityContext takes precedence. -+ specified in SecurityContext takes precedence. Note -+ that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA -@@ -8593,123 +8838,128 @@ spec: - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: -- description: 'AWSElasticBlockStore represents an AWS -+ description: 'awsElasticBlockStore represents an AWS - Disk resource that is attached to a kubelet''s host - machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: -- description: 'Filesystem type of the volume that -- you want to mount. Tip: Ensure that the filesystem -- type is supported by the host operating system. -- Examples: "ext4", "xfs", "ntfs". Implicitly inferred -- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -+ description: 'fsType is the filesystem type of the -+ volume that you want to mount. Tip: Ensure that -+ the filesystem type is supported by the host operating -+ system. Examples: "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. More info: -+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: -- description: 'The partition in the volume that you -- want to mount. If omitted, the default is to mount -- by volume name. Examples: For volume /dev/sda1, -- you specify the partition as "1". Similarly, the -- volume partition for /dev/sda is "0" (or you can -- leave the property empty).' -+ description: 'partition is the partition in the -+ volume that you want to mount. If omitted, the -+ default is to mount by volume name. Examples: -+ For volume /dev/sda1, you specify the partition -+ as "1". Similarly, the volume partition for /dev/sda -+ is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: -- description: 'Specify "true" to force and set the -- ReadOnly property in VolumeMounts to "true". If -- omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' -+ description: 'readOnly value true will force the -+ readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: -- description: 'Unique ID of the persistent disk resource -- in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' -+ description: 'volumeID is unique ID of the persistent -+ disk resource in AWS (Amazon EBS volume). More -+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: -- description: AzureDisk represents an Azure Data Disk -+ description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. - properties: - cachingMode: -- description: 'Host Caching mode: None, Read Only, -- Read Write.' -+ description: 'cachingMode is the Host Caching mode: -+ None, Read Only, Read Write.' - type: string - diskName: -- description: The Name of the data disk in the blob -- storage -+ description: diskName is the Name of the data disk -+ in the blob storage - type: string - diskURI: -- description: The URI the data disk in the blob storage -+ description: diskURI is the URI of data disk in -+ the blob storage - type: string - fsType: -- description: Filesystem type to mount. Must be a -- filesystem type supported by the host operating -- system. Ex. "ext4", "xfs", "ntfs". Implicitly -+ description: fsType is Filesystem type to mount. -+ Must be a filesystem type supported by the host -+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - kind: -- description: 'Expected values Shared: multiple blob -- disks per storage account Dedicated: single blob -- disk per storage account Managed: azure managed -- data disk (only in managed availability set). -- defaults to shared' -+ description: 'kind expected values are Shared: multiple -+ blob disks per storage account Dedicated: single -+ blob disk per storage account Managed: azure -+ managed data disk (only in managed availability -+ set). defaults to shared' - type: string - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly Defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting -+ in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: -- description: AzureFile represents an Azure File Service -+ description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting -+ in VolumeMounts. - type: boolean - secretName: -- description: the name of secret that contains Azure -- Storage Account Name and Key -+ description: secretName is the name of secret that -+ contains Azure Storage Account Name and Key - type: string - shareName: -- description: Share Name -+ description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: -- description: CephFS represents a Ceph FS mount on the -+ description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime - properties: - monitors: -- description: 'Required: Monitors is a collection -- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'monitors is Required: Monitors is -+ a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: -- description: 'Optional: Used as the mounted root, -- rather than the full Ceph tree, default is /' -+ description: 'path is Optional: Used as the mounted -+ root, rather than the full Ceph tree, default -+ is /' - type: string - readOnly: -- description: 'Optional: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly setting -- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'readOnly is Optional: Defaults to -+ false (read/write). ReadOnly here will force the -+ ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: -- description: 'Optional: SecretFile is the path to -- key ring for User, default is /etc/ceph/user.secret -+ description: 'secretFile is Optional: SecretFile -+ is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: -- description: 'Optional: SecretRef is reference to -- the authentication secret for User, default is -- empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'secretRef is Optional: SecretRef is -+ reference to the authentication secret for User, -+ default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: -@@ -8719,31 +8969,32 @@ spec: - type: string - type: object - user: -- description: 'Optional: User is the rados user name, -- default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'user is optional: User is the rados -+ user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: -- description: 'Cinder represents a cinder volume attached -+ description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: -- description: 'Filesystem type to mount. Must be -- a filesystem type supported by the host operating -- system. Examples: "ext4", "xfs", "ntfs". Implicitly -- inferred to be "ext4" if unspecified. More info: -- https://examples.k8s.io/mysql-cinder-pd/README.md' -+ description: 'fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host -+ operating system. Examples: "ext4", "xfs", "ntfs". -+ Implicitly inferred to be "ext4" if unspecified. -+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: -- description: 'Optional: Defaults to false (read/write). -+ description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: -- description: 'Optional: points to a secret object -- containing parameters used to connect to OpenStack.' -+ description: 'secretRef is optional: points to a -+ secret object containing parameters used to connect -+ to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: -@@ -8753,32 +9004,32 @@ spec: - type: string - type: object - volumeID: -- description: 'volume id used to identify the volume -+ description: 'volumeID used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: -- description: ConfigMap represents a configMap that should -+ description: configMap represents a configMap that should - populate this volume - properties: - defaultMode: -- description: 'Optional: mode bits used to set permissions -- on created files by default. Must be an octal -- value between 0000 and 0777 or a decimal value -- between 0 and 511. YAML accepts both octal and -- decimal values, JSON requires decimal values for -- mode bits. Defaults to 0644. Directories within -- the path are not affected by this setting. This -- might be in conflict with other options that affect -- the file mode, like fsGroup, and the result can -- be other mode bits set.' -+ description: 'defaultMode is optional: mode bits -+ used to set permissions on created files by default. -+ Must be an octal value between 0000 and 0777 or -+ a decimal value between 0 and 511. YAML accepts -+ both octal and decimal values, JSON requires decimal -+ values for mode bits. Defaults to 0644. Directories -+ within the path are not affected by this setting. -+ This might be in conflict with other options that -+ affect the file mode, like fsGroup, and the result -+ can be other mode bits set.' - format: int32 - type: integer - items: -- description: If unspecified, each key-value pair -- in the Data field of the referenced ConfigMap -+ description: items if unspecified, each key-value -+ pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified -@@ -8793,26 +9044,28 @@ spec: - a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used to -- set permissions on this file. Must be an -- octal value between 0000 and 0777 or a decimal -- value between 0 and 511. YAML accepts both -- octal and decimal values, JSON requires -- decimal values for mode bits. If not specified, -- the volume defaultMode will be used. This -- might be in conflict with other options -- that affect the file mode, like fsGroup, -- and the result can be other mode bits set.' -+ description: 'mode is Optional: mode bits -+ used to set permissions on this file. Must -+ be an octal value between 0000 and 0777 -+ or a decimal value between 0 and 511. YAML -+ accepts both octal and decimal values, JSON -+ requires decimal values for mode bits. If -+ not specified, the volume defaultMode will -+ be used. This might be in conflict with -+ other options that affect the file mode, -+ like fsGroup, and the result can be other -+ mode bits set.' - format: int32 - type: integer - path: -- description: The relative path of the file -- to map the key to. May not be an absolute -- path. May not contain the path element '..'. -- May not start with the string '..'. -+ description: path is the relative path of -+ the file to map the key to. May not be an -+ absolute path. May not contain the path -+ element '..'. May not start with the string -+ '..'. - type: string - required: - - key -@@ -8825,28 +9078,28 @@ spec: - uid?' - type: string - optional: -- description: Specify whether the ConfigMap or its -- keys must be defined -+ description: optional specify whether the ConfigMap -+ or its keys must be defined - type: boolean - type: object - csi: -- description: CSI (Container Storage Interface) represents -+ description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: -- description: Driver is the name of the CSI driver -+ description: driver is the name of the CSI driver - that handles this volume. Consult with your admin - for the correct name as registered in the cluster. - type: string - fsType: -- description: Filesystem type to mount. Ex. "ext4", -- "xfs", "ntfs". If not provided, the empty value -- is passed to the associated CSI driver which will -- determine the default filesystem to apply. -+ description: fsType to mount. Ex. "ext4", "xfs", -+ "ntfs". If not provided, the empty value is passed -+ to the associated CSI driver which will determine -+ the default filesystem to apply. - type: string - nodePublishSecretRef: -- description: NodePublishSecretRef is a reference -+ description: nodePublishSecretRef is a reference - to the secret object containing sensitive information - to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. -@@ -8863,13 +9116,13 @@ spec: - type: string - type: object - readOnly: -- description: Specifies a read-only configuration -+ description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string -- description: VolumeAttributes stores driver-specific -+ description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for supported - values. -@@ -8878,7 +9131,7 @@ spec: - - driver - type: object - downwardAPI: -- description: DownwardAPI represents downward API about -+ description: downwardAPI represents downward API about - the pod that should populate this volume - properties: - defaultMode: -@@ -8971,32 +9224,33 @@ spec: - type: array - type: object - emptyDir: -- description: 'EmptyDir represents a temporary directory -+ description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: -- description: 'What type of storage medium should -- back this directory. The default is "" which means -- to use the node''s default medium. Must be an -- empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' -+ description: 'medium represents what type of storage -+ medium should back this directory. The default -+ is "" which means to use the node''s default medium. -+ Must be an empty string (default) or Memory. More -+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string -- description: 'Total amount of local storage required -- for this EmptyDir volume. The size limit is also -- applicable for memory medium. The maximum usage -- on memory medium EmptyDir would be the minimum -- value between the SizeLimit specified here and -- the sum of memory limits of all containers in -- a pod. The default is nil which means that the -- limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' -+ description: 'sizeLimit is the total amount of local -+ storage required for this EmptyDir volume. The -+ size limit is also applicable for memory medium. -+ The maximum usage on memory medium EmptyDir would -+ be the minimum value between the SizeLimit specified -+ here and the sum of memory limits of all containers -+ in a pod. The default is nil which means that -+ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: -- description: "Ephemeral represents a volume that is -+ description: "ephemeral represents a volume that is - handled by a cluster storage driver. The volume's - lifecycle is tied to the pod that defines it - it - will be created before the pod starts, and deleted -@@ -9016,9 +9270,7 @@ spec: - to be used that way - see the documentation of the - driver for more information. \n A pod can use both - types of ephemeral volumes and persistent volumes -- at the same time. \n This is a beta feature and only -- available when the GenericEphemeralVolume feature -- gate is enabled." -+ at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone -@@ -9058,15 +9310,15 @@ spec: - are also valid here. - properties: - accessModes: -- description: 'AccessModes contains the desired -+ description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: -- description: 'This field can be used to -- specify either: * An existing VolumeSnapshot -+ description: 'dataSource field can be used -+ to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller -@@ -9099,10 +9351,10 @@ spec: - - name - type: object - dataSourceRef: -- description: 'Specifies the object from -- which to populate the volume with data, -- if a non-empty volume is desired. This -- may be any local object from a non-empty -+ description: 'dataSourceRef specifies the -+ object from which to populate the volume -+ with data, if a non-empty volume is desired. -+ This may be any local object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed if the -@@ -9124,7 +9376,7 @@ spec: - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves - all values, and generates an error if -- a disallowed value is specified. (Alpha) -+ a disallowed value is specified. (Beta) - Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' - properties: -@@ -9149,9 +9401,14 @@ spec: - - name - type: object - resources: -- description: 'Resources represents the minimum -- resources the volume should have. More -- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' -+ description: 'resources represents the minimum -+ resources the volume should have. If RecoverVolumeExpansionFailure -+ feature is enabled users are allowed to -+ specify resource requirements that are -+ lower than previous value but must still -+ be higher than capacity recorded in the -+ status field of the claim. More info: -+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: -@@ -9181,8 +9438,8 @@ spec: - type: object - type: object - selector: -- description: A label query over volumes -- to consider for binding. -+ description: selector is a label query over -+ volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list -@@ -9236,8 +9493,9 @@ spec: - type: object - type: object - storageClassName: -- description: 'Name of the StorageClass required -- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' -+ description: 'storageClassName is the name -+ of the StorageClass required by the claim. -+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type -@@ -9246,7 +9504,7 @@ spec: - in claim spec. - type: string - volumeName: -- description: VolumeName is the binding reference -+ description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object -@@ -9255,74 +9513,75 @@ spec: - type: object - type: object - fc: -- description: FC represents a Fibre Channel resource -+ description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine and then - exposed to the pod. - properties: - fsType: -- description: 'Filesystem type to mount. Must be -- a filesystem type supported by the host operating -- system. Ex. "ext4", "xfs", "ntfs". Implicitly -+ description: 'fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host -+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. TODO: how - do we prevent errors in the filesystem from compromising - the machine' - type: string - lun: -- description: 'Optional: FC target lun number' -+ description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: -- description: 'Optional: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly setting -- in VolumeMounts.' -+ description: 'readOnly is Optional: Defaults to -+ false (read/write). ReadOnly here will force the -+ ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: -- description: 'Optional: FC target worldwide names -- (WWNs)' -+ description: 'targetWWNs is Optional: FC target -+ worldwide names (WWNs)' - items: - type: string - type: array - wwids: -- description: 'Optional: FC volume world wide identifiers -- (wwids) Either wwids or combination of targetWWNs -- and lun must be set, but not both simultaneously.' -+ description: 'wwids Optional: FC volume world wide -+ identifiers (wwids) Either wwids or combination -+ of targetWWNs and lun must be set, but not both -+ simultaneously.' - items: - type: string - type: array - type: object - flexVolume: -- description: FlexVolume represents a generic volume -+ description: flexVolume represents a generic volume - resource that is provisioned/attached using an exec - based plugin. - properties: - driver: -- description: Driver is the name of the driver to -+ description: driver is the name of the driver to - use for this volume. - type: string - fsType: -- description: Filesystem type to mount. Must be a -- filesystem type supported by the host operating -- system. Ex. "ext4", "xfs", "ntfs". The default -- filesystem depends on FlexVolume script. -+ description: fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host -+ operating system. Ex. "ext4", "xfs", "ntfs". The -+ default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string -- description: 'Optional: Extra command options if -- any.' -+ description: 'options is Optional: this field holds -+ extra command options if any.' - type: object - readOnly: -- description: 'Optional: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly setting -- in VolumeMounts.' -+ description: 'readOnly is Optional: defaults to -+ false (read/write). ReadOnly here will force the -+ ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: -- description: 'Optional: SecretRef is reference to -- the secret object containing sensitive information -- to pass to the plugin scripts. This may be empty -- if no secret object is specified. If the secret -- object contains more than one secret, all secrets -- are passed to the plugin scripts.' -+ description: 'secretRef is Optional: secretRef is -+ reference to the secret object containing sensitive -+ information to pass to the plugin scripts. This -+ may be empty if no secret object is specified. -+ If the secret object contains more than one secret, -+ all secrets are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: -@@ -9335,28 +9594,28 @@ spec: - - driver - type: object - flocker: -- description: Flocker represents a Flocker volume attached -+ description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: -- description: Name of the dataset stored as metadata -- -> name on the dataset for Flocker should be considered -- as deprecated -+ description: datasetName is Name of the dataset -+ stored as metadata -> name on the dataset for -+ Flocker should be considered as deprecated - type: string - datasetUUID: -- description: UUID of the dataset. This is unique -- identifier of a Flocker dataset -+ description: datasetUUID is the UUID of the dataset. -+ This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: -- description: 'GCEPersistentDisk represents a GCE Disk -+ description: 'gcePersistentDisk represents a GCE Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: -- description: 'Filesystem type of the volume that -- you want to mount. Tip: Ensure that the filesystem -+ description: 'fsType is filesystem type of the volume -+ that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -@@ -9364,21 +9623,22 @@ spec: - from compromising the machine' - type: string - partition: -- description: 'The partition in the volume that you -- want to mount. If omitted, the default is to mount -- by volume name. Examples: For volume /dev/sda1, -- you specify the partition as "1". Similarly, the -- volume partition for /dev/sda is "0" (or you can -- leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' -+ description: 'partition is the partition in the -+ volume that you want to mount. If omitted, the -+ default is to mount by volume name. Examples: -+ For volume /dev/sda1, you specify the partition -+ as "1". Similarly, the volume partition for /dev/sda -+ is "0" (or you can leave the property empty). -+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: -- description: 'Unique name of the PD resource in -- GCE. Used to identify the disk in GCE. More info: -- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' -+ description: 'pdName is unique name of the PD resource -+ in GCE. Used to identify the disk in GCE. More -+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: -- description: 'ReadOnly here will force the ReadOnly -+ description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean -@@ -9386,7 +9646,7 @@ spec: - - pdName - type: object - gitRepo: -- description: 'GitRepo represents a git repository at -+ description: 'gitRepo represents a git repository at - a particular revision. DEPRECATED: GitRepo is deprecated. - To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo -@@ -9394,37 +9654,38 @@ spec: - container.' - properties: - directory: -- description: Target directory name. Must not contain -- or start with '..'. If '.' is supplied, the volume -- directory will be the git repository. Otherwise, -- if specified, the volume will contain the git -- repository in the subdirectory with the given -- name. -+ description: directory is the target directory name. -+ Must not contain or start with '..'. If '.' is -+ supplied, the volume directory will be the git -+ repository. Otherwise, if specified, the volume -+ will contain the git repository in the subdirectory -+ with the given name. - type: string - repository: -- description: Repository URL -+ description: repository is the URL - type: string - revision: -- description: Commit hash for the specified revision. -+ description: revision is the commit hash for the -+ specified revision. - type: string - required: - - repository - type: object - glusterfs: -- description: 'Glusterfs represents a Glusterfs mount -+ description: 'glusterfs represents a Glusterfs mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: -- description: 'EndpointsName is the endpoint name -- that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' -+ description: 'endpoints is the endpoint name that -+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: -- description: 'Path is the Glusterfs volume path. -+ description: 'path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: -- description: 'ReadOnly here will force the Glusterfs -+ description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean -@@ -9433,7 +9694,7 @@ spec: - - path - type: object - hostPath: -- description: 'HostPath represents a pre-existing file -+ description: 'hostPath represents a pre-existing file - or directory on the host machine that is directly - exposed to the container. This is generally used for - system agents or other privileged things that are -@@ -9444,71 +9705,73 @@ spec: - directories as read/write.' - properties: - path: -- description: 'Path of the directory on the host. -+ description: 'path of the directory on the host. - If the path is a symlink, it will follow the link - to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: -- description: 'Type for HostPath Volume Defaults -+ description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: -- description: 'ISCSI represents an ISCSI Disk resource -+ description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: -- description: whether support iSCSI Discovery CHAP -- authentication -+ description: chapAuthDiscovery defines whether support -+ iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: -- description: whether support iSCSI Session CHAP -- authentication -+ description: chapAuthSession defines whether support -+ iSCSI Session CHAP authentication - type: boolean - fsType: -- description: 'Filesystem type of the volume that -- you want to mount. Tip: Ensure that the filesystem -- type is supported by the host operating system. -- Examples: "ext4", "xfs", "ntfs". Implicitly inferred -- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -+ description: 'fsType is the filesystem type of the -+ volume that you want to mount. Tip: Ensure that -+ the filesystem type is supported by the host operating -+ system. Examples: "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. More info: -+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - initiatorName: -- description: Custom iSCSI Initiator Name. If initiatorName -- is specified with iscsiInterface simultaneously, -- new iSCSI interface : -- will be created for the connection. -+ description: initiatorName is the custom iSCSI Initiator -+ Name. If initiatorName is specified with iscsiInterface -+ simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: -- description: Target iSCSI Qualified Name. -+ description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: -- description: iSCSI Interface Name that uses an iSCSI -- transport. Defaults to 'default' (tcp). -+ description: iscsiInterface is the interface Name -+ that uses an iSCSI transport. Defaults to 'default' -+ (tcp). - type: string - lun: -- description: iSCSI Target Lun number. -+ description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: -- description: iSCSI Target Portal List. The portal -- is either an IP or ip_addr:port if the port is -- other than default (typically TCP ports 860 and -- 3260). -+ description: portals is the iSCSI Target Portal -+ List. The portal is either an IP or ip_addr:port -+ if the port is other than default (typically TCP -+ ports 860 and 3260). - items: - type: string - type: array - readOnly: -- description: ReadOnly here will force the ReadOnly -+ description: readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: -- description: CHAP Secret for iSCSI target and initiator -- authentication -+ description: secretRef is the CHAP Secret for iSCSI -+ target and initiator authentication - properties: - name: - description: 'Name of the referent. More info: -@@ -9518,9 +9781,10 @@ spec: - type: string - type: object - targetPortal: -- description: iSCSI Target Portal. The Portal is -- either an IP or ip_addr:port if the port is other -- than default (typically TCP ports 860 and 3260). -+ description: targetPortal is iSCSI Target Portal. -+ The Portal is either an IP or ip_addr:port if -+ the port is other than default (typically TCP -+ ports 860 and 3260). - type: string - required: - - iqn -@@ -9528,24 +9792,24 @@ spec: - - targetPortal - type: object - name: -- description: 'Volume''s name. Must be a DNS_LABEL and -- unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' -+ description: 'name of the volume. Must be a DNS_LABEL -+ and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: -- description: 'NFS represents an NFS mount on the host -+ description: 'nfs represents an NFS mount on the host - that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: -- description: 'Path that is exported by the NFS server. -+ description: 'path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: -- description: 'ReadOnly here will force the NFS export -+ description: 'readOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: -- description: 'Server is the hostname or IP address -+ description: 'server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: -@@ -9553,132 +9817,133 @@ spec: - - server - type: object - persistentVolumeClaim: -- description: 'PersistentVolumeClaimVolumeSource represents -+ description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same - namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: -- description: 'ClaimName is the name of a PersistentVolumeClaim -+ description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: -- description: Will force the ReadOnly setting in -- VolumeMounts. Default false. -+ description: readOnly Will force the ReadOnly setting -+ in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: -- description: PhotonPersistentDisk represents a PhotonController -+ description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: -- description: Filesystem type to mount. Must be a -- filesystem type supported by the host operating -- system. Ex. "ext4", "xfs", "ntfs". Implicitly -+ description: fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host -+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - pdID: -- description: ID that identifies Photon Controller -- persistent disk -+ description: pdID is the ID that identifies Photon -+ Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: -- description: PortworxVolume represents a portworx volume -+ description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: -- description: FSType represents the filesystem type -+ description: fSType represents the filesystem type - to mount Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs". - Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting -+ in VolumeMounts. - type: boolean - volumeID: -- description: VolumeID uniquely identifies a Portworx -+ description: volumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: -- description: Items for all in one resources secrets, -- configmaps, and downward API -+ description: projected items for all in one resources -+ secrets, configmaps, and downward API - properties: - defaultMode: -- description: Mode bits used to set permissions on -- created files by default. Must be an octal value -- between 0000 and 0777 or a decimal value between -- 0 and 511. YAML accepts both octal and decimal -- values, JSON requires decimal values for mode -- bits. Directories within the path are not affected -- by this setting. This might be in conflict with -- other options that affect the file mode, like -- fsGroup, and the result can be other mode bits -- set. -+ description: defaultMode are the mode bits used -+ to set permissions on created files by default. -+ Must be an octal value between 0000 and 0777 or -+ a decimal value between 0 and 511. YAML accepts -+ both octal and decimal values, JSON requires decimal -+ values for mode bits. Directories within the path -+ are not affected by this setting. This might be -+ in conflict with other options that affect the -+ file mode, like fsGroup, and the result can be -+ other mode bits set. - format: int32 - type: integer - sources: -- description: list of volume projections -+ description: sources is the list of volume projections - items: - description: Projection that may be projected - along with other supported volume types - properties: - configMap: -- description: information about the configMap -- data to project -+ description: configMap information about the -+ configMap data to project - properties: - items: -- description: If unspecified, each key-value -- pair in the Data field of the referenced -- ConfigMap will be projected into the -- volume as a file whose name is the key -- and content is the value. If specified, -- the listed keys will be projected into -- the specified paths, and unlisted keys -- will not be present. If a key is specified -- which is not present in the ConfigMap, -- the volume setup will error unless it -- is marked optional. Paths must be relative -- and may not contain the '..' path or -- start with '..'. -+ description: items if unspecified, each -+ key-value pair in the Data field of -+ the referenced ConfigMap will be projected -+ into the volume as a file whose name -+ is the key and content is the value. -+ If specified, the listed keys will be -+ projected into the specified paths, -+ and unlisted keys will not be present. -+ If a key is specified which is not present -+ in the ConfigMap, the volume setup will -+ error unless it is marked optional. -+ Paths must be relative and may not contain -+ the '..' path or start with '..'. - items: - description: Maps a string key to a - path within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits -- used to set permissions on this -- file. Must be an octal value between -- 0000 and 0777 or a decimal value -- between 0 and 511. YAML accepts -- both octal and decimal values, -- JSON requires decimal values for -- mode bits. If not specified, the -- volume defaultMode will be used. -- This might be in conflict with -- other options that affect the -- file mode, like fsGroup, and the -- result can be other mode bits -- set.' -+ description: 'mode is Optional: -+ mode bits used to set permissions -+ on this file. Must be an octal -+ value between 0000 and 0777 or -+ a decimal value between 0 and -+ 511. YAML accepts both octal and -+ decimal values, JSON requires -+ decimal values for mode bits. -+ If not specified, the volume defaultMode -+ will be used. This might be in -+ conflict with other options that -+ affect the file mode, like fsGroup, -+ and the result can be other mode -+ bits set.' - format: int32 - type: integer - path: -- description: The relative path of -- the file to map the key to. May -- not be an absolute path. May not -- contain the path element '..'. -- May not start with the string -+ description: path is the relative -+ path of the file to map the key -+ to. May not be an absolute path. -+ May not contain the path element -+ '..'. May not start with the string - '..'. - type: string - required: -@@ -9693,13 +9958,13 @@ spec: - kind, uid?' - type: string - optional: -- description: Specify whether the ConfigMap -- or its keys must be defined -+ description: optional specify whether -+ the ConfigMap or its keys must be defined - type: boolean - type: object - downwardAPI: -- description: information about the downwardAPI -- data to project -+ description: downwardAPI information about -+ the downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume -@@ -9789,53 +10054,53 @@ spec: - type: array - type: object - secret: -- description: information about the secret -- data to project -+ description: secret information about the -+ secret data to project - properties: - items: -- description: If unspecified, each key-value -- pair in the Data field of the referenced -- Secret will be projected into the volume -- as a file whose name is the key and -- content is the value. If specified, -- the listed keys will be projected into -- the specified paths, and unlisted keys -- will not be present. If a key is specified -- which is not present in the Secret, -- the volume setup will error unless it -- is marked optional. Paths must be relative -- and may not contain the '..' path or -- start with '..'. -+ description: items if unspecified, each -+ key-value pair in the Data field of -+ the referenced Secret will be projected -+ into the volume as a file whose name -+ is the key and content is the value. -+ If specified, the listed keys will be -+ projected into the specified paths, -+ and unlisted keys will not be present. -+ If a key is specified which is not present -+ in the Secret, the volume setup will -+ error unless it is marked optional. -+ Paths must be relative and may not contain -+ the '..' path or start with '..'. - items: - description: Maps a string key to a - path within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits -- used to set permissions on this -- file. Must be an octal value between -- 0000 and 0777 or a decimal value -- between 0 and 511. YAML accepts -- both octal and decimal values, -- JSON requires decimal values for -- mode bits. If not specified, the -- volume defaultMode will be used. -- This might be in conflict with -- other options that affect the -- file mode, like fsGroup, and the -- result can be other mode bits -- set.' -+ description: 'mode is Optional: -+ mode bits used to set permissions -+ on this file. Must be an octal -+ value between 0000 and 0777 or -+ a decimal value between 0 and -+ 511. YAML accepts both octal and -+ decimal values, JSON requires -+ decimal values for mode bits. -+ If not specified, the volume defaultMode -+ will be used. This might be in -+ conflict with other options that -+ affect the file mode, like fsGroup, -+ and the result can be other mode -+ bits set.' - format: int32 - type: integer - path: -- description: The relative path of -- the file to map the key to. May -- not be an absolute path. May not -- contain the path element '..'. -- May not start with the string -+ description: path is the relative -+ path of the file to map the key -+ to. May not be an absolute path. -+ May not contain the path element -+ '..'. May not start with the string - '..'. - type: string - required: -@@ -9850,16 +10115,16 @@ spec: - kind, uid?' - type: string - optional: -- description: Specify whether the Secret -- or its key must be defined -+ description: optional field specify whether -+ the Secret or its key must be defined - type: boolean - type: object - serviceAccountToken: -- description: information about the serviceAccountToken -- data to project -+ description: serviceAccountToken is information -+ about the serviceAccountToken data to project - properties: - audience: -- description: Audience is the intended -+ description: audience is the intended - audience of the token. A recipient of - a token must identify itself with an - identifier specified in the audience -@@ -9868,7 +10133,7 @@ spec: - the identifier of the apiserver. - type: string - expirationSeconds: -- description: ExpirationSeconds is the -+ description: expirationSeconds is the - requested duration of validity of the - service account token. As the token - approaches expiration, the kubelet volume -@@ -9882,7 +10147,7 @@ spec: - format: int64 - type: integer - path: -- description: Path is the path relative -+ description: path is the path relative - to the mount point of the file to project - the token into. - type: string -@@ -9893,36 +10158,36 @@ spec: - type: array - type: object - quobyte: -- description: Quobyte represents a Quobyte mount on the -+ description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime - properties: - group: -- description: Group to map volume access to Default -+ description: group to map volume access to Default - is no group - type: string - readOnly: -- description: ReadOnly here will force the Quobyte -+ description: readOnly here will force the Quobyte - volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: -- description: Registry represents a single or multiple -+ description: registry represents a single or multiple - Quobyte Registry services specified as a string - as host:port pair (multiple entries are separated - with commas) which acts as the central registry - for volumes - type: string - tenant: -- description: Tenant owning the given Quobyte volume -+ description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned - Quobyte volumes, value is set by the plugin - type: string - user: -- description: User to map volume access to Defaults -+ description: user to map volume access to Defaults - to serivceaccount user - type: string - volume: -- description: Volume is a string that references -+ description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: -@@ -9930,44 +10195,46 @@ spec: - - volume - type: object - rbd: -- description: 'RBD represents a Rados Block Device mount -+ description: 'rbd represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: -- description: 'Filesystem type of the volume that -- you want to mount. Tip: Ensure that the filesystem -- type is supported by the host operating system. -- Examples: "ext4", "xfs", "ntfs". Implicitly inferred -- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -+ description: 'fsType is the filesystem type of the -+ volume that you want to mount. Tip: Ensure that -+ the filesystem type is supported by the host operating -+ system. Examples: "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. More info: -+ https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - image: -- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'image is the rados image name. More -+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: -- description: 'Keyring is the path to key ring for -+ description: 'keyring is the path to key ring for - RBDUser. Default is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: -- description: 'A collection of Ceph monitors. More -- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'monitors is a collection of Ceph monitors. -+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: -- description: 'The rados pool name. Default is rbd. -- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'pool is the rados pool name. Default -+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: -- description: 'ReadOnly here will force the ReadOnly -+ description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: -- description: 'SecretRef is name of the authentication -+ description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: -@@ -9979,37 +10246,38 @@ spec: - type: string - type: object - user: -- description: 'The rados user name. Default is admin. -- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'user is the rados user name. Default -+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: -- description: ScaleIO represents a ScaleIO persistent -+ description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. - properties: - fsType: -- description: Filesystem type to mount. Must be a -- filesystem type supported by the host operating -- system. Ex. "ext4", "xfs", "ntfs". Default is -- "xfs". -+ description: fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host -+ operating system. Ex. "ext4", "xfs", "ntfs". Default -+ is "xfs". - type: string - gateway: -- description: The host address of the ScaleIO API -- Gateway. -+ description: gateway is the host address of the -+ ScaleIO API Gateway. - type: string - protectionDomain: -- description: The name of the ScaleIO Protection -- Domain for the configured storage. -+ description: protectionDomain is the name of the -+ ScaleIO Protection Domain for the configured storage. - type: string - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly Defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting -+ in VolumeMounts. - type: boolean - secretRef: -- description: SecretRef references to the secret -+ description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation will - fail. -@@ -10022,26 +10290,26 @@ spec: - type: string - type: object - sslEnabled: -- description: Flag to enable/disable SSL communication -- with Gateway, default false -+ description: sslEnabled Flag enable/disable SSL -+ communication with Gateway, default false - type: boolean - storageMode: -- description: Indicates whether the storage for a -- volume should be ThickProvisioned or ThinProvisioned. -+ description: storageMode indicates whether the storage -+ for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: -- description: The ScaleIO Storage Pool associated -- with the protection domain. -+ description: storagePool is the ScaleIO Storage -+ Pool associated with the protection domain. - type: string - system: -- description: The name of the storage system as configured -- in ScaleIO. -+ description: system is the name of the storage system -+ as configured in ScaleIO. - type: string - volumeName: -- description: The name of a volume already created -- in the ScaleIO system that is associated with -- this volume source. -+ description: volumeName is the name of a volume -+ already created in the ScaleIO system that is -+ associated with this volume source. - type: string - required: - - gateway -@@ -10049,27 +10317,27 @@ spec: - - system - type: object - secret: -- description: 'Secret represents a secret that should -+ description: 'secret represents a secret that should - populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: -- description: 'Optional: mode bits used to set permissions -- on created files by default. Must be an octal -- value between 0000 and 0777 or a decimal value -- between 0 and 511. YAML accepts both octal and -- decimal values, JSON requires decimal values for -- mode bits. Defaults to 0644. Directories within -- the path are not affected by this setting. This -- might be in conflict with other options that affect -- the file mode, like fsGroup, and the result can -- be other mode bits set.' -- format: int32 -- type: integer -+ description: 'defaultMode is Optional: mode bits -+ used to set permissions on created files by default. -+ Must be an octal value between 0000 and 0777 or -+ a decimal value between 0 and 511. YAML accepts -+ both octal and decimal values, JSON requires decimal -+ values for mode bits. Defaults to 0644. Directories -+ within the path are not affected by this setting. -+ This might be in conflict with other options that -+ affect the file mode, like fsGroup, and the result -+ can be other mode bits set.' -+ format: int32 -+ type: integer - items: -- description: If unspecified, each key-value pair -- in the Data field of the referenced Secret will -- be projected into the volume as a file whose name -- is the key and content is the value. If specified, -+ description: items If unspecified, each key-value -+ pair in the Data field of the referenced Secret -+ will be projected into the volume as a file whose -+ name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in -@@ -10082,26 +10350,28 @@ spec: - a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used to -- set permissions on this file. Must be an -- octal value between 0000 and 0777 or a decimal -- value between 0 and 511. YAML accepts both -- octal and decimal values, JSON requires -- decimal values for mode bits. If not specified, -- the volume defaultMode will be used. This -- might be in conflict with other options -- that affect the file mode, like fsGroup, -- and the result can be other mode bits set.' -+ description: 'mode is Optional: mode bits -+ used to set permissions on this file. Must -+ be an octal value between 0000 and 0777 -+ or a decimal value between 0 and 511. YAML -+ accepts both octal and decimal values, JSON -+ requires decimal values for mode bits. If -+ not specified, the volume defaultMode will -+ be used. This might be in conflict with -+ other options that affect the file mode, -+ like fsGroup, and the result can be other -+ mode bits set.' - format: int32 - type: integer - path: -- description: The relative path of the file -- to map the key to. May not be an absolute -- path. May not contain the path element '..'. -- May not start with the string '..'. -+ description: path is the relative path of -+ the file to map the key to. May not be an -+ absolute path. May not contain the path -+ element '..'. May not start with the string -+ '..'. - type: string - required: - - key -@@ -10109,30 +10379,31 @@ spec: - type: object - type: array - optional: -- description: Specify whether the Secret or its keys -- must be defined -+ description: optional field specify whether the -+ Secret or its keys must be defined - type: boolean - secretName: -- description: 'Name of the secret in the pod''s namespace -- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' -+ description: 'secretName is the name of the secret -+ in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: -- description: StorageOS represents a StorageOS volume -+ description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. - properties: - fsType: -- description: Filesystem type to mount. Must be a -- filesystem type supported by the host operating -- system. Ex. "ext4", "xfs", "ntfs". Implicitly -+ description: fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host -+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting -+ in VolumeMounts. - type: boolean - secretRef: -- description: SecretRef specifies the secret to use -+ description: secretRef specifies the secret to use - for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. - properties: -@@ -10144,12 +10415,12 @@ spec: - type: string - type: object - volumeName: -- description: VolumeName is the human-readable name -+ description: volumeName is the human-readable name - of the StorageOS volume. Volume names are only - unique within a namespace. - type: string - volumeNamespace: -- description: VolumeNamespace specifies the scope -+ description: volumeNamespace specifies the scope - of the volume within StorageOS. If no namespace - is specified then the Pod's namespace will be - used. This allows the Kubernetes name scoping -@@ -10161,26 +10432,27 @@ spec: - type: string - type: object - vsphereVolume: -- description: VsphereVolume represents a vSphere volume -+ description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine - properties: - fsType: -- description: Filesystem type to mount. Must be a -- filesystem type supported by the host operating -- system. Ex. "ext4", "xfs", "ntfs". Implicitly -+ description: fsType is filesystem type to mount. -+ Must be a filesystem type supported by the host -+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - storagePolicyID: -- description: Storage Policy Based Management (SPBM) -- profile ID associated with the StoragePolicyName. -+ description: storagePolicyID is the storage Policy -+ Based Management (SPBM) profile ID associated -+ with the StoragePolicyName. - type: string - storagePolicyName: -- description: Storage Policy Based Management (SPBM) -- profile name. -+ description: storagePolicyName is the storage Policy -+ Based Management (SPBM) profile name. - type: string - volumePath: -- description: Path that identifies vSphere volume -- vmdk -+ description: volumePath is the path that identifies -+ vSphere volume vmdk - type: string - required: - - volumePath -@@ -10628,9 +10900,7 @@ spec: - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all -- namespaces. This field is beta-level -- and is only honored when PodAffinityNamespaceSelector -- feature is enabled. -+ namespaces. - properties: - matchExpressions: - description: matchExpressions -@@ -10698,7 +10968,7 @@ spec: - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's -- namespace" -+ namespace". - items: - type: string - type: array -@@ -10817,9 +11087,6 @@ spec: - field. null selector and null or empty - namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. -- This field is beta-level and is only -- honored when PodAffinityNamespaceSelector -- feature is enabled. - properties: - matchExpressions: - description: matchExpressions is a -@@ -10882,7 +11149,7 @@ spec: - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's -- namespace" -+ namespace". - items: - type: string - type: array -@@ -11004,9 +11271,7 @@ spec: - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all -- namespaces. This field is beta-level -- and is only honored when PodAffinityNamespaceSelector -- feature is enabled. -+ namespaces. - properties: - matchExpressions: - description: matchExpressions -@@ -11074,7 +11339,7 @@ spec: - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's -- namespace" -+ namespace". - items: - type: string - type: array -@@ -11193,9 +11458,6 @@ spec: - field. null selector and null or empty - namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. -- This field is beta-level and is only -- honored when PodAffinityNamespaceSelector -- feature is enabled. - properties: - matchExpressions: - description: matchExpressions is a -@@ -11258,7 +11520,7 @@ spec: - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's -- namespace" -+ namespace". - items: - type: string - type: array -@@ -11402,7 +11664,9 @@ spec: - is set (new files created in the volume will be - owned by FSGroup) 3. The permission bits are OR'd - with rw-rw---- \n If unset, the Kubelet will not -- modify the ownership and permissions of any volume." -+ modify the ownership and permissions of any volume. -+ Note that this field cannot be set when spec.os.name -+ is windows." - format: int64 - type: integer - fsGroupChangePolicy: -@@ -11413,7 +11677,9 @@ spec: - based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" -- and "Always". If not specified, "Always" is used.' -+ and "Always". If not specified, "Always" is used. -+ Note that this field cannot be set when spec.os.name -+ is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the -@@ -11421,7 +11687,8 @@ spec: - May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence -- for that container. -+ for that container. Note that this field cannot -+ be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: -@@ -11442,6 +11709,8 @@ spec: - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence for that container. -+ Note that this field cannot be set when spec.os.name -+ is windows. - format: int64 - type: integer - seLinuxOptions: -@@ -11451,7 +11720,8 @@ spec: - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence -- for that container. -+ for that container. Note that this field cannot -+ be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that -@@ -11472,7 +11742,8 @@ spec: - type: object - seccompProfile: - description: The seccomp options to use by the containers -- in this pod. -+ in this pod. Note that this field cannot be set -+ when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile -@@ -11498,7 +11769,9 @@ spec: - description: A list of groups applied to the first - process run in each container, in addition to - the container's primary GID. If unspecified, -- no groups will be added to any container. -+ no groups will be added to any container. Note -+ that this field cannot be set when spec.os.name -+ is windows. - items: - format: int64 - type: integer -@@ -11507,6 +11780,8 @@ spec: - description: Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls - (by the container runtime) might fail to launch. -+ Note that this field cannot be set when spec.os.name -+ is windows. - items: - description: Sysctl defines a kernel parameter - to be set -@@ -11528,6 +11803,8 @@ spec: - within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. -+ Note that this field cannot be set when spec.os.name -+ is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the -@@ -11617,77 +11894,78 @@ spec: - pod. - properties: - awsElasticBlockStore: -- description: 'AWSElasticBlockStore represents -+ description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: -- description: 'Filesystem type of the volume -- that you want to mount. Tip: Ensure that -- the filesystem type is supported by the -- host operating system. Examples: "ext4", -- "xfs", "ntfs". Implicitly inferred to be -- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -+ description: 'fsType is the filesystem type -+ of the volume that you want to mount. Tip: -+ Ensure that the filesystem type is supported -+ by the host operating system. Examples: -+ "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. More info: -+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: -- description: 'The partition in the volume -- that you want to mount. If omitted, the -- default is to mount by volume name. Examples: -- For volume /dev/sda1, you specify the partition -- as "1". Similarly, the volume partition -- for /dev/sda is "0" (or you can leave the -- property empty).' -+ description: 'partition is the partition in -+ the volume that you want to mount. If omitted, -+ the default is to mount by volume name. -+ Examples: For volume /dev/sda1, you specify -+ the partition as "1". Similarly, the volume -+ partition for /dev/sda is "0" (or you can -+ leave the property empty).' - format: int32 - type: integer - readOnly: -- description: 'Specify "true" to force and -- set the ReadOnly property in VolumeMounts -- to "true". If omitted, the default is "false". -- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' -+ description: 'readOnly value true will force -+ the readOnly setting in VolumeMounts. More -+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: -- description: 'Unique ID of the persistent -- disk resource in AWS (Amazon EBS volume). -- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' -+ description: 'volumeID is unique ID of the -+ persistent disk resource in AWS (Amazon -+ EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: -- description: AzureDisk represents an Azure Data -+ description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. - properties: - cachingMode: -- description: 'Host Caching mode: None, Read -- Only, Read Write.' -+ description: 'cachingMode is the Host Caching -+ mode: None, Read Only, Read Write.' - type: string - diskName: -- description: The Name of the data disk in -- the blob storage -+ description: diskName is the Name of the data -+ disk in the blob storage - type: string - diskURI: -- description: The URI the data disk in the -- blob storage -+ description: diskURI is the URI of data disk -+ in the blob storage - type: string - fsType: -- description: Filesystem type to mount. Must -- be a filesystem type supported by the host -- operating system. Ex. "ext4", "xfs", "ntfs". -- Implicitly inferred to be "ext4" if unspecified. -+ description: fsType is Filesystem type to -+ mount. Must be a filesystem type supported -+ by the host operating system. Ex. "ext4", -+ "xfs", "ntfs". Implicitly inferred to be -+ "ext4" if unspecified. - type: string - kind: -- description: 'Expected values Shared: multiple -- blob disks per storage account Dedicated: -+ description: 'kind expected values are Shared: -+ multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' - type: string - readOnly: -- description: Defaults to false (read/write). -+ description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean -@@ -11696,56 +11974,59 @@ spec: - - diskURI - type: object - azureFile: -- description: AzureFile represents an Azure File -+ description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. - properties: - readOnly: -- description: Defaults to false (read/write). -+ description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: -- description: the name of secret that contains -- Azure Storage Account Name and Key -+ description: secretName is the name of secret -+ that contains Azure Storage Account Name -+ and Key - type: string - shareName: -- description: Share Name -+ description: shareName is the azure share -+ Name - type: string - required: - - secretName - - shareName - type: object - cephfs: -- description: CephFS represents a Ceph FS mount -+ description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime - properties: - monitors: -- description: 'Required: Monitors is a collection -- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'monitors is Required: Monitors -+ is a collection of Ceph monitors More info: -+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: -- description: 'Optional: Used as the mounted -- root, rather than the full Ceph tree, default -- is /' -+ description: 'path is Optional: Used as the -+ mounted root, rather than the full Ceph -+ tree, default is /' - type: string - readOnly: -- description: 'Optional: Defaults to false -- (read/write). ReadOnly here will force the -- ReadOnly setting in VolumeMounts. More info: -- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'readOnly is Optional: Defaults -+ to false (read/write). ReadOnly here will -+ force the ReadOnly setting in VolumeMounts. -+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: -- description: 'Optional: SecretFile is the -- path to key ring for User, default is /etc/ceph/user.secret -- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'secretFile is Optional: SecretFile -+ is the path to key ring for User, default -+ is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: -- description: 'Optional: SecretRef is reference -- to the authentication secret for User, default -- is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'secretRef is Optional: SecretRef -+ is reference to the authentication secret -+ for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More -@@ -11755,34 +12036,35 @@ spec: - type: string - type: object - user: -- description: 'Optional: User is the rados -- user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'user is optional: User is the -+ rados user name, default is admin More info: -+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: -- description: 'Cinder represents a cinder volume -+ description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: -- description: 'Filesystem type to mount. Must -- be a filesystem type supported by the host -- operating system. Examples: "ext4", "xfs", -- "ntfs". Implicitly inferred to be "ext4" -- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' -+ description: 'fsType is the filesystem type -+ to mount. Must be a filesystem type supported -+ by the host operating system. Examples: -+ "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. More info: -+ https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: -- description: 'Optional: Defaults to false -- (read/write). ReadOnly here will force the -- ReadOnly setting in VolumeMounts. More info: -- https://examples.k8s.io/mysql-cinder-pd/README.md' -+ description: 'readOnly defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting -+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: -- description: 'Optional: points to a secret -- object containing parameters used to connect -- to OpenStack.' -+ description: 'secretRef is optional: points -+ to a secret object containing parameters -+ used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More -@@ -11792,32 +12074,33 @@ spec: - type: string - type: object - volumeID: -- description: 'volume id used to identify the -+ description: 'volumeID used to identify the - volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: -- description: ConfigMap represents a configMap -+ description: configMap represents a configMap - that should populate this volume - properties: - defaultMode: -- description: 'Optional: mode bits used to -- set permissions on created files by default. -- Must be an octal value between 0000 and -- 0777 or a decimal value between 0 and 511. -- YAML accepts both octal and decimal values, -- JSON requires decimal values for mode bits. -- Defaults to 0644. Directories within the -- path are not affected by this setting. This -- might be in conflict with other options -- that affect the file mode, like fsGroup, -- and the result can be other mode bits set.' -+ description: 'defaultMode is optional: mode -+ bits used to set permissions on created -+ files by default. Must be an octal value -+ between 0000 and 0777 or a decimal value -+ between 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires decimal -+ values for mode bits. Defaults to 0644. -+ Directories within the path are not affected -+ by this setting. This might be in conflict -+ with other options that affect the file -+ mode, like fsGroup, and the result can be -+ other mode bits set.' - format: int32 - type: integer - items: -- description: If unspecified, each key-value -+ description: items if unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content -@@ -11834,27 +12117,27 @@ spec: - within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used -- to set permissions on this file. Must -- be an octal value between 0000 and -- 0777 or a decimal value between 0 -- and 511. YAML accepts both octal and -- decimal values, JSON requires decimal -- values for mode bits. If not specified, -- the volume defaultMode will be used. -- This might be in conflict with other -- options that affect the file mode, -- like fsGroup, and the result can be -- other mode bits set.' -+ description: 'mode is Optional: mode -+ bits used to set permissions on this -+ file. Must be an octal value between -+ 0000 and 0777 or a decimal value between -+ 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires -+ decimal values for mode bits. If not -+ specified, the volume defaultMode -+ will be used. This might be in conflict -+ with other options that affect the -+ file mode, like fsGroup, and the result -+ can be other mode bits set.' - format: int32 - type: integer - path: -- description: The relative path of the -- file to map the key to. May not be -- an absolute path. May not contain -+ description: path is the relative path -+ of the file to map the key to. May -+ not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string -@@ -11870,30 +12153,30 @@ spec: - kind, uid?' - type: string - optional: -- description: Specify whether the ConfigMap -- or its keys must be defined -+ description: optional specify whether the -+ ConfigMap or its keys must be defined - type: boolean - type: object - csi: -- description: CSI (Container Storage Interface) -+ description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). - properties: - driver: -- description: Driver is the name of the CSI -+ description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. - type: string - fsType: -- description: Filesystem type to mount. Ex. -- "ext4", "xfs", "ntfs". If not provided, -- the empty value is passed to the associated -- CSI driver which will determine the default -- filesystem to apply. -+ description: fsType to mount. Ex. "ext4", -+ "xfs", "ntfs". If not provided, the empty -+ value is passed to the associated CSI driver -+ which will determine the default filesystem -+ to apply. - type: string - nodePublishSecretRef: -- description: NodePublishSecretRef is a reference -+ description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver to - complete the CSI NodePublishVolume and NodeUnpublishVolume -@@ -11910,13 +12193,14 @@ spec: - type: string - type: object - readOnly: -- description: Specifies a read-only configuration -- for the volume. Defaults to false (read/write). -+ description: readOnly specifies a read-only -+ configuration for the volume. Defaults to -+ false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string -- description: VolumeAttributes stores driver-specific -+ description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for - supported values. -@@ -11925,7 +12209,7 @@ spec: - - driver - type: object - downwardAPI: -- description: DownwardAPI represents downward API -+ description: downwardAPI represents downward API - about the pod that should populate this volume - properties: - defaultMode: -@@ -12026,35 +12310,36 @@ spec: - type: array - type: object - emptyDir: -- description: 'EmptyDir represents a temporary -+ description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: -- description: 'What type of storage medium -- should back this directory. The default -- is "" which means to use the node''s default -- medium. Must be an empty string (default) -- or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' -+ description: 'medium represents what type -+ of storage medium should back this directory. -+ The default is "" which means to use the -+ node''s default medium. Must be an empty -+ string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string -- description: 'Total amount of local storage -- required for this EmptyDir volume. The size -- limit is also applicable for memory medium. -- The maximum usage on memory medium EmptyDir -- would be the minimum value between the SizeLimit -- specified here and the sum of memory limits -- of all containers in a pod. The default -- is nil which means that the limit is undefined. -- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' -+ description: 'sizeLimit is the total amount -+ of local storage required for this EmptyDir -+ volume. The size limit is also applicable -+ for memory medium. The maximum usage on -+ memory medium EmptyDir would be the minimum -+ value between the SizeLimit specified here -+ and the sum of memory limits of all containers -+ in a pod. The default is nil which means -+ that the limit is undefined. More info: -+ http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: -- description: "Ephemeral represents a volume that -+ description: "ephemeral represents a volume that - is handled by a cluster storage driver. The - volume's lifecycle is tied to the pod that defines - it - it will be created before the pod starts, -@@ -12076,9 +12361,7 @@ spec: - - see the documentation of the driver for more - information. \n A pod can use both types of - ephemeral volumes and persistent volumes at -- the same time. \n This is a beta feature and -- only available when the GenericEphemeralVolume -- feature gate is enabled." -+ the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone -@@ -12122,16 +12405,16 @@ spec: - are also valid here. - properties: - accessModes: -- description: 'AccessModes contains -+ description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: -- description: 'This field can be used -- to specify either: * An existing -- VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -+ description: 'dataSource field can -+ be used to specify either: * An -+ existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified -@@ -12165,12 +12448,12 @@ spec: - - name - type: object - dataSourceRef: -- description: 'Specifies the object -- from which to populate the volume -- with data, if a non-empty volume -- is desired. This may be any local -- object from a non-empty API group -- (non core object) or a PersistentVolumeClaim -+ description: 'dataSourceRef specifies -+ the object from which to populate -+ the volume with data, if a non-empty -+ volume is desired. This may be any -+ local object from a non-empty API -+ group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object -@@ -12195,7 +12478,7 @@ spec: - values (dropping them), DataSourceRef preserves - all values, and generates an error - if a disallowed value is specified. -- (Alpha) Using this field requires -+ (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled.' - properties: -@@ -12221,9 +12504,15 @@ spec: - - name - type: object - resources: -- description: 'Resources represents -+ description: 'resources represents - the minimum resources the volume -- should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' -+ should have. If RecoverVolumeExpansionFailure -+ feature is enabled users are allowed -+ to specify resource requirements -+ that are lower than previous value -+ but must still be higher than capacity -+ recorded in the status field of -+ the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: -@@ -12255,8 +12544,8 @@ spec: - type: object - type: object - selector: -- description: A label query over volumes -- to consider for binding. -+ description: selector is a label query -+ over volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions -@@ -12316,9 +12605,9 @@ spec: - type: object - type: object - storageClassName: -- description: 'Name of the StorageClass -- required by the claim. More info: -- https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' -+ description: 'storageClassName is -+ the name of the StorageClass required -+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what -@@ -12327,7 +12616,7 @@ spec: - when not included in claim spec. - type: string - volumeName: -- description: VolumeName is the binding -+ description: volumeName is the binding - reference to the PersistentVolume - backing this claim. - type: string -@@ -12337,77 +12626,79 @@ spec: - type: object - type: object - fc: -- description: FC represents a Fibre Channel resource -+ description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. - properties: - fsType: -- description: 'Filesystem type to mount. Must -- be a filesystem type supported by the host -- operating system. Ex. "ext4", "xfs", "ntfs". -- Implicitly inferred to be "ext4" if unspecified. -- TODO: how do we prevent errors in the filesystem -- from compromising the machine' -+ description: 'fsType is the filesystem type -+ to mount. Must be a filesystem type supported -+ by the host operating system. Ex. "ext4", -+ "xfs", "ntfs". Implicitly inferred to be -+ "ext4" if unspecified. TODO: how do we prevent -+ errors in the filesystem from compromising -+ the machine' - type: string - lun: -- description: 'Optional: FC target lun number' -+ description: 'lun is Optional: FC target lun -+ number' - format: int32 - type: integer - readOnly: -- description: 'Optional: Defaults to false -- (read/write). ReadOnly here will force the -- ReadOnly setting in VolumeMounts.' -+ description: 'readOnly is Optional: Defaults -+ to false (read/write). ReadOnly here will -+ force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: -- description: 'Optional: FC target worldwide -- names (WWNs)' -+ description: 'targetWWNs is Optional: FC target -+ worldwide names (WWNs)' - items: - type: string - type: array - wwids: -- description: 'Optional: FC volume world wide -- identifiers (wwids) Either wwids or combination -- of targetWWNs and lun must be set, but not -- both simultaneously.' -+ description: 'wwids Optional: FC volume world -+ wide identifiers (wwids) Either wwids or -+ combination of targetWWNs and lun must be -+ set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: -- description: FlexVolume represents a generic volume -+ description: flexVolume represents a generic volume - resource that is provisioned/attached using - an exec based plugin. - properties: - driver: -- description: Driver is the name of the driver -+ description: driver is the name of the driver - to use for this volume. - type: string - fsType: -- description: Filesystem type to mount. Must -- be a filesystem type supported by the host -- operating system. Ex. "ext4", "xfs", "ntfs". -- The default filesystem depends on FlexVolume -- script. -+ description: fsType is the filesystem type -+ to mount. Must be a filesystem type supported -+ by the host operating system. Ex. "ext4", -+ "xfs", "ntfs". The default filesystem depends -+ on FlexVolume script. - type: string - options: - additionalProperties: - type: string -- description: 'Optional: Extra command options -- if any.' -+ description: 'options is Optional: this field -+ holds extra command options if any.' - type: object - readOnly: -- description: 'Optional: Defaults to false -- (read/write). ReadOnly here will force the -- ReadOnly setting in VolumeMounts.' -+ description: 'readOnly is Optional: defaults -+ to false (read/write). ReadOnly here will -+ force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: -- description: 'Optional: SecretRef is reference -- to the secret object containing sensitive -- information to pass to the plugin scripts. -- This may be empty if no secret object is -- specified. If the secret object contains -- more than one secret, all secrets are passed -- to the plugin scripts.' -+ description: 'secretRef is Optional: secretRef -+ is reference to the secret object containing -+ sensitive information to pass to the plugin -+ scripts. This may be empty if no secret -+ object is specified. If the secret object -+ contains more than one secret, all secrets -+ are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More -@@ -12420,53 +12711,55 @@ spec: - - driver - type: object - flocker: -- description: Flocker represents a Flocker volume -+ description: flocker represents a Flocker volume - attached to a kubelet's host machine. This depends - on the Flocker control service being running - properties: - datasetName: -- description: Name of the dataset stored as -- metadata -> name on the dataset for Flocker -- should be considered as deprecated -+ description: datasetName is Name of the dataset -+ stored as metadata -> name on the dataset -+ for Flocker should be considered as deprecated - type: string - datasetUUID: -- description: UUID of the dataset. This is -- unique identifier of a Flocker dataset -+ description: datasetUUID is the UUID of the -+ dataset. This is unique identifier of a -+ Flocker dataset - type: string - type: object - gcePersistentDisk: -- description: 'GCEPersistentDisk represents a GCE -+ description: 'gcePersistentDisk represents a GCE - Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: -- description: 'Filesystem type of the volume -- that you want to mount. Tip: Ensure that -- the filesystem type is supported by the -- host operating system. Examples: "ext4", -- "xfs", "ntfs". Implicitly inferred to be -- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -+ description: 'fsType is filesystem type of -+ the volume that you want to mount. Tip: -+ Ensure that the filesystem type is supported -+ by the host operating system. Examples: -+ "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. More info: -+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: -- description: 'The partition in the volume -- that you want to mount. If omitted, the -- default is to mount by volume name. Examples: -- For volume /dev/sda1, you specify the partition -- as "1". Similarly, the volume partition -- for /dev/sda is "0" (or you can leave the -- property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' -+ description: 'partition is the partition in -+ the volume that you want to mount. If omitted, -+ the default is to mount by volume name. -+ Examples: For volume /dev/sda1, you specify -+ the partition as "1". Similarly, the volume -+ partition for /dev/sda is "0" (or you can -+ leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: -- description: 'Unique name of the PD resource -- in GCE. Used to identify the disk in GCE. -- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' -+ description: 'pdName is unique name of the -+ PD resource in GCE. Used to identify the -+ disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: -- description: 'ReadOnly here will force the -+ description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean -@@ -12474,7 +12767,7 @@ spec: - - pdName - type: object - gitRepo: -- description: 'GitRepo represents a git repository -+ description: 'gitRepo represents a git repository - at a particular revision. DEPRECATED: GitRepo - is deprecated. To provision a container with - a git repo, mount an EmptyDir into an InitContainer -@@ -12482,39 +12775,39 @@ spec: - EmptyDir into the Pod''s container.' - properties: - directory: -- description: Target directory name. Must not -- contain or start with '..'. If '.' is supplied, -- the volume directory will be the git repository. Otherwise, -- if specified, the volume will contain the -- git repository in the subdirectory with -- the given name. -+ description: directory is the target directory -+ name. Must not contain or start with '..'. If -+ '.' is supplied, the volume directory will -+ be the git repository. Otherwise, if specified, -+ the volume will contain the git repository -+ in the subdirectory with the given name. - type: string - repository: -- description: Repository URL -+ description: repository is the URL - type: string - revision: -- description: Commit hash for the specified -- revision. -+ description: revision is the commit hash for -+ the specified revision. - type: string - required: - - repository - type: object - glusterfs: -- description: 'Glusterfs represents a Glusterfs -+ description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: -- description: 'EndpointsName is the endpoint -- name that details Glusterfs topology. More -- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' -+ description: 'endpoints is the endpoint name -+ that details Glusterfs topology. More info: -+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: -- description: 'Path is the Glusterfs volume -+ description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: -- description: 'ReadOnly here will force the -+ description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' -@@ -12524,7 +12817,7 @@ spec: - - path - type: object - hostPath: -- description: 'HostPath represents a pre-existing -+ description: 'hostPath represents a pre-existing - file or directory on the host machine that is - directly exposed to the container. This is generally - used for system agents or other privileged things -@@ -12535,76 +12828,79 @@ spec: - mount host directories as read/write.' - properties: - path: -- description: 'Path of the directory on the -+ description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: -- description: 'Type for HostPath Volume Defaults -+ description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: -- description: 'ISCSI represents an ISCSI Disk resource -+ description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: -- description: whether support iSCSI Discovery -- CHAP authentication -+ description: chapAuthDiscovery defines whether -+ support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: -- description: whether support iSCSI Session -- CHAP authentication -+ description: chapAuthSession defines whether -+ support iSCSI Session CHAP authentication - type: boolean - fsType: -- description: 'Filesystem type of the volume -- that you want to mount. Tip: Ensure that -- the filesystem type is supported by the -- host operating system. Examples: "ext4", -- "xfs", "ntfs". Implicitly inferred to be -- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -+ description: 'fsType is the filesystem type -+ of the volume that you want to mount. Tip: -+ Ensure that the filesystem type is supported -+ by the host operating system. Examples: -+ "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. More info: -+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - initiatorName: -- description: Custom iSCSI Initiator Name. -- If initiatorName is specified with iscsiInterface -- simultaneously, new iSCSI interface : will be created for -- the connection. -+ description: initiatorName is the custom iSCSI -+ Initiator Name. If initiatorName is specified -+ with iscsiInterface simultaneously, new -+ iSCSI interface : will be created for the connection. - type: string - iqn: -- description: Target iSCSI Qualified Name. -+ description: iqn is the target iSCSI Qualified -+ Name. - type: string - iscsiInterface: -- description: iSCSI Interface Name that uses -- an iSCSI transport. Defaults to 'default' -- (tcp). -+ description: iscsiInterface is the interface -+ Name that uses an iSCSI transport. Defaults -+ to 'default' (tcp). - type: string - lun: -- description: iSCSI Target Lun number. -+ description: lun represents iSCSI Target Lun -+ number. - format: int32 - type: integer - portals: -- description: iSCSI Target Portal List. The -- portal is either an IP or ip_addr:port if -- the port is other than default (typically -+ description: portals is the iSCSI Target Portal -+ List. The portal is either an IP or ip_addr:port -+ if the port is other than default (typically - TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: -- description: ReadOnly here will force the -+ description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. - type: boolean - secretRef: -- description: CHAP Secret for iSCSI target -- and initiator authentication -+ description: secretRef is the CHAP Secret -+ for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. More -@@ -12614,10 +12910,10 @@ spec: - type: string - type: object - targetPortal: -- description: iSCSI Target Portal. The Portal -- is either an IP or ip_addr:port if the port -- is other than default (typically TCP ports -- 860 and 3260). -+ description: targetPortal is iSCSI Target -+ Portal. The Portal is either an IP or ip_addr:port -+ if the port is other than default (typically -+ TCP ports 860 and 3260). - type: string - required: - - iqn -@@ -12625,26 +12921,26 @@ spec: - - targetPortal - type: object - name: -- description: 'Volume''s name. Must be a DNS_LABEL -+ description: 'name of the volume. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: -- description: 'NFS represents an NFS mount on the -+ description: 'nfs represents an NFS mount on the - host that shares a pod''s lifetime More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: -- description: 'Path that is exported by the -+ description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: -- description: 'ReadOnly here will force the -+ description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: -- description: 'Server is the hostname or IP -+ description: 'server is the hostname or IP - address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: -@@ -12652,99 +12948,101 @@ spec: - - server - type: object - persistentVolumeClaim: -- description: 'PersistentVolumeClaimVolumeSource -+ description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: -- description: 'ClaimName is the name of a PersistentVolumeClaim -+ description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: -- description: Will force the ReadOnly setting -- in VolumeMounts. Default false. -+ description: readOnly Will force the ReadOnly -+ setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: -- description: PhotonPersistentDisk represents a -+ description: photonPersistentDisk represents a - PhotonController persistent disk attached and - mounted on kubelets host machine - properties: - fsType: -- description: Filesystem type to mount. Must -- be a filesystem type supported by the host -- operating system. Ex. "ext4", "xfs", "ntfs". -- Implicitly inferred to be "ext4" if unspecified. -+ description: fsType is the filesystem type -+ to mount. Must be a filesystem type supported -+ by the host operating system. Ex. "ext4", -+ "xfs", "ntfs". Implicitly inferred to be -+ "ext4" if unspecified. - type: string - pdID: -- description: ID that identifies Photon Controller -- persistent disk -+ description: pdID is the ID that identifies -+ Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: -- description: PortworxVolume represents a portworx -+ description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine - properties: - fsType: -- description: FSType represents the filesystem -+ description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - readOnly: -- description: Defaults to false (read/write). -+ description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: -- description: VolumeID uniquely identifies -+ description: volumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: -- description: Items for all in one resources secrets, -- configmaps, and downward API -+ description: projected items for all in one resources -+ secrets, configmaps, and downward API - properties: - defaultMode: -- description: Mode bits used to set permissions -- on created files by default. Must be an -- octal value between 0000 and 0777 or a decimal -- value between 0 and 511. YAML accepts both -- octal and decimal values, JSON requires -- decimal values for mode bits. Directories -- within the path are not affected by this -- setting. This might be in conflict with -- other options that affect the file mode, -- like fsGroup, and the result can be other -- mode bits set. -+ description: defaultMode are the mode bits -+ used to set permissions on created files -+ by default. Must be an octal value between -+ 0000 and 0777 or a decimal value between -+ 0 and 511. YAML accepts both octal and decimal -+ values, JSON requires decimal values for -+ mode bits. Directories within the path are -+ not affected by this setting. This might -+ be in conflict with other options that affect -+ the file mode, like fsGroup, and the result -+ can be other mode bits set. - format: int32 - type: integer - sources: -- description: list of volume projections -+ description: sources is the list of volume -+ projections - items: - description: Projection that may be projected - along with other supported volume types - properties: - configMap: -- description: information about the configMap -- data to project -+ description: configMap information about -+ the configMap data to project - properties: - items: -- description: If unspecified, each -- key-value pair in the Data field -- of the referenced ConfigMap will -- be projected into the volume as -- a file whose name is the key and -- content is the value. If specified, -+ description: items if unspecified, -+ each key-value pair in the Data -+ field of the referenced ConfigMap -+ will be projected into the volume -+ as a file whose name is the key -+ and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. -@@ -12759,11 +13057,12 @@ spec: - to a path within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key -+ to project. - type: string - mode: -- description: 'Optional: mode -- bits used to set permissions -+ description: 'mode is Optional: -+ mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value -@@ -12781,7 +13080,7 @@ spec: - format: int32 - type: integer - path: -- description: The relative -+ description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain -@@ -12801,14 +13100,14 @@ spec: - apiVersion, kind, uid?' - type: string - optional: -- description: Specify whether the -- ConfigMap or its keys must be -- defined -+ description: optional specify whether -+ the ConfigMap or its keys must -+ be defined - type: boolean - type: object - downwardAPI: -- description: information about the downwardAPI -- data to project -+ description: downwardAPI information -+ about the downwardAPI data to project - properties: - items: - description: Items is a list of -@@ -12905,16 +13204,16 @@ spec: - type: array - type: object - secret: -- description: information about the secret -- data to project -+ description: secret information about -+ the secret data to project - properties: - items: -- description: If unspecified, each -- key-value pair in the Data field -- of the referenced Secret will -- be projected into the volume as -- a file whose name is the key and -- content is the value. If specified, -+ description: items if unspecified, -+ each key-value pair in the Data -+ field of the referenced Secret -+ will be projected into the volume -+ as a file whose name is the key -+ and content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. -@@ -12929,11 +13228,12 @@ spec: - to a path within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key -+ to project. - type: string - mode: -- description: 'Optional: mode -- bits used to set permissions -+ description: 'mode is Optional: -+ mode bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value -@@ -12951,7 +13251,7 @@ spec: - format: int32 - type: integer - path: -- description: The relative -+ description: path is the relative - path of the file to map - the key to. May not be an - absolute path. May not contain -@@ -12971,16 +13271,18 @@ spec: - apiVersion, kind, uid?' - type: string - optional: -- description: Specify whether the -- Secret or its key must be defined -+ description: optional field specify -+ whether the Secret or its key -+ must be defined - type: boolean - type: object - serviceAccountToken: -- description: information about the serviceAccountToken -+ description: serviceAccountToken is -+ information about the serviceAccountToken - data to project - properties: - audience: -- description: Audience is the intended -+ description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified in -@@ -12990,7 +13292,7 @@ spec: - of the apiserver. - type: string - expirationSeconds: -- description: ExpirationSeconds is -+ description: expirationSeconds is - the requested duration of validity - of the service account token. - As the token approaches expiration, -@@ -13006,7 +13308,7 @@ spec: - format: int64 - type: integer - path: -- description: Path is the path relative -+ description: path is the path relative - to the mount point of the file - to project the token into. - type: string -@@ -13017,37 +13319,37 @@ spec: - type: array - type: object - quobyte: -- description: Quobyte represents a Quobyte mount -+ description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime - properties: - group: -- description: Group to map volume access to -+ description: group to map volume access to - Default is no group - type: string - readOnly: -- description: ReadOnly here will force the -+ description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. - type: boolean - registry: -- description: Registry represents a single -+ description: registry represents a single - or multiple Quobyte Registry services specified - as a string as host:port pair (multiple - entries are separated with commas) which - acts as the central registry for volumes - type: string - tenant: -- description: Tenant owning the given Quobyte -+ description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is set - by the plugin - type: string - user: -- description: User to map volume access to -+ description: user to map volume access to - Defaults to serivceaccount user - type: string - volume: -- description: Volume is a string that references -+ description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: -@@ -13055,46 +13357,47 @@ spec: - - volume - type: object - rbd: -- description: 'RBD represents a Rados Block Device -+ description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: -- description: 'Filesystem type of the volume -- that you want to mount. Tip: Ensure that -- the filesystem type is supported by the -- host operating system. Examples: "ext4", -- "xfs", "ntfs". Implicitly inferred to be -- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -+ description: 'fsType is the filesystem type -+ of the volume that you want to mount. Tip: -+ Ensure that the filesystem type is supported -+ by the host operating system. Examples: -+ "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. More info: -+ https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - image: -- description: 'The rados image name. More info: -- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'image is the rados image name. -+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: -- description: 'Keyring is the path to key ring -+ description: 'keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: -- description: 'A collection of Ceph monitors. -- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'monitors is a collection of -+ Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: -- description: 'The rados pool name. Default -- is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'pool is the rados pool name. -+ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: -- description: 'ReadOnly here will force the -+ description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: -- description: 'SecretRef is name of the authentication -+ description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: -@@ -13106,38 +13409,39 @@ spec: - type: string - type: object - user: -- description: 'The rados user name. Default -- is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'user is the rados user name. -+ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: -- description: ScaleIO represents a ScaleIO persistent -+ description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. - properties: - fsType: -- description: Filesystem type to mount. Must -- be a filesystem type supported by the host -- operating system. Ex. "ext4", "xfs", "ntfs". -- Default is "xfs". -+ description: fsType is the filesystem type -+ to mount. Must be a filesystem type supported -+ by the host operating system. Ex. "ext4", -+ "xfs", "ntfs". Default is "xfs". - type: string - gateway: -- description: The host address of the ScaleIO -- API Gateway. -+ description: gateway is the host address of -+ the ScaleIO API Gateway. - type: string - protectionDomain: -- description: The name of the ScaleIO Protection -- Domain for the configured storage. -+ description: protectionDomain is the name -+ of the ScaleIO Protection Domain for the -+ configured storage. - type: string - readOnly: -- description: Defaults to false (read/write). -+ description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: -- description: SecretRef references to the secret -+ description: secretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation - will fail. -@@ -13150,26 +13454,27 @@ spec: - type: string - type: object - sslEnabled: -- description: Flag to enable/disable SSL communication -- with Gateway, default false -+ description: sslEnabled Flag enable/disable -+ SSL communication with Gateway, default -+ false - type: boolean - storageMode: -- description: Indicates whether the storage -- for a volume should be ThickProvisioned -+ description: storageMode indicates whether -+ the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: -- description: The ScaleIO Storage Pool associated -- with the protection domain. -+ description: storagePool is the ScaleIO Storage -+ Pool associated with the protection domain. - type: string - system: -- description: The name of the storage system -- as configured in ScaleIO. -+ description: system is the name of the storage -+ system as configured in ScaleIO. - type: string - volumeName: -- description: The name of a volume already -- created in the ScaleIO system that is associated -- with this volume source. -+ description: volumeName is the name of a volume -+ already created in the ScaleIO system that -+ is associated with this volume source. - type: string - required: - - gateway -@@ -13177,25 +13482,26 @@ spec: - - system - type: object - secret: -- description: 'Secret represents a secret that -+ description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: -- description: 'Optional: mode bits used to -- set permissions on created files by default. -- Must be an octal value between 0000 and -- 0777 or a decimal value between 0 and 511. -- YAML accepts both octal and decimal values, -- JSON requires decimal values for mode bits. -- Defaults to 0644. Directories within the -- path are not affected by this setting. This -- might be in conflict with other options -- that affect the file mode, like fsGroup, -- and the result can be other mode bits set.' -+ description: 'defaultMode is Optional: mode -+ bits used to set permissions on created -+ files by default. Must be an octal value -+ between 0000 and 0777 or a decimal value -+ between 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires decimal -+ values for mode bits. Defaults to 0644. -+ Directories within the path are not affected -+ by this setting. This might be in conflict -+ with other options that affect the file -+ mode, like fsGroup, and the result can be -+ other mode bits set.' - format: int32 - type: integer - items: -- description: If unspecified, each key-value -+ description: items If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content -@@ -13212,27 +13518,27 @@ spec: - within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used -- to set permissions on this file. Must -- be an octal value between 0000 and -- 0777 or a decimal value between 0 -- and 511. YAML accepts both octal and -- decimal values, JSON requires decimal -- values for mode bits. If not specified, -- the volume defaultMode will be used. -- This might be in conflict with other -- options that affect the file mode, -- like fsGroup, and the result can be -- other mode bits set.' -+ description: 'mode is Optional: mode -+ bits used to set permissions on this -+ file. Must be an octal value between -+ 0000 and 0777 or a decimal value between -+ 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires -+ decimal values for mode bits. If not -+ specified, the volume defaultMode -+ will be used. This might be in conflict -+ with other options that affect the -+ file mode, like fsGroup, and the result -+ can be other mode bits set.' - format: int32 - type: integer - path: -- description: The relative path of the -- file to map the key to. May not be -- an absolute path. May not contain -+ description: path is the relative path -+ of the file to map the key to. May -+ not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string -@@ -13242,31 +13548,33 @@ spec: - type: object - type: array - optional: -- description: Specify whether the Secret or -- its keys must be defined -+ description: optional field specify whether -+ the Secret or its keys must be defined - type: boolean - secretName: -- description: 'Name of the secret in the pod''s -- namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' -+ description: 'secretName is the name of the -+ secret in the pod''s namespace to use. More -+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: -- description: StorageOS represents a StorageOS -+ description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes nodes. - properties: - fsType: -- description: Filesystem type to mount. Must -- be a filesystem type supported by the host -- operating system. Ex. "ext4", "xfs", "ntfs". -- Implicitly inferred to be "ext4" if unspecified. -+ description: fsType is the filesystem type -+ to mount. Must be a filesystem type supported -+ by the host operating system. Ex. "ext4", -+ "xfs", "ntfs". Implicitly inferred to be -+ "ext4" if unspecified. - type: string - readOnly: -- description: Defaults to false (read/write). -+ description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: -- description: SecretRef specifies the secret -+ description: secretRef specifies the secret - to use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. - properties: -@@ -13278,12 +13586,12 @@ spec: - type: string - type: object - volumeName: -- description: VolumeName is the human-readable -+ description: volumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. - type: string - volumeNamespace: -- description: VolumeNamespace specifies the -+ description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the -@@ -13296,27 +13604,29 @@ spec: - type: string - type: object - vsphereVolume: -- description: VsphereVolume represents a vSphere -+ description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine - properties: - fsType: -- description: Filesystem type to mount. Must -- be a filesystem type supported by the host -- operating system. Ex. "ext4", "xfs", "ntfs". -- Implicitly inferred to be "ext4" if unspecified. -+ description: fsType is filesystem type to -+ mount. Must be a filesystem type supported -+ by the host operating system. Ex. "ext4", -+ "xfs", "ntfs". Implicitly inferred to be -+ "ext4" if unspecified. - type: string - storagePolicyID: -- description: Storage Policy Based Management -- (SPBM) profile ID associated with the StoragePolicyName. -+ description: storagePolicyID is the storage -+ Policy Based Management (SPBM) profile ID -+ associated with the StoragePolicyName. - type: string - storagePolicyName: -- description: Storage Policy Based Management -- (SPBM) profile name. -+ description: storagePolicyName is the storage -+ Policy Based Management (SPBM) profile name. - type: string - volumePath: -- description: Path that identifies vSphere -- volume vmdk -+ description: volumePath is the path that identifies -+ vSphere volume vmdk - type: string - required: - - volumePath -@@ -13349,26 +13659,27 @@ spec: - populate this workspace. - properties: - defaultMode: -- description: 'Optional: mode bits used to set permissions -- on created files by default. Must be an octal value -- between 0000 and 0777 or a decimal value between 0 -- and 511. YAML accepts both octal and decimal values, -- JSON requires decimal values for mode bits. Defaults -- to 0644. Directories within the path are not affected -- by this setting. This might be in conflict with other -- options that affect the file mode, like fsGroup, and -- the result can be other mode bits set.' -+ description: 'defaultMode is optional: mode bits used -+ to set permissions on created files by default. Must -+ be an octal value between 0000 and 0777 or a decimal -+ value between 0 and 511. YAML accepts both octal and -+ decimal values, JSON requires decimal values for mode -+ bits. Defaults to 0644. Directories within the path -+ are not affected by this setting. This might be in -+ conflict with other options that affect the file mode, -+ like fsGroup, and the result can be other mode bits -+ set.' - format: int32 - type: integer - items: -- description: If unspecified, each key-value pair in -- the Data field of the referenced ConfigMap will be -- projected into the volume as a file whose name is -- the key and content is the value. If specified, the -- listed keys will be projected into the specified paths, -- and unlisted keys will not be present. If a key is -- specified which is not present in the ConfigMap, the -- volume setup will error unless it is marked optional. -+ description: items if unspecified, each key-value pair -+ in the Data field of the referenced ConfigMap will -+ be projected into the volume as a file whose name -+ is the key and content is the value. If specified, -+ the listed keys will be projected into the specified -+ paths, and unlisted keys will not be present. If a -+ key is specified which is not present in the ConfigMap, -+ the volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - items: -@@ -13376,26 +13687,26 @@ spec: - volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used to set -- permissions on this file. Must be an octal value -- between 0000 and 0777 or a decimal value between -- 0 and 511. YAML accepts both octal and decimal -- values, JSON requires decimal values for mode -- bits. If not specified, the volume defaultMode -- will be used. This might be in conflict with -- other options that affect the file mode, like -- fsGroup, and the result can be other mode bits -- set.' -+ description: 'mode is Optional: mode bits used -+ to set permissions on this file. Must be an -+ octal value between 0000 and 0777 or a decimal -+ value between 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires decimal values -+ for mode bits. If not specified, the volume -+ defaultMode will be used. This might be in conflict -+ with other options that affect the file mode, -+ like fsGroup, and the result can be other mode -+ bits set.' - format: int32 - type: integer - path: -- description: The relative path of the file to -- map the key to. May not be an absolute path. -- May not contain the path element '..'. May not -- start with the string '..'. -+ description: path is the relative path of the -+ file to map the key to. May not be an absolute -+ path. May not contain the path element '..'. -+ May not start with the string '..'. - type: string - required: - - key -@@ -13407,8 +13718,8 @@ spec: - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: -- description: Specify whether the ConfigMap or its keys -- must be defined -+ description: optional specify whether the ConfigMap -+ or its keys must be defined - type: boolean - type: object - emptyDir: -@@ -13417,22 +13728,24 @@ spec: - Either this OR PersistentVolumeClaim can be used.' - properties: - medium: -- description: 'What type of storage medium should back -- this directory. The default is "" which means to use -- the node''s default medium. Must be an empty string -- (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' -+ description: 'medium represents what type of storage -+ medium should back this directory. The default is -+ "" which means to use the node''s default medium. -+ Must be an empty string (default) or Memory. More -+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string -- description: 'Total amount of local storage required -- for this EmptyDir volume. The size limit is also applicable -- for memory medium. The maximum usage on memory medium -- EmptyDir would be the minimum value between the SizeLimit -- specified here and the sum of memory limits of all -- containers in a pod. The default is nil which means -- that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' -+ description: 'sizeLimit is the total amount of local -+ storage required for this EmptyDir volume. The size -+ limit is also applicable for memory medium. The maximum -+ usage on memory medium EmptyDir would be the minimum -+ value between the SizeLimit specified here and the -+ sum of memory limits of all containers in a pod. The -+ default is nil which means that the limit is undefined. -+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object -@@ -13446,13 +13759,13 @@ spec: - Either this OR EmptyDir can be used. - properties: - claimName: -- description: 'ClaimName is the name of a PersistentVolumeClaim -+ description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: -- description: Will force the ReadOnly setting in VolumeMounts. -- Default false. -+ description: readOnly Will force the ReadOnly setting -+ in VolumeMounts. Default false. - type: boolean - required: - - claimName -@@ -13462,53 +13775,54 @@ spec: - this workspace. - properties: - defaultMode: -- description: 'Optional: mode bits used to set permissions -- on created files by default. Must be an octal value -- between 0000 and 0777 or a decimal value between 0 -- and 511. YAML accepts both octal and decimal values, -- JSON requires decimal values for mode bits. Defaults -- to 0644. Directories within the path are not affected -- by this setting. This might be in conflict with other -- options that affect the file mode, like fsGroup, and -- the result can be other mode bits set.' -+ description: 'defaultMode is Optional: mode bits used -+ to set permissions on created files by default. Must -+ be an octal value between 0000 and 0777 or a decimal -+ value between 0 and 511. YAML accepts both octal and -+ decimal values, JSON requires decimal values for mode -+ bits. Defaults to 0644. Directories within the path -+ are not affected by this setting. This might be in -+ conflict with other options that affect the file mode, -+ like fsGroup, and the result can be other mode bits -+ set.' - format: int32 - type: integer - items: -- description: If unspecified, each key-value pair in -- the Data field of the referenced Secret will be projected -- into the volume as a file whose name is the key and -- content is the value. If specified, the listed keys -- will be projected into the specified paths, and unlisted -- keys will not be present. If a key is specified which -- is not present in the Secret, the volume setup will -- error unless it is marked optional. Paths must be -- relative and may not contain the '..' path or start -- with '..'. -+ description: items If unspecified, each key-value pair -+ in the Data field of the referenced Secret will be -+ projected into the volume as a file whose name is -+ the key and content is the value. If specified, the -+ listed keys will be projected into the specified paths, -+ and unlisted keys will not be present. If a key is -+ specified which is not present in the Secret, the -+ volume setup will error unless it is marked optional. -+ Paths must be relative and may not contain the '..' -+ path or start with '..'. - items: - description: Maps a string key to a path within a - volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used to set -- permissions on this file. Must be an octal value -- between 0000 and 0777 or a decimal value between -- 0 and 511. YAML accepts both octal and decimal -- values, JSON requires decimal values for mode -- bits. If not specified, the volume defaultMode -- will be used. This might be in conflict with -- other options that affect the file mode, like -- fsGroup, and the result can be other mode bits -- set.' -+ description: 'mode is Optional: mode bits used -+ to set permissions on this file. Must be an -+ octal value between 0000 and 0777 or a decimal -+ value between 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires decimal values -+ for mode bits. If not specified, the volume -+ defaultMode will be used. This might be in conflict -+ with other options that affect the file mode, -+ like fsGroup, and the result can be other mode -+ bits set.' - format: int32 - type: integer - path: -- description: The relative path of the file to -- map the key to. May not be an absolute path. -- May not contain the path element '..'. May not -- start with the string '..'. -+ description: path is the relative path of the -+ file to map the key to. May not be an absolute -+ path. May not contain the path element '..'. -+ May not start with the string '..'. - type: string - required: - - key -@@ -13516,12 +13830,12 @@ spec: - type: object - type: array - optional: -- description: Specify whether the Secret or its keys -- must be defined -+ description: optional field specify whether the Secret -+ or its keys must be defined - type: boolean - secretName: -- description: 'Name of the secret in the pod''s namespace -- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' -+ description: 'secretName is the name of the secret in -+ the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - subPath: -@@ -13553,18 +13867,18 @@ spec: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: -- description: 'Spec defines the desired characteristics -+ description: 'spec defines the desired characteristics - of a volume requested by a pod author. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: -- description: 'AccessModes contains the desired access -+ description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: -- description: 'This field can be used to specify -+ description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support -@@ -13594,14 +13908,14 @@ spec: - - name - type: object - dataSourceRef: -- description: 'Specifies the object from which to -- populate the volume with data, if a non-empty -- volume is desired. This may be any local object -- from a non-empty API group (non core object) or -- a PersistentVolumeClaim object. When this field -- is specified, volume binding will only succeed -- if the type of the specified object matches some -- installed volume populator or dynamic provisioner. -+ description: 'dataSourceRef specifies the object -+ from which to populate the volume with data, if -+ a non-empty volume is desired. This may be any -+ local object from a non-empty API group (non core -+ object) or a PersistentVolumeClaim object. When -+ this field is specified, volume binding will only -+ succeed if the type of the specified object matches -+ some installed volume populator or dynamic provisioner. - This field will replace the functionality of the - DataSource field and as such if both fields are - non-empty, they must have the same value. For -@@ -13616,7 +13930,7 @@ spec: - DataSource ignores disallowed values (dropping - them), DataSourceRef preserves all values, and - generates an error if a disallowed value is specified. -- (Alpha) Using this field requires the AnyVolumeDataSource -+ (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: -@@ -13639,8 +13953,12 @@ spec: - - name - type: object - resources: -- description: 'Resources represents the minimum resources -- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' -+ description: 'resources represents the minimum resources -+ the volume should have. If RecoverVolumeExpansionFailure -+ feature is enabled users are allowed to specify -+ resource requirements that are lower than previous -+ value but must still be higher than capacity recorded -+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: -@@ -13668,8 +13986,8 @@ spec: - type: object - type: object - selector: -- description: A label query over volumes to consider -- for binding. -+ description: selector is a label query over volumes -+ to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label -@@ -13719,8 +14037,9 @@ spec: - type: object - type: object - storageClassName: -- description: 'Name of the StorageClass required -- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' -+ description: 'storageClassName is the name of the -+ StorageClass required by the claim. More info: -+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume -@@ -13728,22 +14047,44 @@ spec: - is implied when not included in claim spec. - type: string - volumeName: -- description: VolumeName is the binding reference -+ description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - status: -- description: 'Status represents the current information/status -+ description: 'status represents the current information/status - of a persistent volume claim. Read-only. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: -- description: 'AccessModes contains the actual access -+ description: 'accessModes contains the actual access - modes the volume backing the PVC has. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array -+ allocatedResources: -+ additionalProperties: -+ anyOf: -+ - type: integer -+ - type: string -+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ -+ x-kubernetes-int-or-string: true -+ description: allocatedResources is the storage resource -+ within AllocatedResources tracks the capacity -+ allocated to a PVC. It may be larger than the -+ actual capacity when a volume expansion operation -+ is requested. For storage quota, the larger value -+ from allocatedResources and PVC.spec.resources -+ is used. If allocatedResources is not set, PVC.spec.resources -+ alone is used for quota calculation. If a volume -+ expansion capacity request is lowered, allocatedResources -+ is only lowered if there are no expansion operations -+ in progress and if the actual volume capacity -+ is equal or lower than the requested capacity. -+ This is an alpha field and requires enabling RecoverVolumeExpansionFailure -+ feature. -+ type: object - capacity: - additionalProperties: - anyOf: -@@ -13751,37 +14092,40 @@ spec: - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true -- description: Represents the actual resources of -- the underlying volume. -+ description: capacity represents the actual resources -+ of the underlying volume. - type: object - conditions: -- description: Current Condition of persistent volume -- claim. If underlying persistent volume is being -- resized then the Condition will be set to 'ResizeStarted'. -+ description: conditions is the current Condition -+ of persistent volume claim. If underlying persistent -+ volume is being resized then the Condition will -+ be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails - details about state of pvc - properties: - lastProbeTime: -- description: Last time we probed the condition. -+ description: lastProbeTime is the time we -+ probed the condition. - format: date-time - type: string - lastTransitionTime: -- description: Last time the condition transitioned -- from one status to another. -+ description: lastTransitionTime is the time -+ the condition transitioned from one status -+ to another. - format: date-time - type: string - message: -- description: Human-readable message indicating -- details about last transition. -+ description: message is the human-readable -+ message indicating details about last transition. - type: string - reason: -- description: Unique, this should be a short, -- machine understandable string that gives -- the reason for condition's last transition. -- If it reports "ResizeStarted" that means -- the underlying persistent volume is being -- resized. -+ description: reason is a unique, this should -+ be a short, machine understandable string -+ that gives the reason for condition's last -+ transition. If it reports "ResizeStarted" -+ that means the underlying persistent volume -+ is being resized. - type: string - status: - type: string -@@ -13795,9 +14139,17 @@ spec: - type: object - type: array - phase: -- description: Phase represents the current phase -+ description: phase represents the current phase - of PersistentVolumeClaim. - type: string -+ resizeStatus: -+ description: resizeStatus stores status of resize -+ operation. ResizeStatus is not set by default -+ but when expansion is complete resizeStatus is -+ set to empty string by resize controller or kubelet. -+ This is an alpha field and requires enabling RecoverVolumeExpansionFailure -+ feature. -+ type: string - type: object - type: object - required: -@@ -14118,9 +14470,7 @@ spec: - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty -- selector ({}) matches all namespaces. This -- field is beta-level and is only honored when -- PodAffinityNamespaceSelector feature is enabled. -+ selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list -@@ -14177,7 +14527,7 @@ spec: - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this -- pod's namespace" -+ pod's namespace". - items: - type: string - type: array -@@ -14281,9 +14631,7 @@ spec: - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector -- ({}) matches all namespaces. This field is beta-level -- and is only honored when PodAffinityNamespaceSelector -- feature is enabled. -+ ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label -@@ -14338,7 +14686,7 @@ spec: - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list -- and null namespaceSelector means "this pod's namespace" -+ and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array -@@ -14442,9 +14790,7 @@ spec: - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty -- selector ({}) matches all namespaces. This -- field is beta-level and is only honored when -- PodAffinityNamespaceSelector feature is enabled. -+ selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list -@@ -14501,7 +14847,7 @@ spec: - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this -- pod's namespace" -+ pod's namespace". - items: - type: string - type: array -@@ -14605,9 +14951,7 @@ spec: - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector -- ({}) matches all namespaces. This field is beta-level -- and is only honored when PodAffinityNamespaceSelector -- feature is enabled. -+ ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label -@@ -14662,7 +15006,7 @@ spec: - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list -- and null namespaceSelector means "this pod's namespace" -+ and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array -@@ -14694,11 +15038,11 @@ spec: - run within a pod. - properties: - args: -- description: 'Arguments to the entrypoint. The docker image''s -- CMD is used if this is not provided. Variable references -- $(VAR_NAME) are expanded using the container''s environment. -- If a variable cannot be resolved, the reference in the -- input string will be unchanged. Double $$ are reduced -+ description: 'Arguments to the entrypoint. The container -+ image''s CMD is used if this is not provided. Variable -+ references $(VAR_NAME) are expanded using the container''s -+ environment. If a variable cannot be resolved, the reference -+ in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never be expanded, -@@ -14709,7 +15053,7 @@ spec: - type: array - command: - description: 'Entrypoint array. Not executed within a shell. -- The docker image''s ENTRYPOINT is used if this is not -+ The container image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be -@@ -14885,7 +15229,7 @@ spec: - type: object - type: array - image: -- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images -+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' -@@ -14907,8 +15251,7 @@ spec: - blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to -@@ -14970,9 +15313,11 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle hook' -+ description: Deprecated. TCPSocket is NOT supported -+ as a LifecycleHandler and kept for the backward -+ compatibility. There are no validation of this -+ field and lifecycle hooks will fail in runtime -+ when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect -@@ -14995,19 +15340,17 @@ spec: - container is terminated due to an API request or management - event such as liveness/startup probe failure, preemption, - resource contention, etc. The handler is not called -- if the container crashes or exits. The reason for -- termination is passed to the handler. The Pod''s termination -- grace period countdown begins before the PreStop hooked -+ if the container crashes or exits. The Pod''s termination -+ grace period countdown begins before the PreStop hook - is executed. Regardless of the outcome of the handler, - the container will eventually terminate within the -- Pod''s termination grace period. Other management -- of the container blocks until the hook completes or -- until the termination grace period is reached. More -- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' -+ Pod''s termination grace period (unless delayed by -+ finalizers). Other management of the container blocks -+ until the hook completes or until the termination -+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to -@@ -15069,9 +15412,11 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle hook' -+ description: Deprecated. TCPSocket is NOT supported -+ as a LifecycleHandler and kept for the backward -+ compatibility. There are no validation of this -+ field and lifecycle hooks will fail in runtime -+ when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect -@@ -15096,8 +15441,7 @@ spec: - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute -@@ -15119,6 +15463,25 @@ spec: - to 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving a GRPC -+ port. This is a beta field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC service. Number -+ must be in the range 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of the service -+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default behavior -+ is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: -@@ -15182,9 +15545,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: TCPSocket specifies an action involving -+ a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, -@@ -15287,8 +15649,7 @@ spec: - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute -@@ -15310,6 +15671,25 @@ spec: - to 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving a GRPC -+ port. This is a beta field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC service. Number -+ must be in the range 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of the service -+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default behavior -+ is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: -@@ -15373,9 +15753,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: TCPSocket specifies an action involving -+ a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, -@@ -15457,12 +15836,14 @@ spec: - process. This bool directly controls if the no_new_privs - flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged -- 2) has CAP_SYS_ADMIN' -+ 2) has CAP_SYS_ADMIN Note that this field cannot be -+ set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities -- granted by the container runtime. -+ granted by the container runtime. Note that this field -+ cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities -@@ -15482,25 +15863,29 @@ spec: - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent -- to root on the host. Defaults to false. -+ to root on the host. Defaults to false. Note that -+ this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType -- feature flag to be enabled. -+ feature flag to be enabled. Note that this field cannot -+ be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only -- root filesystem. Default is false. -+ root filesystem. Default is false. Note that this -+ field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field cannot be set -+ when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: -@@ -15519,6 +15904,8 @@ spec: - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. -+ Note that this field cannot be set when spec.os.name -+ is windows. - format: int64 - type: integer - seLinuxOptions: -@@ -15527,7 +15914,9 @@ spec: - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value -- specified in SecurityContext takes precedence. -+ specified in SecurityContext takes precedence. Note -+ that this field cannot be set when spec.os.name is -+ windows. - properties: - level: - description: Level is SELinux level label that applies -@@ -15550,7 +15939,8 @@ spec: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & - container level, the container options override the -- pod options. -+ pod options. Note that this field cannot be set when -+ spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile -@@ -15576,7 +15966,8 @@ spec: - all containers. If unspecified, the options from the - PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field cannot be set -+ when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA -@@ -15623,8 +16014,7 @@ spec: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute -@@ -15646,6 +16036,25 @@ spec: - to 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving a GRPC -+ port. This is a beta field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC service. Number -+ must be in the range 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of the service -+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default behavior -+ is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: -@@ -15709,9 +16118,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: TCPSocket specifies an action involving -+ a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, -@@ -15924,23 +16332,23 @@ spec: - creating a pod, and it cannot be modified by updating the pod - spec. In order to add an ephemeral container to an existing - pod, use the pod's ephemeralcontainers subresource. This field -- is alpha-level and is only honored by servers that enable the -- EphemeralContainers feature. -+ is beta-level and available on clusters that haven't disabled -+ the EphemeralContainers feature gate. - items: -- description: An EphemeralContainer is a container that may be -- added temporarily to an existing pod for user-initiated activities -+ description: "An EphemeralContainer is a temporary container -+ that you may add to an existing Pod for user-initiated activities - such as debugging. Ephemeral containers have no resource or - scheduling guarantees, and they will not be restarted when -- they exit or when a pod is removed or restarted. If an ephemeral -- container causes a pod to exceed its resource allocation, -- the pod may be evicted. Ephemeral containers may not be added -- by directly updating the pod spec. They must be added via -- the pod's ephemeralcontainers subresource, and they will appear -- in the pod spec once added. This is an alpha feature enabled -- by the EphemeralContainers feature flag. -+ they exit or when a Pod is removed or restarted. The kubelet -+ may evict a Pod if an ephemeral container causes the Pod to -+ exceed its resource allocation. \n To add an ephemeral container, -+ use the ephemeralcontainers subresource of an existing Pod. -+ Ephemeral containers may not be removed or restarted. \n This -+ is a beta feature available on clusters that haven't disabled -+ the EphemeralContainers feature gate." - properties: - args: -- description: 'Arguments to the entrypoint. The docker image''s -+ description: 'Arguments to the entrypoint. The image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the -@@ -15955,16 +16363,15 @@ spec: - type: array - command: - description: 'Entrypoint array. Not executed within a shell. -- The docker image''s ENTRYPOINT is used if this is not -- provided. Variable references $(VAR_NAME) are expanded -- using the container''s environment. If a variable cannot -- be resolved, the reference in the input string will be -- unchanged. Double $$ are reduced to a single $, which -- allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" -- will produce the string literal "$(VAR_NAME)". Escaped -- references will never be expanded, regardless of whether -- the variable exists or not. Cannot be updated. More info: -- https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' -+ The image''s ENTRYPOINT is used if this is not provided. -+ Variable references $(VAR_NAME) are expanded using the -+ container''s environment. If a variable cannot be resolved, -+ the reference in the input string will be unchanged. Double -+ $$ are reduced to a single $, which allows for escaping -+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce -+ the string literal "$(VAR_NAME)". Escaped references will -+ never be expanded, regardless of whether the variable -+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array -@@ -16131,7 +16538,7 @@ spec: - type: object - type: array - image: -- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' -+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. -@@ -16149,8 +16556,7 @@ spec: - blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to -@@ -16212,9 +16618,11 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle hook' -+ description: Deprecated. TCPSocket is NOT supported -+ as a LifecycleHandler and kept for the backward -+ compatibility. There are no validation of this -+ field and lifecycle hooks will fail in runtime -+ when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect -@@ -16237,19 +16645,17 @@ spec: - container is terminated due to an API request or management - event such as liveness/startup probe failure, preemption, - resource contention, etc. The handler is not called -- if the container crashes or exits. The reason for -- termination is passed to the handler. The Pod''s termination -- grace period countdown begins before the PreStop hooked -+ if the container crashes or exits. The Pod''s termination -+ grace period countdown begins before the PreStop hook - is executed. Regardless of the outcome of the handler, - the container will eventually terminate within the -- Pod''s termination grace period. Other management -- of the container blocks until the hook completes or -- until the termination grace period is reached. More -- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' -+ Pod''s termination grace period (unless delayed by -+ finalizers). Other management of the container blocks -+ until the hook completes or until the termination -+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to -@@ -16311,9 +16717,11 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle hook' -+ description: Deprecated. TCPSocket is NOT supported -+ as a LifecycleHandler and kept for the backward -+ compatibility. There are no validation of this -+ field and lifecycle hooks will fail in runtime -+ when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect -@@ -16336,8 +16744,7 @@ spec: - description: Probes are not allowed for ephemeral containers. - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute -@@ -16359,6 +16766,25 @@ spec: - to 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving a GRPC -+ port. This is a beta field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC service. Number -+ must be in the range 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of the service -+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default behavior -+ is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: -@@ -16422,9 +16848,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: TCPSocket specifies an action involving -+ a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, -@@ -16510,12 +16935,15 @@ spec: - - containerPort - type: object - type: array -+ x-kubernetes-list-map-keys: -+ - containerPort -+ - protocol -+ x-kubernetes-list-type: map - readinessProbe: - description: Probes are not allowed for ephemeral containers. - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute -@@ -16537,6 +16965,25 @@ spec: - to 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving a GRPC -+ port. This is a beta field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC service. Number -+ must be in the range 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of the service -+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default behavior -+ is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: -@@ -16600,9 +17047,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: TCPSocket specifies an action involving -+ a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, -@@ -16685,12 +17131,14 @@ spec: - process. This bool directly controls if the no_new_privs - flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged -- 2) has CAP_SYS_ADMIN' -+ 2) has CAP_SYS_ADMIN Note that this field cannot be -+ set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities -- granted by the container runtime. -+ granted by the container runtime. Note that this field -+ cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities -@@ -16710,25 +17158,29 @@ spec: - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent -- to root on the host. Defaults to false. -+ to root on the host. Defaults to false. Note that -+ this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType -- feature flag to be enabled. -+ feature flag to be enabled. Note that this field cannot -+ be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only -- root filesystem. Default is false. -+ root filesystem. Default is false. Note that this -+ field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field cannot be set -+ when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: -@@ -16747,6 +17199,8 @@ spec: - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. -+ Note that this field cannot be set when spec.os.name -+ is windows. - format: int64 - type: integer - seLinuxOptions: -@@ -16755,7 +17209,9 @@ spec: - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value -- specified in SecurityContext takes precedence. -+ specified in SecurityContext takes precedence. Note -+ that this field cannot be set when spec.os.name is -+ windows. - properties: - level: - description: Level is SELinux level label that applies -@@ -16778,7 +17234,8 @@ spec: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & - container level, the container options override the -- pod options. -+ pod options. Note that this field cannot be set when -+ spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile -@@ -16804,7 +17261,8 @@ spec: - all containers. If unspecified, the options from the - PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field cannot be set -+ when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA -@@ -16843,8 +17301,7 @@ spec: - description: Probes are not allowed for ephemeral containers. - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute -@@ -16866,6 +17323,25 @@ spec: - to 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving a GRPC -+ port. This is a beta field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC service. Number -+ must be in the range 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of the service -+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default behavior -+ is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: -@@ -16929,9 +17405,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: TCPSocket specifies an action involving -+ a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, -@@ -16993,12 +17468,14 @@ spec: - EOF. Default is false - type: boolean - targetContainerName: -- description: If set, the name of the container from PodSpec -+ description: "If set, the name of the container from PodSpec - that this ephemeral container targets. The ephemeral container - will be run in the namespaces (IPC, PID, etc) of this -- container. If not set then the ephemeral container is -- run in whatever namespaces are shared for the pod. Note -- that the container runtime must support this feature. -+ container. If not set then the ephemeral container uses -+ the namespaces configured in the Pod spec. \n The container -+ runtime must implement support for this feature. If the -+ runtime does not support namespace targeting then the -+ result of setting this field is undefined." - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which -@@ -17047,6 +17524,7 @@ spec: - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. -+ Subpath mounts are not allowed for ephemeral containers. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume -@@ -17136,8 +17614,7 @@ spec: - to secrets in the same namespace to use for pulling any of the - images used by this PodSpec. If specified, these secrets will - be passed to individual puller implementations for them to use. -- For example, in the case of docker, only DockerConfig type secrets -- are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' -+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. -@@ -17167,11 +17644,11 @@ spec: - run within a pod. - properties: - args: -- description: 'Arguments to the entrypoint. The docker image''s -- CMD is used if this is not provided. Variable references -- $(VAR_NAME) are expanded using the container''s environment. -- If a variable cannot be resolved, the reference in the -- input string will be unchanged. Double $$ are reduced -+ description: 'Arguments to the entrypoint. The container -+ image''s CMD is used if this is not provided. Variable -+ references $(VAR_NAME) are expanded using the container''s -+ environment. If a variable cannot be resolved, the reference -+ in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never be expanded, -@@ -17182,7 +17659,7 @@ spec: - type: array - command: - description: 'Entrypoint array. Not executed within a shell. -- The docker image''s ENTRYPOINT is used if this is not -+ The container image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be -@@ -17358,7 +17835,7 @@ spec: - type: object - type: array - image: -- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images -+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' -@@ -17380,8 +17857,7 @@ spec: - blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to -@@ -17443,9 +17919,11 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle hook' -+ description: Deprecated. TCPSocket is NOT supported -+ as a LifecycleHandler and kept for the backward -+ compatibility. There are no validation of this -+ field and lifecycle hooks will fail in runtime -+ when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect -@@ -17468,19 +17946,17 @@ spec: - container is terminated due to an API request or management - event such as liveness/startup probe failure, preemption, - resource contention, etc. The handler is not called -- if the container crashes or exits. The reason for -- termination is passed to the handler. The Pod''s termination -- grace period countdown begins before the PreStop hooked -+ if the container crashes or exits. The Pod''s termination -+ grace period countdown begins before the PreStop hook - is executed. Regardless of the outcome of the handler, - the container will eventually terminate within the -- Pod''s termination grace period. Other management -- of the container blocks until the hook completes or -- until the termination grace period is reached. More -- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' -+ Pod''s termination grace period (unless delayed by -+ finalizers). Other management of the container blocks -+ until the hook completes or until the termination -+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to -@@ -17542,9 +18018,11 @@ spec: - - port - type: object - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: -- implement a realistic TCP lifecycle hook' -+ description: Deprecated. TCPSocket is NOT supported -+ as a LifecycleHandler and kept for the backward -+ compatibility. There are no validation of this -+ field and lifecycle hooks will fail in runtime -+ when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect -@@ -17569,8 +18047,7 @@ spec: - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute -@@ -17592,6 +18069,25 @@ spec: - to 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving a GRPC -+ port. This is a beta field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC service. Number -+ must be in the range 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of the service -+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default behavior -+ is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: -@@ -17655,9 +18151,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: TCPSocket specifies an action involving -+ a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, -@@ -17760,8 +18255,7 @@ spec: - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute -@@ -17783,6 +18277,25 @@ spec: - to 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving a GRPC -+ port. This is a beta field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC service. Number -+ must be in the range 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of the service -+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default behavior -+ is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: -@@ -17846,9 +18359,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: TCPSocket specifies an action involving -+ a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, -@@ -17930,12 +18442,14 @@ spec: - process. This bool directly controls if the no_new_privs - flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged -- 2) has CAP_SYS_ADMIN' -+ 2) has CAP_SYS_ADMIN Note that this field cannot be -+ set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities -- granted by the container runtime. -+ granted by the container runtime. Note that this field -+ cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities -@@ -17955,25 +18469,29 @@ spec: - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent -- to root on the host. Defaults to false. -+ to root on the host. Defaults to false. Note that -+ this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType -- feature flag to be enabled. -+ feature flag to be enabled. Note that this field cannot -+ be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only -- root filesystem. Default is false. -+ root filesystem. Default is false. Note that this -+ field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field cannot be set -+ when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: -@@ -17992,6 +18510,8 @@ spec: - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. -+ Note that this field cannot be set when spec.os.name -+ is windows. - format: int64 - type: integer - seLinuxOptions: -@@ -18000,7 +18520,9 @@ spec: - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value -- specified in SecurityContext takes precedence. -+ specified in SecurityContext takes precedence. Note -+ that this field cannot be set when spec.os.name is -+ windows. - properties: - level: - description: Level is SELinux level label that applies -@@ -18023,7 +18545,8 @@ spec: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & - container level, the container options override the -- pod options. -+ pod options. Note that this field cannot be set when -+ spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile -@@ -18049,7 +18572,8 @@ spec: - all containers. If unspecified, the options from the - PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field cannot be set -+ when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA -@@ -18096,8 +18620,7 @@ spec: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: -- description: One and only one of the following should -- be specified. Exec specifies the action to take. -+ description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute -@@ -18119,6 +18642,25 @@ spec: - to 3. Minimum value is 1. - format: int32 - type: integer -+ grpc: -+ description: GRPC specifies an action involving a GRPC -+ port. This is a beta field and requires enabling GRPCContainerProbe -+ feature gate. -+ properties: -+ port: -+ description: Port number of the gRPC service. Number -+ must be in the range 1 to 65535. -+ format: int32 -+ type: integer -+ service: -+ description: "Service is the name of the service -+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). -+ \n If this is not specified, the default behavior -+ is defined by gRPC." -+ type: string -+ required: -+ - port -+ type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: -@@ -18182,9 +18724,8 @@ spec: - format: int32 - type: integer - tcpSocket: -- description: 'TCPSocket specifies an action involving -- a TCP port. TCP hooks not yet supported TODO: implement -- a realistic TCP lifecycle hook' -+ description: TCPSocket specifies an action involving -+ a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, -@@ -18355,6 +18896,34 @@ spec: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - x-kubernetes-map-type: atomic -+ os: -+ description: "Specifies the OS of the containers in the pod. Some -+ pod and container fields are restricted if this is set. \n If -+ the OS field is set to linux, the following fields must be unset: -+ -securityContext.windowsOptions \n If the OS field is set to -+ windows, following fields must be unset: - spec.hostPID - spec.hostIPC -+ - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile -+ - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy -+ - spec.securityContext.sysctls - spec.shareProcessNamespace -+ - spec.securityContext.runAsUser - spec.securityContext.runAsGroup -+ - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions -+ - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities -+ - spec.containers[*].securityContext.readOnlyRootFilesystem -+ - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation -+ - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser -+ - spec.containers[*].securityContext.runAsGroup This is a beta -+ field and requires the IdentifyPodOS feature" -+ properties: -+ name: -+ description: 'Name is the name of the operating system. The -+ currently supported values are linux and windows. Additional -+ value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration -+ Clients should expect to handle additional values and treat -+ unrecognized values in this field as os: null' -+ type: string -+ required: -+ - name -+ type: object - overhead: - additionalProperties: - anyOf: -@@ -18371,15 +18940,12 @@ spec: - the overhead already set. If RuntimeClass is configured and - selected in the PodSpec, Overhead will be set to the value defined - in the corresponding RuntimeClass, otherwise it will remain -- unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md -- This field is beta-level as of Kubernetes v1.18, and is only -- honored by servers that enable the PodOverhead feature.' -+ unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' - type: object - preemptionPolicy: - description: PreemptionPolicy is the Policy for preempting pods - with lower priority. One of Never, PreemptLowerPriority. Defaults -- to PreemptLowerPriority if unset. This field is beta-level, -- gated by the NonPreemptingPriority feature-gate. -+ to PreemptLowerPriority if unset. - type: string - priority: - description: The priority value. Various system components use -@@ -18425,8 +18991,7 @@ spec: - no RuntimeClass resource matches the named class, the pod will - not be run. If unset or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with an empty definition -- that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class -- This is a beta feature as of Kubernetes v1.14.' -+ that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' - type: string - schedulerName: - description: If specified, the pod will be dispatched by specified -@@ -18446,7 +19011,8 @@ spec: - bit is set (new files created in the volume will be owned - by FSGroup) 3. The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify the ownership and -- permissions of any volume." -+ permissions of any volume. Note that this field cannot be -+ set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: -@@ -18456,14 +19022,16 @@ spec: - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" -- and "Always". If not specified, "Always" is used.' -+ and "Always". If not specified, "Always" is used. Note that -+ this field cannot be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext -- takes precedence for that container. -+ takes precedence for that container. Note that this field -+ cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: -@@ -18481,6 +19049,8 @@ spec: - unspecified. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. -+ Note that this field cannot be set when spec.os.name is -+ windows. - format: int64 - type: integer - seLinuxOptions: -@@ -18489,7 +19059,8 @@ spec: - SELinux context for each container. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence -- for that container. -+ for that container. Note that this field cannot be set when -+ spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies -@@ -18510,7 +19081,8 @@ spec: - type: object - seccompProfile: - description: The seccomp options to use by the containers -- in this pod. -+ in this pod. Note that this field cannot be set when spec.os.name -+ is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined -@@ -18533,6 +19105,8 @@ spec: - description: A list of groups applied to the first process - run in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. -+ Note that this field cannot be set when spec.os.name is -+ windows. - items: - format: int64 - type: integer -@@ -18540,7 +19114,8 @@ spec: - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container -- runtime) might fail to launch. -+ runtime) might fail to launch. Note that this field cannot -+ be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: -@@ -18560,7 +19135,8 @@ spec: - containers. If unspecified, the options within a container's - SecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext -- takes precedence. -+ takes precedence. Note that this field cannot be set when -+ spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission -@@ -18740,12 +19316,15 @@ spec: - may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global -- minimum. For example, in a 3-zone cluster, MaxSkew is -- set to 1, and pods with the same labelSelector spread -- as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | -- - if MaxSkew is 1, incoming pod can only be scheduled -- to zone3 to become 1/1/1; scheduling it onto zone1(zone2) -- would make the ActualSkew(2-0) on zone1(zone2) violate -+ minimum. The global minimum is the minimum number of matching -+ pods in an eligible domain or zero if the number of eligible -+ domains is less than MinDomains. For example, in a 3-zone -+ cluster, MaxSkew is set to 1, and pods with the same labelSelector -+ spread as 2/2/1: In this case, the global minimum is 1. -+ | zone1 | zone2 | zone3 | | P P | P P | P | - -+ if MaxSkew is 1, incoming pod can only be scheduled to -+ zone3 to become 2/2/2; scheduling it onto zone1(zone2) -+ would make the ActualSkew(3-1) on zone1(zone2) violate - MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled - onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that -@@ -18753,12 +19332,44 @@ spec: - and 0 is not allowed.' - format: int32 - type: integer -+ minDomains: -+ description: "MinDomains indicates a minimum number of eligible -+ domains. When the number of eligible domains with matching -+ topology keys is less than minDomains, Pod Topology Spread -+ treats \"global minimum\" as 0, and then the calculation -+ of Skew is performed. And when the number of eligible -+ domains with matching topology keys equals or greater -+ than minDomains, this value has no effect on scheduling. -+ As a result, when the number of eligible domains is less -+ than minDomains, scheduler won't schedule more than maxSkew -+ Pods to those domains. If value is nil, the constraint -+ behaves as if MinDomains is equal to 1. Valid values are -+ integers greater than 0. When value is not nil, WhenUnsatisfiable -+ must be DoNotSchedule. \n For example, in a 3-zone cluster, -+ MaxSkew is set to 2, MinDomains is set to 5 and pods with -+ the same labelSelector spread as 2/2/2: | zone1 | zone2 -+ | zone3 | | P P | P P | P P | The number of domains -+ is less than 5(MinDomains), so \"global minimum\" is treated -+ as 0. In this situation, new pod with the same labelSelector -+ cannot be scheduled, because computed skew will be 3(3 -+ - 0) if new Pod is scheduled to any of the three zones, -+ it will violate MaxSkew. \n This is an alpha field and -+ requires enabling MinDomainsInPodTopologySpread feature -+ gate." -+ format: int32 -+ type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. We consider each - as a "bucket", and try to put balanced number -- of pods into each bucket. It's a required field. -+ of pods into each bucket. We define a domain as a particular -+ instance of a topology. Also, we define an eligible domain -+ as a domain whose nodes match the node selector. e.g. -+ If TopologyKey is "kubernetes.io/hostname", each Node -+ is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", -+ each zone is a domain of that topology. It's a required -+ field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with -@@ -18768,7 +19379,7 @@ spec: - pod in any location, but giving higher precedence to - topologies that would help reduce the skew. A constraint - is considered "Unsatisfiable" for an incoming pod if and -- only if every possible node assigment for that pod would -+ only if every possible node assignment for that pod would - violate "MaxSkew" on some topology. For example, in a - 3-zone cluster, MaxSkew is set to 1, and pods with the - same labelSelector spread as 3/1/1: | zone1 | zone2 | -@@ -18797,122 +19408,124 @@ spec: - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: -- description: 'AWSElasticBlockStore represents an AWS Disk -+ description: 'awsElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: -- description: 'Filesystem type of the volume that you -- want to mount. Tip: Ensure that the filesystem type -- is supported by the host operating system. Examples: -+ description: 'fsType is the filesystem type of the volume -+ that you want to mount. Tip: Ensure that the filesystem -+ type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: -- description: 'The partition in the volume that you want -- to mount. If omitted, the default is to mount by volume -- name. Examples: For volume /dev/sda1, you specify -- the partition as "1". Similarly, the volume partition -- for /dev/sda is "0" (or you can leave the property -- empty).' -+ description: 'partition is the partition in the volume -+ that you want to mount. If omitted, the default is -+ to mount by volume name. Examples: For volume /dev/sda1, -+ you specify the partition as "1". Similarly, the volume -+ partition for /dev/sda is "0" (or you can leave the -+ property empty).' - format: int32 - type: integer - readOnly: -- description: 'Specify "true" to force and set the ReadOnly -- property in VolumeMounts to "true". If omitted, the -- default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' -+ description: 'readOnly value true will force the readOnly -+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: -- description: 'Unique ID of the persistent disk resource -- in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' -+ description: 'volumeID is unique ID of the persistent -+ disk resource in AWS (Amazon EBS volume). More info: -+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: -- description: AzureDisk represents an Azure Data Disk mount -+ description: azureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: -- description: 'Host Caching mode: None, Read Only, Read -- Write.' -+ description: 'cachingMode is the Host Caching mode: -+ None, Read Only, Read Write.' - type: string - diskName: -- description: The Name of the data disk in the blob storage -+ description: diskName is the Name of the data disk in -+ the blob storage - type: string - diskURI: -- description: The URI the data disk in the blob storage -+ description: diskURI is the URI of data disk in the -+ blob storage - type: string - fsType: -- description: Filesystem type to mount. Must be a filesystem -- type supported by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to be "ext4" if -- unspecified. -+ description: fsType is Filesystem type to mount. Must -+ be a filesystem type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. - type: string - kind: -- description: 'Expected values Shared: multiple blob -- disks per storage account Dedicated: single blob -- disk per storage account Managed: azure managed data -- disk (only in managed availability set). defaults -+ description: 'kind expected values are Shared: multiple -+ blob disks per storage account Dedicated: single -+ blob disk per storage account Managed: azure managed -+ data disk (only in managed availability set). defaults - to shared' - type: string - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly Defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: -- description: AzureFile represents an Azure File Service -+ description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: -- description: the name of secret that contains Azure -- Storage Account Name and Key -+ description: secretName is the name of secret that -+ contains Azure Storage Account Name and Key - type: string - shareName: -- description: Share Name -+ description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: -- description: CephFS represents a Ceph FS mount on the host -+ description: cephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - properties: - monitors: -- description: 'Required: Monitors is a collection of -- Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'monitors is Required: Monitors is a collection -+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: -- description: 'Optional: Used as the mounted root, rather -- than the full Ceph tree, default is /' -+ description: 'path is Optional: Used as the mounted -+ root, rather than the full Ceph tree, default is /' - type: string - readOnly: -- description: 'Optional: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly setting in VolumeMounts. -- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'readOnly is Optional: Defaults to false -+ (read/write). ReadOnly here will force the ReadOnly -+ setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: -- description: 'Optional: SecretFile is the path to key -- ring for User, default is /etc/ceph/user.secret More -- info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'secretFile is Optional: SecretFile is -+ the path to key ring for User, default is /etc/ceph/user.secret -+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: -- description: 'Optional: SecretRef is reference to the -- authentication secret for User, default is empty. -- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'secretRef is Optional: SecretRef is reference -+ to the authentication secret for User, default is -+ empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -@@ -18921,30 +19534,30 @@ spec: - type: string - type: object - user: -- description: 'Optional: User is the rados user name, -- default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' -+ description: 'user is optional: User is the rados user -+ name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: -- description: 'Cinder represents a cinder volume attached -+ description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: -- description: 'Filesystem type to mount. Must be a filesystem -- type supported by the host operating system. Examples: -- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" -- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' -+ description: 'fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host operating -+ system. Examples: "ext4", "xfs", "ntfs". Implicitly -+ inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: -- description: 'Optional: Defaults to false (read/write). -+ description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: -- description: 'Optional: points to a secret object containing -- parameters used to connect to OpenStack.' -+ description: 'secretRef is optional: points to a secret -+ object containing parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -@@ -18953,37 +19566,38 @@ spec: - type: string - type: object - volumeID: -- description: 'volume id used to identify the volume -- in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' -+ description: 'volumeID used to identify the volume in -+ cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: -- description: ConfigMap represents a configMap that should -+ description: configMap represents a configMap that should - populate this volume - properties: - defaultMode: -- description: 'Optional: mode bits used to set permissions -- on created files by default. Must be an octal value -- between 0000 and 0777 or a decimal value between 0 -- and 511. YAML accepts both octal and decimal values, -- JSON requires decimal values for mode bits. Defaults -- to 0644. Directories within the path are not affected -- by this setting. This might be in conflict with other -- options that affect the file mode, like fsGroup, and -- the result can be other mode bits set.' -+ description: 'defaultMode is optional: mode bits used -+ to set permissions on created files by default. Must -+ be an octal value between 0000 and 0777 or a decimal -+ value between 0 and 511. YAML accepts both octal and -+ decimal values, JSON requires decimal values for mode -+ bits. Defaults to 0644. Directories within the path -+ are not affected by this setting. This might be in -+ conflict with other options that affect the file mode, -+ like fsGroup, and the result can be other mode bits -+ set.' - format: int32 - type: integer - items: -- description: If unspecified, each key-value pair in -- the Data field of the referenced ConfigMap will be -- projected into the volume as a file whose name is -- the key and content is the value. If specified, the -- listed keys will be projected into the specified paths, -- and unlisted keys will not be present. If a key is -- specified which is not present in the ConfigMap, the -- volume setup will error unless it is marked optional. -+ description: items if unspecified, each key-value pair -+ in the Data field of the referenced ConfigMap will -+ be projected into the volume as a file whose name -+ is the key and content is the value. If specified, -+ the listed keys will be projected into the specified -+ paths, and unlisted keys will not be present. If a -+ key is specified which is not present in the ConfigMap, -+ the volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - items: -@@ -18991,26 +19605,26 @@ spec: - volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used to set -- permissions on this file. Must be an octal value -- between 0000 and 0777 or a decimal value between -- 0 and 511. YAML accepts both octal and decimal -- values, JSON requires decimal values for mode -- bits. If not specified, the volume defaultMode -- will be used. This might be in conflict with -- other options that affect the file mode, like -- fsGroup, and the result can be other mode bits -- set.' -+ description: 'mode is Optional: mode bits used -+ to set permissions on this file. Must be an -+ octal value between 0000 and 0777 or a decimal -+ value between 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires decimal values -+ for mode bits. If not specified, the volume -+ defaultMode will be used. This might be in conflict -+ with other options that affect the file mode, -+ like fsGroup, and the result can be other mode -+ bits set.' - format: int32 - type: integer - path: -- description: The relative path of the file to -- map the key to. May not be an absolute path. -- May not contain the path element '..'. May not -- start with the string '..'. -+ description: path is the relative path of the -+ file to map the key to. May not be an absolute -+ path. May not contain the path element '..'. -+ May not start with the string '..'. - type: string - required: - - key -@@ -19022,28 +19636,28 @@ spec: - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: -- description: Specify whether the ConfigMap or its keys -- must be defined -+ description: optional specify whether the ConfigMap -+ or its keys must be defined - type: boolean - type: object - csi: -- description: CSI (Container Storage Interface) represents -+ description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: -- description: Driver is the name of the CSI driver that -+ description: driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: -- description: Filesystem type to mount. Ex. "ext4", "xfs", -- "ntfs". If not provided, the empty value is passed -- to the associated CSI driver which will determine -- the default filesystem to apply. -+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs". -+ If not provided, the empty value is passed to the -+ associated CSI driver which will determine the default -+ filesystem to apply. - type: string - nodePublishSecretRef: -- description: NodePublishSecretRef is a reference to -+ description: nodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, -@@ -19058,13 +19672,13 @@ spec: - type: string - type: object - readOnly: -- description: Specifies a read-only configuration for -- the volume. Defaults to false (read/write). -+ description: readOnly specifies a read-only configuration -+ for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string -- description: VolumeAttributes stores driver-specific -+ description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object -@@ -19072,7 +19686,7 @@ spec: - - driver - type: object - downwardAPI: -- description: DownwardAPI represents downward API about the -+ description: downwardAPI represents downward API about the - pod that should populate this volume - properties: - defaultMode: -@@ -19162,31 +19776,33 @@ spec: - type: array - type: object - emptyDir: -- description: 'EmptyDir represents a temporary directory -+ description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: -- description: 'What type of storage medium should back -- this directory. The default is "" which means to use -- the node''s default medium. Must be an empty string -- (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' -+ description: 'medium represents what type of storage -+ medium should back this directory. The default is -+ "" which means to use the node''s default medium. -+ Must be an empty string (default) or Memory. More -+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string -- description: 'Total amount of local storage required -- for this EmptyDir volume. The size limit is also applicable -- for memory medium. The maximum usage on memory medium -- EmptyDir would be the minimum value between the SizeLimit -- specified here and the sum of memory limits of all -- containers in a pod. The default is nil which means -- that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' -+ description: 'sizeLimit is the total amount of local -+ storage required for this EmptyDir volume. The size -+ limit is also applicable for memory medium. The maximum -+ usage on memory medium EmptyDir would be the minimum -+ value between the SizeLimit specified here and the -+ sum of memory limits of all containers in a pod. The -+ default is nil which means that the limit is undefined. -+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: -- description: "Ephemeral represents a volume that is handled -+ description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is - tied to the pod that defines it - it will be created before - the pod starts, and deleted when the pod is removed. \n -@@ -19204,8 +19820,7 @@ spec: - CSI driver is meant to be used that way - see the documentation - of the driver for more information. \n A pod can use both - types of ephemeral volumes and persistent volumes at the -- same time. \n This is a beta feature and only available -- when the GenericEphemeralVolume feature gate is enabled." -+ same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC -@@ -19243,18 +19858,18 @@ spec: - also valid here. - properties: - accessModes: -- description: 'AccessModes contains the desired -+ description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: -- description: 'This field can be used to specify -- either: * An existing VolumeSnapshot object -- (snapshot.storage.k8s.io/VolumeSnapshot) * -- An existing PVC (PersistentVolumeClaim) If -- the provisioner or an external controller -+ description: 'dataSource field can be used to -+ specify either: * An existing VolumeSnapshot -+ object (snapshot.storage.k8s.io/VolumeSnapshot) -+ * An existing PVC (PersistentVolumeClaim) -+ If the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource -@@ -19282,17 +19897,17 @@ spec: - - name - type: object - dataSourceRef: -- description: 'Specifies the object from which -- to populate the volume with data, if a non-empty -- volume is desired. This may be any local object -- from a non-empty API group (non core object) -- or a PersistentVolumeClaim object. When this -- field is specified, volume binding will only -- succeed if the type of the specified object -- matches some installed volume populator or -- dynamic provisioner. This field will replace -- the functionality of the DataSource field -- and as such if both fields are non-empty, -+ description: 'dataSourceRef specifies the object -+ from which to populate the volume with data, -+ if a non-empty volume is desired. This may -+ be any local object from a non-empty API group -+ (non core object) or a PersistentVolumeClaim -+ object. When this field is specified, volume -+ binding will only succeed if the type of the -+ specified object matches some installed volume -+ populator or dynamic provisioner. This field -+ will replace the functionality of the DataSource -+ field and as such if both fields are non-empty, - they must have the same value. For backwards - compatibility, both fields (DataSource and - DataSourceRef) will be set to the same value -@@ -19305,7 +19920,7 @@ spec: - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves - all values, and generates an error if a disallowed -- value is specified. (Alpha) Using this field -+ value is specified. (Beta) Using this field - requires the AnyVolumeDataSource feature gate - to be enabled.' - properties: -@@ -19329,9 +19944,13 @@ spec: - - name - type: object - resources: -- description: 'Resources represents the minimum -- resources the volume should have. More info: -- https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' -+ description: 'resources represents the minimum -+ resources the volume should have. If RecoverVolumeExpansionFailure -+ feature is enabled users are allowed to specify -+ resource requirements that are lower than -+ previous value but must still be higher than -+ capacity recorded in the status field of the -+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: -@@ -19360,8 +19979,8 @@ spec: - type: object - type: object - selector: -- description: A label query over volumes to consider -- for binding. -+ description: selector is a label query over -+ volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list -@@ -19412,8 +20031,9 @@ spec: - type: object - type: object - storageClassName: -- description: 'Name of the StorageClass required -- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' -+ description: 'storageClassName is the name of -+ the StorageClass required by the claim. More -+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of -@@ -19422,7 +20042,7 @@ spec: - claim spec. - type: string - volumeName: -- description: VolumeName is the binding reference -+ description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object -@@ -19431,32 +20051,34 @@ spec: - type: object - type: object - fc: -- description: FC represents a Fibre Channel resource that -+ description: fc represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - properties: - fsType: -- description: 'Filesystem type to mount. Must be a filesystem -- type supported by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to be "ext4" if -- unspecified. TODO: how do we prevent errors in the -- filesystem from compromising the machine' -+ description: 'fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. TODO: how do we prevent -+ errors in the filesystem from compromising the machine' - type: string - lun: -- description: 'Optional: FC target lun number' -+ description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: -- description: 'Optional: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly setting in VolumeMounts.' -+ description: 'readOnly is Optional: Defaults to false -+ (read/write). ReadOnly here will force the ReadOnly -+ setting in VolumeMounts.' - type: boolean - targetWWNs: -- description: 'Optional: FC target worldwide names (WWNs)' -+ description: 'targetWWNs is Optional: FC target worldwide -+ names (WWNs)' - items: - type: string - type: array - wwids: -- description: 'Optional: FC volume world wide identifiers -+ description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously.' - items: -@@ -19464,35 +20086,37 @@ spec: - type: array - type: object - flexVolume: -- description: FlexVolume represents a generic volume resource -+ description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: -- description: Driver is the name of the driver to use -+ description: driver is the name of the driver to use - for this volume. - type: string - fsType: -- description: Filesystem type to mount. Must be a filesystem -- type supported by the host operating system. Ex. "ext4", -- "xfs", "ntfs". The default filesystem depends on FlexVolume -- script. -+ description: fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". The default filesystem -+ depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string -- description: 'Optional: Extra command options if any.' -+ description: 'options is Optional: this field holds -+ extra command options if any.' - type: object - readOnly: -- description: 'Optional: Defaults to false (read/write). -- ReadOnly here will force the ReadOnly setting in VolumeMounts.' -+ description: 'readOnly is Optional: defaults to false -+ (read/write). ReadOnly here will force the ReadOnly -+ setting in VolumeMounts.' - type: boolean - secretRef: -- description: 'Optional: SecretRef is reference to the -- secret object containing sensitive information to -- pass to the plugin scripts. This may be empty if no -- secret object is specified. If the secret object contains -- more than one secret, all secrets are passed to the -- plugin scripts.' -+ description: 'secretRef is Optional: secretRef is reference -+ to the secret object containing sensitive information -+ to pass to the plugin scripts. This may be empty if -+ no secret object is specified. If the secret object -+ contains more than one secret, all secrets are passed -+ to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -@@ -19504,49 +20128,50 @@ spec: - - driver - type: object - flocker: -- description: Flocker represents a Flocker volume attached -+ description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: -- description: Name of the dataset stored as metadata -- -> name on the dataset for Flocker should be considered -- as deprecated -+ description: datasetName is Name of the dataset stored -+ as metadata -> name on the dataset for Flocker should -+ be considered as deprecated - type: string - datasetUUID: -- description: UUID of the dataset. This is unique identifier -- of a Flocker dataset -+ description: datasetUUID is the UUID of the dataset. -+ This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: -- description: 'GCEPersistentDisk represents a GCE Disk resource -+ description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: -- description: 'Filesystem type of the volume that you -- want to mount. Tip: Ensure that the filesystem type -- is supported by the host operating system. Examples: -+ description: 'fsType is filesystem type of the volume -+ that you want to mount. Tip: Ensure that the filesystem -+ type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: -- description: 'The partition in the volume that you want -- to mount. If omitted, the default is to mount by volume -- name. Examples: For volume /dev/sda1, you specify -- the partition as "1". Similarly, the volume partition -- for /dev/sda is "0" (or you can leave the property -- empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' -+ description: 'partition is the partition in the volume -+ that you want to mount. If omitted, the default is -+ to mount by volume name. Examples: For volume /dev/sda1, -+ you specify the partition as "1". Similarly, the volume -+ partition for /dev/sda is "0" (or you can leave the -+ property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: -- description: 'Unique name of the PD resource in GCE. -- Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' -+ description: 'pdName is unique name of the PD resource -+ in GCE. Used to identify the disk in GCE. More info: -+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: -- description: 'ReadOnly here will force the ReadOnly -+ description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean -@@ -19554,42 +20179,43 @@ spec: - - pdName - type: object - gitRepo: -- description: 'GitRepo represents a git repository at a particular -+ description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an - InitContainer that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' - properties: - directory: -- description: Target directory name. Must not contain -- or start with '..'. If '.' is supplied, the volume -- directory will be the git repository. Otherwise, -+ description: directory is the target directory name. -+ Must not contain or start with '..'. If '.' is supplied, -+ the volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: -- description: Repository URL -+ description: repository is the URL - type: string - revision: -- description: Commit hash for the specified revision. -+ description: revision is the commit hash for the specified -+ revision. - type: string - required: - - repository - type: object - glusterfs: -- description: 'Glusterfs represents a Glusterfs mount on -+ description: 'glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: -- description: 'EndpointsName is the endpoint name that -- details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' -+ description: 'endpoints is the endpoint name that details -+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: -- description: 'Path is the Glusterfs volume path. More -+ description: 'path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: -- description: 'ReadOnly here will force the Glusterfs -+ description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean -@@ -19598,7 +20224,7 @@ spec: - - path - type: object - hostPath: -- description: 'HostPath represents a pre-existing file or -+ description: 'hostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the -@@ -19609,68 +20235,71 @@ spec: - as read/write.' - properties: - path: -- description: 'Path of the directory on the host. If -+ description: 'path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: -- description: 'Type for HostPath Volume Defaults to "" -+ description: 'type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: -- description: 'ISCSI represents an ISCSI Disk resource that -+ description: 'iscsi represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: -- description: whether support iSCSI Discovery CHAP authentication -+ description: chapAuthDiscovery defines whether support -+ iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: -- description: whether support iSCSI Session CHAP authentication -+ description: chapAuthSession defines whether support -+ iSCSI Session CHAP authentication - type: boolean - fsType: -- description: 'Filesystem type of the volume that you -- want to mount. Tip: Ensure that the filesystem type -- is supported by the host operating system. Examples: -+ description: 'fsType is the filesystem type of the volume -+ that you want to mount. Tip: Ensure that the filesystem -+ type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: -- description: Custom iSCSI Initiator Name. If initiatorName -- is specified with iscsiInterface simultaneously, new -- iSCSI interface : will -- be created for the connection. -+ description: initiatorName is the custom iSCSI Initiator -+ Name. If initiatorName is specified with iscsiInterface -+ simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: -- description: Target iSCSI Qualified Name. -+ description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: -- description: iSCSI Interface Name that uses an iSCSI -- transport. Defaults to 'default' (tcp). -+ description: iscsiInterface is the interface Name that -+ uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: -- description: iSCSI Target Lun number. -+ description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: -- description: iSCSI Target Portal List. The portal is -- either an IP or ip_addr:port if the port is other -- than default (typically TCP ports 860 and 3260). -+ description: portals is the iSCSI Target Portal List. -+ The portal is either an IP or ip_addr:port if the -+ port is other than default (typically TCP ports 860 -+ and 3260). - items: - type: string - type: array - readOnly: -- description: ReadOnly here will force the ReadOnly setting -+ description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: -- description: CHAP Secret for iSCSI target and initiator -- authentication -+ description: secretRef is the CHAP Secret for iSCSI -+ target and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -@@ -19679,9 +20308,10 @@ spec: - type: string - type: object - targetPortal: -- description: iSCSI Target Portal. The Portal is either -- an IP or ip_addr:port if the port is other than default -- (typically TCP ports 860 and 3260). -+ description: targetPortal is iSCSI Target Portal. The -+ Portal is either an IP or ip_addr:port if the port -+ is other than default (typically TCP ports 860 and -+ 3260). - type: string - required: - - iqn -@@ -19689,24 +20319,24 @@ spec: - - targetPortal - type: object - name: -- description: 'Volume''s name. Must be a DNS_LABEL and unique -- within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' -+ description: 'name of the volume. Must be a DNS_LABEL and -+ unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: -- description: 'NFS represents an NFS mount on the host that -+ description: 'nfs represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: -- description: 'Path that is exported by the NFS server. -+ description: 'path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: -- description: 'ReadOnly here will force the NFS export -+ description: 'readOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: -- description: 'Server is the hostname or IP address of -+ description: 'server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: -@@ -19714,89 +20344,89 @@ spec: - - server - type: object - persistentVolumeClaim: -- description: 'PersistentVolumeClaimVolumeSource represents -+ description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: -- description: 'ClaimName is the name of a PersistentVolumeClaim -+ description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: -- description: Will force the ReadOnly setting in VolumeMounts. -- Default false. -+ description: readOnly Will force the ReadOnly setting -+ in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: -- description: PhotonPersistentDisk represents a PhotonController -+ description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: -- description: Filesystem type to mount. Must be a filesystem -- type supported by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to be "ext4" if -- unspecified. -+ description: fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. - type: string - pdID: -- description: ID that identifies Photon Controller persistent -- disk -+ description: pdID is the ID that identifies Photon Controller -+ persistent disk - type: string - required: - - pdID - type: object - portworxVolume: -- description: PortworxVolume represents a portworx volume -+ description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: -- description: FSType represents the filesystem type to -+ description: fSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: -- description: VolumeID uniquely identifies a Portworx -+ description: volumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: -- description: Items for all in one resources secrets, configmaps, -- and downward API -+ description: projected items for all in one resources secrets, -+ configmaps, and downward API - properties: - defaultMode: -- description: Mode bits used to set permissions on created -- files by default. Must be an octal value between 0000 -- and 0777 or a decimal value between 0 and 511. YAML -- accepts both octal and decimal values, JSON requires -- decimal values for mode bits. Directories within the -- path are not affected by this setting. This might -- be in conflict with other options that affect the -- file mode, like fsGroup, and the result can be other -- mode bits set. -+ description: defaultMode are the mode bits used to set -+ permissions on created files by default. Must be an -+ octal value between 0000 and 0777 or a decimal value -+ between 0 and 511. YAML accepts both octal and decimal -+ values, JSON requires decimal values for mode bits. -+ Directories within the path are not affected by this -+ setting. This might be in conflict with other options -+ that affect the file mode, like fsGroup, and the result -+ can be other mode bits set. - format: int32 - type: integer - sources: -- description: list of volume projections -+ description: sources is the list of volume projections - items: - description: Projection that may be projected along - with other supported volume types - properties: - configMap: -- description: information about the configMap data -- to project -+ description: configMap information about the configMap -+ data to project - properties: - items: -- description: If unspecified, each key-value -+ description: items if unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content -@@ -19813,27 +20443,27 @@ spec: - within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used -- to set permissions on this file. Must -- be an octal value between 0000 and -- 0777 or a decimal value between 0 -- and 511. YAML accepts both octal and -- decimal values, JSON requires decimal -- values for mode bits. If not specified, -- the volume defaultMode will be used. -- This might be in conflict with other -- options that affect the file mode, -- like fsGroup, and the result can be -- other mode bits set.' -+ description: 'mode is Optional: mode -+ bits used to set permissions on this -+ file. Must be an octal value between -+ 0000 and 0777 or a decimal value between -+ 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires -+ decimal values for mode bits. If not -+ specified, the volume defaultMode -+ will be used. This might be in conflict -+ with other options that affect the -+ file mode, like fsGroup, and the result -+ can be other mode bits set.' - format: int32 - type: integer - path: -- description: The relative path of the -- file to map the key to. May not be -- an absolute path. May not contain -+ description: path is the relative path -+ of the file to map the key to. May -+ not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string -@@ -19849,13 +20479,13 @@ spec: - kind, uid?' - type: string - optional: -- description: Specify whether the ConfigMap -- or its keys must be defined -+ description: optional specify whether the -+ ConfigMap or its keys must be defined - type: boolean - type: object - downwardAPI: -- description: information about the downwardAPI -- data to project -+ description: downwardAPI information about the -+ downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume -@@ -19939,11 +20569,11 @@ spec: - type: array - type: object - secret: -- description: information about the secret data -- to project -+ description: secret information about the secret -+ data to project - properties: - items: -- description: If unspecified, each key-value -+ description: items if unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content -@@ -19960,27 +20590,27 @@ spec: - within a volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used -- to set permissions on this file. Must -- be an octal value between 0000 and -- 0777 or a decimal value between 0 -- and 511. YAML accepts both octal and -- decimal values, JSON requires decimal -- values for mode bits. If not specified, -- the volume defaultMode will be used. -- This might be in conflict with other -- options that affect the file mode, -- like fsGroup, and the result can be -- other mode bits set.' -+ description: 'mode is Optional: mode -+ bits used to set permissions on this -+ file. Must be an octal value between -+ 0000 and 0777 or a decimal value between -+ 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires -+ decimal values for mode bits. If not -+ specified, the volume defaultMode -+ will be used. This might be in conflict -+ with other options that affect the -+ file mode, like fsGroup, and the result -+ can be other mode bits set.' - format: int32 - type: integer - path: -- description: The relative path of the -- file to map the key to. May not be -- an absolute path. May not contain -+ description: path is the relative path -+ of the file to map the key to. May -+ not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string -@@ -19996,16 +20626,16 @@ spec: - kind, uid?' - type: string - optional: -- description: Specify whether the Secret or -- its key must be defined -+ description: optional field specify whether -+ the Secret or its key must be defined - type: boolean - type: object - serviceAccountToken: -- description: information about the serviceAccountToken -- data to project -+ description: serviceAccountToken is information -+ about the serviceAccountToken data to project - properties: - audience: -- description: Audience is the intended audience -+ description: audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise -@@ -20013,7 +20643,7 @@ spec: - to the identifier of the apiserver. - type: string - expirationSeconds: -- description: ExpirationSeconds is the requested -+ description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively -@@ -20026,7 +20656,7 @@ spec: - format: int64 - type: integer - path: -- description: Path is the path relative to -+ description: path is the path relative to - the mount point of the file to project the - token into. - type: string -@@ -20037,35 +20667,35 @@ spec: - type: array - type: object - quobyte: -- description: Quobyte represents a Quobyte mount on the host -+ description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: -- description: Group to map volume access to Default is -+ description: group to map volume access to Default is - no group - type: string - readOnly: -- description: ReadOnly here will force the Quobyte volume -+ description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: -- description: Registry represents a single or multiple -+ description: registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: -- description: Tenant owning the given Quobyte volume -+ description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: -- description: User to map volume access to Defaults to -+ description: user to map volume access to Defaults to - serivceaccount user - type: string - volume: -- description: Volume is a string that references an already -+ description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: -@@ -20073,43 +20703,44 @@ spec: - - volume - type: object - rbd: -- description: 'RBD represents a Rados Block Device mount -+ description: 'rbd represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: -- description: 'Filesystem type of the volume that you -- want to mount. Tip: Ensure that the filesystem type -- is supported by the host operating system. Examples: -+ description: 'fsType is the filesystem type of the volume -+ that you want to mount. Tip: Ensure that the filesystem -+ type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: -- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'image is the rados image name. More info: -+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: -- description: 'Keyring is the path to key ring for RBDUser. -+ description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: -- description: 'A collection of Ceph monitors. More info: -- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'monitors is a collection of Ceph monitors. -+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: -- description: 'The rados pool name. Default is rbd. More -- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'pool is the rados pool name. Default is -+ rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: -- description: 'ReadOnly here will force the ReadOnly -+ description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: -- description: 'SecretRef is name of the authentication -+ description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: -@@ -20120,35 +20751,36 @@ spec: - type: string - type: object - user: -- description: 'The rados user name. Default is admin. -- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' -+ description: 'user is the rados user name. Default is -+ admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: -- description: ScaleIO represents a ScaleIO persistent volume -+ description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: -- description: Filesystem type to mount. Must be a filesystem -- type supported by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Default is "xfs". -+ description: fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: -- description: The host address of the ScaleIO API Gateway. -+ description: gateway is the host address of the ScaleIO -+ API Gateway. - type: string - protectionDomain: -- description: The name of the ScaleIO Protection Domain -- for the configured storage. -+ description: protectionDomain is the name of the ScaleIO -+ Protection Domain for the configured storage. - type: string - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly Defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: -- description: SecretRef references to the secret for -+ description: secretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - properties: -@@ -20159,26 +20791,26 @@ spec: - type: string - type: object - sslEnabled: -- description: Flag to enable/disable SSL communication -+ description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: -- description: Indicates whether the storage for a volume -- should be ThickProvisioned or ThinProvisioned. Default -- is ThinProvisioned. -+ description: storageMode indicates whether the storage -+ for a volume should be ThickProvisioned or ThinProvisioned. -+ Default is ThinProvisioned. - type: string - storagePool: -- description: The ScaleIO Storage Pool associated with -- the protection domain. -+ description: storagePool is the ScaleIO Storage Pool -+ associated with the protection domain. - type: string - system: -- description: The name of the storage system as configured -- in ScaleIO. -+ description: system is the name of the storage system -+ as configured in ScaleIO. - type: string - volumeName: -- description: The name of a volume already created in -- the ScaleIO system that is associated with this volume -- source. -+ description: volumeName is the name of a volume already -+ created in the ScaleIO system that is associated with -+ this volume source. - type: string - required: - - gateway -@@ -20186,57 +20818,58 @@ spec: - - system - type: object - secret: -- description: 'Secret represents a secret that should populate -+ description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: -- description: 'Optional: mode bits used to set permissions -- on created files by default. Must be an octal value -- between 0000 and 0777 or a decimal value between 0 -- and 511. YAML accepts both octal and decimal values, -- JSON requires decimal values for mode bits. Defaults -- to 0644. Directories within the path are not affected -- by this setting. This might be in conflict with other -- options that affect the file mode, like fsGroup, and -- the result can be other mode bits set.' -+ description: 'defaultMode is Optional: mode bits used -+ to set permissions on created files by default. Must -+ be an octal value between 0000 and 0777 or a decimal -+ value between 0 and 511. YAML accepts both octal and -+ decimal values, JSON requires decimal values for mode -+ bits. Defaults to 0644. Directories within the path -+ are not affected by this setting. This might be in -+ conflict with other options that affect the file mode, -+ like fsGroup, and the result can be other mode bits -+ set.' - format: int32 - type: integer - items: -- description: If unspecified, each key-value pair in -- the Data field of the referenced Secret will be projected -- into the volume as a file whose name is the key and -- content is the value. If specified, the listed keys -- will be projected into the specified paths, and unlisted -- keys will not be present. If a key is specified which -- is not present in the Secret, the volume setup will -- error unless it is marked optional. Paths must be -- relative and may not contain the '..' path or start -- with '..'. -+ description: items If unspecified, each key-value pair -+ in the Data field of the referenced Secret will be -+ projected into the volume as a file whose name is -+ the key and content is the value. If specified, the -+ listed keys will be projected into the specified paths, -+ and unlisted keys will not be present. If a key is -+ specified which is not present in the Secret, the -+ volume setup will error unless it is marked optional. -+ Paths must be relative and may not contain the '..' -+ path or start with '..'. - items: - description: Maps a string key to a path within a - volume. - properties: - key: -- description: The key to project. -+ description: key is the key to project. - type: string - mode: -- description: 'Optional: mode bits used to set -- permissions on this file. Must be an octal value -- between 0000 and 0777 or a decimal value between -- 0 and 511. YAML accepts both octal and decimal -- values, JSON requires decimal values for mode -- bits. If not specified, the volume defaultMode -- will be used. This might be in conflict with -- other options that affect the file mode, like -- fsGroup, and the result can be other mode bits -- set.' -+ description: 'mode is Optional: mode bits used -+ to set permissions on this file. Must be an -+ octal value between 0000 and 0777 or a decimal -+ value between 0 and 511. YAML accepts both octal -+ and decimal values, JSON requires decimal values -+ for mode bits. If not specified, the volume -+ defaultMode will be used. This might be in conflict -+ with other options that affect the file mode, -+ like fsGroup, and the result can be other mode -+ bits set.' - format: int32 - type: integer - path: -- description: The relative path of the file to -- map the key to. May not be an absolute path. -- May not contain the path element '..'. May not -- start with the string '..'. -+ description: path is the relative path of the -+ file to map the key to. May not be an absolute -+ path. May not contain the path element '..'. -+ May not start with the string '..'. - type: string - required: - - key -@@ -20244,30 +20877,30 @@ spec: - type: object - type: array - optional: -- description: Specify whether the Secret or its keys -- must be defined -+ description: optional field specify whether the Secret -+ or its keys must be defined - type: boolean - secretName: -- description: 'Name of the secret in the pod''s namespace -- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' -+ description: 'secretName is the name of the secret in -+ the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: -- description: StorageOS represents a StorageOS volume attached -+ description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: -- description: Filesystem type to mount. Must be a filesystem -- type supported by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to be "ext4" if -- unspecified. -+ description: fsType is the filesystem type to mount. -+ Must be a filesystem type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. - type: string - readOnly: -- description: Defaults to false (read/write). ReadOnly -- here will force the ReadOnly setting in VolumeMounts. -+ description: readOnly defaults to false (read/write). -+ ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: -- description: SecretRef specifies the secret to use for -+ description: secretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - properties: -@@ -20278,12 +20911,12 @@ spec: - type: string - type: object - volumeName: -- description: VolumeName is the human-readable name of -+ description: volumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: -- description: VolumeNamespace specifies the scope of -+ description: volumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within -@@ -20295,25 +20928,26 @@ spec: - type: string - type: object - vsphereVolume: -- description: VsphereVolume represents a vSphere volume attached -+ description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: -- description: Filesystem type to mount. Must be a filesystem -- type supported by the host operating system. Ex. "ext4", -- "xfs", "ntfs". Implicitly inferred to be "ext4" if -- unspecified. -+ description: fsType is filesystem type to mount. Must -+ be a filesystem type supported by the host operating -+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred -+ to be "ext4" if unspecified. - type: string - storagePolicyID: -- description: Storage Policy Based Management (SPBM) -- profile ID associated with the StoragePolicyName. -+ description: storagePolicyID is the storage Policy Based -+ Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: -- description: Storage Policy Based Management (SPBM) -- profile name. -+ description: storagePolicyName is the storage Policy -+ Based Management (SPBM) profile name. - type: string - volumePath: -- description: Path that identifies vSphere volume vmdk -+ description: volumePath is the path that identifies -+ vSphere volume vmdk - type: string - required: - - volumePath From 306f495f498a50ba0597a15acdb10b6c78b310f0 Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Fri, 25 Nov 2022 10:31:16 +0100 Subject: [PATCH 07/17] help, external_plugin: botreview plug in comment Signed-off-by: Daniel Hiller --- external-plugins/botreview/review/review.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go index 68b27ea92f..80a74158b2 100644 --- a/external-plugins/botreview/review/review.go +++ b/external-plugins/botreview/review/review.go @@ -144,13 +144,20 @@ func (r *Reviewer) ReviewLocalCode() ([]BotReviewResult, error) { return results, nil } +var botReviewCommentPattern = `@%s's review-bot says: + +%v + +**Note: botreview (kubevirt/project-infra#2448) is a Work In Progress!** +` + func (r *Reviewer) AttachReviewComments(botReviewResults []BotReviewResult, githubClient github.Client) error { botUser, err := githubClient.BotUser() if err != nil { return fmt.Errorf("error while fetching user data: %v", err) } for _, reviewResult := range botReviewResults { - botReviewComment := fmt.Sprintf("@%s's review-bot says:\n\n%v", botUser.Login, reviewResult) + botReviewComment := fmt.Sprintf(botReviewCommentPattern, botUser.Login, reviewResult) if !r.dryRun { err = githubClient.CreateComment(r.org, r.repo, r.num, botReviewComment) if err != nil { From 8e74a034353e97daa329fb74830d9b3b869e58a2 Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Fri, 23 Jun 2023 12:53:47 +0200 Subject: [PATCH 08/17] fix: handle mixed review types Signed-off-by: Daniel Hiller --- .../botreview/review/bump_kubevirtci.go | 16 +++-- .../botreview/review/image_update.go | 16 +++-- .../botreview/review/prow_autobump.go | 20 +++--- external-plugins/botreview/review/review.go | 71 +++++++++++++++---- 4 files changed, 88 insertions(+), 35 deletions(-) diff --git a/external-plugins/botreview/review/bump_kubevirtci.go b/external-plugins/botreview/review/bump_kubevirtci.go index 5d4bfec4ea..82009dd47b 100644 --- a/external-plugins/botreview/review/bump_kubevirtci.go +++ b/external-plugins/botreview/review/bump_kubevirtci.go @@ -27,12 +27,8 @@ import ( ) const ( - bumpKubevirtCIApproveComment = `This looks like a simple kubevirtci bump. The bot approves. - -/lgtm -/approve -` - bumpKubevirtCIDisapproveComment = `This doesn't look like a simple kubevirtci bump. + bumpKubevirtCIApproveComment = `:thumbsup: This looks like a simple kubevirtci bump.` + bumpKubevirtCIDisapproveComment = `:thumbsdown: This doesn't look like a simple kubevirtci bump. These are the suspicious hunks I found: ` @@ -52,6 +48,14 @@ type BumpKubevirtCIResult struct { notMatchingHunks []*diff.Hunk } +func (r BumpKubevirtCIResult) IsApproved() bool { + return len(r.notMatchingHunks) == 0 +} + +func (r BumpKubevirtCIResult) CanMerge() bool { + return true +} + func (r BumpKubevirtCIResult) String() string { if len(r.notMatchingHunks) == 0 { return bumpKubevirtCIApproveComment diff --git a/external-plugins/botreview/review/image_update.go b/external-plugins/botreview/review/image_update.go index 75d2843022..0fad6c88c6 100644 --- a/external-plugins/botreview/review/image_update.go +++ b/external-plugins/botreview/review/image_update.go @@ -27,12 +27,8 @@ import ( ) const ( - prowJobImageUpdateApproveComment = `This looks like a simple prow job image bump. The bot approves. - -/lgtm -/approve -` - prowJobImageUpdateDisapproveComment = `This doesn't look like a simple prow job image bump. + prowJobImageUpdateApproveComment = `:thumbsup: This looks like a simple prow job image bump.` + prowJobImageUpdateDisapproveComment = `:thumbsdown: This doesn't look like a simple prow job image bump. These are the suspicious hunks I found: ` @@ -64,6 +60,14 @@ func (r ProwJobImageUpdateResult) String() string { } } +func (r ProwJobImageUpdateResult) IsApproved() bool { + return len(r.notMatchingHunks) == 0 +} + +func (r ProwJobImageUpdateResult) CanMerge() bool { + return true +} + type ProwJobImageUpdate struct { relevantFileDiffs []*diff.FileDiff notMatchingHunks []*diff.Hunk diff --git a/external-plugins/botreview/review/prow_autobump.go b/external-plugins/botreview/review/prow_autobump.go index 5446a13208..b1b300c8a1 100644 --- a/external-plugins/botreview/review/prow_autobump.go +++ b/external-plugins/botreview/review/prow_autobump.go @@ -27,16 +27,8 @@ import ( ) const ( - prowAutobumpApproveComment = `This looks like a simple prow autobump. The bot approves. - -/lgtm -/approve - -**Note**: the bot holds for manual removal when the time is right for this to go in. - -/hold -` - prowAutobumpDisapproveComment = `This doesn't look like a simple prow autobump. + prowAutobumpApproveComment = `:thumbsup: This looks like a simple prow autobump.` + prowAutobumpDisapproveComment = `:thumbsdown: This doesn't look like a simple prow autobump. These are the suspicious hunks I found: ` @@ -64,6 +56,14 @@ func (r ProwAutobumpResult) String() string { } } +func (r ProwAutobumpResult) IsApproved() bool { + return len(r.notMatchingHunks) == 0 +} + +func (r ProwAutobumpResult) CanMerge() bool { + return false +} + type ProwAutobump struct { relevantFileDiffs []*diff.FileDiff notMatchingHunks []*diff.Hunk diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go index 80a74158b2..2795a7bd51 100644 --- a/external-plugins/botreview/review/review.go +++ b/external-plugins/botreview/review/review.go @@ -36,6 +36,12 @@ type KindOfChange interface { type BotReviewResult interface { String() string + + // IsApproved states if the review has only expected changes + IsApproved() bool + + // CanMerge states if the pull request can get merged without any further action + CanMerge() bool } func newPossibleReviewTypes() []KindOfChange { @@ -70,6 +76,14 @@ func (n BasicResult) String() string { return n.message } +func (n BasicResult) IsApproved() bool { + return false +} + +func (n BasicResult) CanMerge() bool { + return false +} + type Reviewer struct { l *logrus.Entry org string @@ -129,9 +143,8 @@ func (r *Reviewer) ReviewLocalCode() ([]BotReviewResult, error) { } types := GuessReviewTypes(files) - if len(types) > 1 { - r.info("doesn't look like a simple review, skipping") - r.debugF("reviewTypes: %v", types) + if len(types) == 0 { + r.info("this PR didn't match any review type") return nil, nil } @@ -144,28 +157,60 @@ func (r *Reviewer) ReviewLocalCode() ([]BotReviewResult, error) { return results, nil } -var botReviewCommentPattern = `@%s's review-bot says: +const botReviewCommentPattern = `@%s's review-bot says: + +%s -%v +%s + +%s **Note: botreview (kubevirt/project-infra#2448) is a Work In Progress!** ` +const holdPRComment = `Holding this PR for further manual action to occur. + +/hold` +const unholdPRComment = "This PR does not require further manual action." + +const approvePRComment = `This PR satisfies all automated review criteria. + +/lgtm +/approve` +const unapprovePRComment = "This PR does not satisfy at least one automated review criteria." func (r *Reviewer) AttachReviewComments(botReviewResults []BotReviewResult, githubClient github.Client) error { botUser, err := githubClient.BotUser() if err != nil { return fmt.Errorf("error while fetching user data: %v", err) } + isApproved, canMerge := true, true + botReviewComments := make([]string, 0, len(botReviewResults)) for _, reviewResult := range botReviewResults { - botReviewComment := fmt.Sprintf(botReviewCommentPattern, botUser.Login, reviewResult) - if !r.dryRun { - err = githubClient.CreateComment(r.org, r.repo, r.num, botReviewComment) - if err != nil { - return fmt.Errorf("error while creating review comment: %v", err) - } - } else { - r.l.Info(fmt.Sprintf("dry-run: %s/%s#%d <- %s", r.org, r.repo, r.num, botReviewComment)) + isApproved, canMerge = isApproved && reviewResult.IsApproved(), canMerge && reviewResult.CanMerge() + botReviewComments = append(botReviewComments, fmt.Sprintf("%s", reviewResult)) + } + approveLabels := unapprovePRComment + if isApproved { + approveLabels = approvePRComment + } + holdComment := holdPRComment + if canMerge { + holdComment = unholdPRComment + } + botReviewComment := fmt.Sprintf( + botReviewCommentPattern, + botUser.Login, + "* "+strings.Join(botReviewComments, "\n* "), + approveLabels, + holdComment, + ) + if !r.dryRun { + err = githubClient.CreateComment(r.org, r.repo, r.num, botReviewComment) + if err != nil { + return fmt.Errorf("error while creating review comment: %v", err) } + } else { + r.l.Info(fmt.Sprintf("dry-run: %s/%s#%d <- %s", r.org, r.repo, r.num, botReviewComment)) } return nil } From bc9dc3afba88b66c9a42f421368321cfdcff93f2 Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Fri, 7 Jul 2023 15:12:49 +0200 Subject: [PATCH 09/17] fix, test: bazel setup, unit test Signed-off-by: Daniel Hiller --- external-plugins/botreview/review/BUILD.bazel | 10 ++++++++- .../botreview/review/prow_autobump_test.go | 1 - external-plugins/botreview/server/BUILD.bazel | 1 - robots/cmd/botreview/BUILD.bazel | 22 +++++++++++++++++++ 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/external-plugins/botreview/review/BUILD.bazel b/external-plugins/botreview/review/BUILD.bazel index 89414a4904..942a00a4fd 100644 --- a/external-plugins/botreview/review/BUILD.bazel +++ b/external-plugins/botreview/review/BUILD.bazel @@ -3,18 +3,26 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") go_library( name = "go_default_library", srcs = [ + "bump_kubevirtci.go", "image_update.go", + "prow_autobump.go", "review.go", ], importpath = "kubevirt.io/project-infra/external-plugins/botreview/review", visibility = ["//visibility:public"], - deps = ["@com_github_sourcegraph_go_diff//diff:go_default_library"], + deps = [ + "@com_github_sirupsen_logrus//:go_default_library", + "@com_github_sourcegraph_go_diff//diff:go_default_library", + "@io_k8s_test_infra//prow/github:go_default_library", + ], ) go_test( name = "go_default_test", srcs = [ + "bump_kubevirtci_test.go", "image_update_test.go", + "prow_autobump_test.go", "review_test.go", ], data = glob(["testdata/**"]), diff --git a/external-plugins/botreview/review/prow_autobump_test.go b/external-plugins/botreview/review/prow_autobump_test.go index 3d739a25cd..3ec3b2b3a4 100644 --- a/external-plugins/botreview/review/prow_autobump_test.go +++ b/external-plugins/botreview/review/prow_autobump_test.go @@ -97,7 +97,6 @@ func TestProwAutobump_Review(t1 *testing.T) { diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml"], diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml"], diff --git a/external-plugins/botreview/server/BUILD.bazel b/external-plugins/botreview/server/BUILD.bazel index fc8a6f3b56..e4c96dc409 100644 --- a/external-plugins/botreview/server/BUILD.bazel +++ b/external-plugins/botreview/server/BUILD.bazel @@ -8,7 +8,6 @@ go_library( deps = [ "//external-plugins/botreview/review:go_default_library", "@com_github_sirupsen_logrus//:go_default_library", - "@com_github_sourcegraph_go_diff//diff:go_default_library", "@io_k8s_test_infra//prow/config:go_default_library", "@io_k8s_test_infra//prow/github:go_default_library", "@io_k8s_test_infra//prow/pluginhelp:go_default_library", diff --git a/robots/cmd/botreview/BUILD.bazel b/robots/cmd/botreview/BUILD.bazel index e69de29bb2..cfeca35fb2 100644 --- a/robots/cmd/botreview/BUILD.bazel +++ b/robots/cmd/botreview/BUILD.bazel @@ -0,0 +1,22 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") + +go_library( + name = "go_default_library", + srcs = ["main.go"], + importpath = "kubevirt.io/project-infra/robots/cmd/botreview", + visibility = ["//visibility:private"], + deps = [ + "//external-plugins/botreview/review:go_default_library", + "@com_github_sirupsen_logrus//:go_default_library", + "@io_k8s_test_infra//pkg/flagutil:go_default_library", + "@io_k8s_test_infra//prow/config/secret:go_default_library", + "@io_k8s_test_infra//prow/flagutil:go_default_library", + "@io_k8s_test_infra//prow/github:go_default_library", + ], +) + +go_binary( + name = "botreview", + embed = [":go_default_library"], + visibility = ["//visibility:public"], +) From 98be0e8d3ae90d56b927597516e682f14a9078cc Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Mon, 17 Jul 2023 16:08:00 +0200 Subject: [PATCH 10/17] fix: handle comment length Use file names only for comment if otherwise too long Signed-off-by: Daniel Hiller --- .../botreview/review/bump_kubevirtci.go | 78 +++++++++++++------ .../botreview/review/bump_kubevirtci_test.go | 2 +- .../botreview/review/image_update.go | 42 ++++++---- .../botreview/review/image_update_test.go | 4 +- .../botreview/review/prow_autobump.go | 41 ++++++++-- .../botreview/review/prow_autobump_test.go | 6 +- external-plugins/botreview/review/review.go | 25 ++++++ 7 files changed, 149 insertions(+), 49 deletions(-) diff --git a/external-plugins/botreview/review/bump_kubevirtci.go b/external-plugins/botreview/review/bump_kubevirtci.go index 82009dd47b..61eac59229 100644 --- a/external-plugins/botreview/review/bump_kubevirtci.go +++ b/external-plugins/botreview/review/bump_kubevirtci.go @@ -30,7 +30,7 @@ const ( bumpKubevirtCIApproveComment = `:thumbsup: This looks like a simple kubevirtci bump.` bumpKubevirtCIDisapproveComment = `:thumbsdown: This doesn't look like a simple kubevirtci bump. -These are the suspicious hunks I found: +I found suspicious hunks: ` ) @@ -45,7 +45,7 @@ func init() { } type BumpKubevirtCIResult struct { - notMatchingHunks []*diff.Hunk + notMatchingHunks map[string][]*diff.Hunk } func (r BumpKubevirtCIResult) IsApproved() bool { @@ -57,12 +57,39 @@ func (r BumpKubevirtCIResult) CanMerge() bool { } func (r BumpKubevirtCIResult) String() string { - if len(r.notMatchingHunks) == 0 { + if r.IsApproved() { return bumpKubevirtCIApproveComment } else { comment := bumpKubevirtCIDisapproveComment - for _, hunk := range r.notMatchingHunks { - comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + for fileName, hunks := range r.notMatchingHunks { + comment += fmt.Sprintf("\nFile: `%s`", fileName) + for _, hunk := range hunks { + comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + } + } + return comment + } +} + +func (r *BumpKubevirtCIResult) AddReviewFailure(fileName string, hunks ...*diff.Hunk) { + if r.notMatchingHunks == nil { + r.notMatchingHunks = make(map[string][]*diff.Hunk) + } + if _, exists := r.notMatchingHunks[fileName]; !exists { + r.notMatchingHunks[fileName] = hunks + } else { + r.notMatchingHunks[fileName] = append(r.notMatchingHunks[fileName], hunks...) + } +} + +func (r BumpKubevirtCIResult) ShortString() string { + if r.IsApproved() { + return bumpKubevirtCIApproveComment + } else { + comment := bumpKubevirtCIDisapproveComment + comment += fmt.Sprintf("\nFiles:") + for fileName := range r.notMatchingHunks { + comment += fmt.Sprintf("\n* `%s`", fileName) } return comment } @@ -70,7 +97,7 @@ func (r BumpKubevirtCIResult) String() string { type BumpKubevirtCI struct { relevantFileDiffs []*diff.FileDiff - notMatchingHunks []*diff.Hunk + unwantedFiles map[string][]*diff.Hunk } func (t *BumpKubevirtCI) IsRelevant() bool { @@ -85,7 +112,15 @@ func (t *BumpKubevirtCI) AddIfRelevant(fileDiff *diff.FileDiff) { fileName != "hack/config-default.sh" && !strings.HasPrefix(fileName, "cluster-up/") { for _, hunk := range fileDiff.Hunks { - t.notMatchingHunks = append(t.notMatchingHunks, hunk) + if t.unwantedFiles == nil { + t.unwantedFiles = make(map[string][]*diff.Hunk, 0) + } + _, exists := t.unwantedFiles[fileName] + if !exists { + t.unwantedFiles[fileName] = []*diff.Hunk{hunk} + } else { + t.unwantedFiles[fileName] = append(t.unwantedFiles[fileName], hunk) + } } return } @@ -98,31 +133,30 @@ func (t *BumpKubevirtCI) Review() BotReviewResult { for _, fileDiff := range t.relevantFileDiffs { fileName := strings.TrimPrefix(fileDiff.NewName, "b/") + var matcher *regexp.Regexp switch fileName { case "cluster-up-sha.txt": - for _, hunk := range fileDiff.Hunks { - if !bumpKubevirtCIClusterUpShaMatcher.Match(hunk.Body) { - result.notMatchingHunks = append(result.notMatchingHunks, hunk) - } - } + matcher = bumpKubevirtCIClusterUpShaMatcher case "hack/config-default.sh": - for _, hunk := range fileDiff.Hunks { - if !bumpKubevirtCIHackConfigDefaultMatcher.Match(hunk.Body) { - result.notMatchingHunks = append(result.notMatchingHunks, hunk) - } - } + matcher = bumpKubevirtCIHackConfigDefaultMatcher case "cluster-up/version.txt": + matcher = bumpKubevirtCIClusterUpVersionMatcher + default: + // no checks since we can't do anything reasonable here + continue + } + if matcher != nil { for _, hunk := range fileDiff.Hunks { - if !bumpKubevirtCIClusterUpVersionMatcher.Match(hunk.Body) { - result.notMatchingHunks = append(result.notMatchingHunks, hunk) + if !matcher.Match(hunk.Body) { + result.AddReviewFailure(fileDiff.NewName, hunk) } } - default: - // no checks since we can't do anything reasonable here } } - result.notMatchingHunks = append(result.notMatchingHunks, t.notMatchingHunks...) + for fileName, unwantedFiles := range t.unwantedFiles { + result.AddReviewFailure(fileName, unwantedFiles...) + } return result } diff --git a/external-plugins/botreview/review/bump_kubevirtci_test.go b/external-plugins/botreview/review/bump_kubevirtci_test.go index ca94cfb3cd..4e19eefb63 100644 --- a/external-plugins/botreview/review/bump_kubevirtci_test.go +++ b/external-plugins/botreview/review/bump_kubevirtci_test.go @@ -83,7 +83,7 @@ func TestBumpKubevirtCI_Review(t1 *testing.T) { }, }, want: &BumpKubevirtCIResult{ - notMatchingHunks: diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks, + notMatchingHunks: map[string][]*diff.Hunk{"github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml": diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks}, }, }, } diff --git a/external-plugins/botreview/review/image_update.go b/external-plugins/botreview/review/image_update.go index 0fad6c88c6..c84cf01a68 100644 --- a/external-plugins/botreview/review/image_update.go +++ b/external-plugins/botreview/review/image_update.go @@ -30,31 +30,29 @@ const ( prowJobImageUpdateApproveComment = `:thumbsup: This looks like a simple prow job image bump.` prowJobImageUpdateDisapproveComment = `:thumbsdown: This doesn't look like a simple prow job image bump. -These are the suspicious hunks I found: +I found suspicious hunks: ` ) var ( - prowJobImageUpdateHunkBodyMatcher *regexp.Regexp - prowJobReleaseBranchFileNameMatcher *regexp.Regexp -) - -func init() { - prowJobImageUpdateHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) + prowJobImageUpdateHunkBodyMatcher = regexp.MustCompile(`(?m)^(-[\s]+- image: [^\s]+$[\n]^\+[\s]+- image: [^\s]+|-[\s]+image: [^\s]+$[\n]^\+[\s]+image: [^\s]+)$`) prowJobReleaseBranchFileNameMatcher = regexp.MustCompile(`.*\/[\w-]+-[0-9-\.]+\.yaml`) -} +) type ProwJobImageUpdateResult struct { - notMatchingHunks []*diff.Hunk + notMatchingHunks map[string][]*diff.Hunk } func (r ProwJobImageUpdateResult) String() string { - if len(r.notMatchingHunks) == 0 { + if r.IsApproved() { return prowJobImageUpdateApproveComment } else { comment := prowJobImageUpdateDisapproveComment - for _, hunk := range r.notMatchingHunks { - comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + for fileName, hunks := range r.notMatchingHunks { + comment += fmt.Sprintf("\nFile: `%s`", fileName) + for _, hunk := range hunks { + comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + } } return comment } @@ -68,6 +66,23 @@ func (r ProwJobImageUpdateResult) CanMerge() bool { return true } +func (r *ProwJobImageUpdateResult) AddReviewFailure(fileName string, hunks ...*diff.Hunk) { + +} + +func (r ProwJobImageUpdateResult) ShortString() string { + if r.IsApproved() { + return prowJobImageUpdateApproveComment + } else { + comment := prowJobImageUpdateDisapproveComment + comment += fmt.Sprintf("\nFiles:") + for fileName := range r.notMatchingHunks { + comment += fmt.Sprintf("\n* `%s`", fileName) + } + return comment + } +} + type ProwJobImageUpdate struct { relevantFileDiffs []*diff.FileDiff notMatchingHunks []*diff.Hunk @@ -98,9 +113,10 @@ func (t *ProwJobImageUpdate) Review() BotReviewResult { result := &ProwJobImageUpdateResult{} for _, fileDiff := range t.relevantFileDiffs { + fileName := strings.TrimPrefix(fileDiff.NewName, "b/") for _, hunk := range fileDiff.Hunks { if !prowJobImageUpdateHunkBodyMatcher.Match(hunk.Body) { - result.notMatchingHunks = append(result.notMatchingHunks, hunk) + result.AddReviewFailure(fileName, hunk) } } } diff --git a/external-plugins/botreview/review/image_update_test.go b/external-plugins/botreview/review/image_update_test.go index d851d1ab85..13e5009e23 100644 --- a/external-plugins/botreview/review/image_update_test.go +++ b/external-plugins/botreview/review/image_update_test.go @@ -70,9 +70,7 @@ func TestProwJobImageUpdate_Review(t1 *testing.T) { }, }, want: &ProwJobImageUpdateResult{ - notMatchingHunks: []*diff.Hunk{ - diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks[0], - }, + notMatchingHunks: map[string][]*diff.Hunk{"github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml": {diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks[0]}}, }, }, } diff --git a/external-plugins/botreview/review/prow_autobump.go b/external-plugins/botreview/review/prow_autobump.go index b1b300c8a1..d9a16f474e 100644 --- a/external-plugins/botreview/review/prow_autobump.go +++ b/external-plugins/botreview/review/prow_autobump.go @@ -30,7 +30,7 @@ const ( prowAutobumpApproveComment = `:thumbsup: This looks like a simple prow autobump.` prowAutobumpDisapproveComment = `:thumbsdown: This doesn't look like a simple prow autobump. -These are the suspicious hunks I found: +I found suspicious hunks: ` ) @@ -41,7 +41,7 @@ func init() { } type ProwAutobumpResult struct { - notMatchingHunks []*diff.Hunk + notMatchingHunks map[string][]*diff.Hunk } func (r ProwAutobumpResult) String() string { @@ -49,8 +49,11 @@ func (r ProwAutobumpResult) String() string { return prowAutobumpApproveComment } else { comment := prowAutobumpDisapproveComment - for _, hunk := range r.notMatchingHunks { - comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + for fileName, hunks := range r.notMatchingHunks { + comment += fmt.Sprintf("\n%s", fileName) + for _, hunk := range hunks { + comment += fmt.Sprintf("\n```\n%s\n```", string(hunk.Body)) + } } return comment } @@ -64,6 +67,30 @@ func (r ProwAutobumpResult) CanMerge() bool { return false } +func (r *ProwAutobumpResult) AddReviewFailure(fileName string, hunks ...*diff.Hunk) { + if r.notMatchingHunks == nil { + r.notMatchingHunks = make(map[string][]*diff.Hunk) + } + if _, exists := r.notMatchingHunks[fileName]; !exists { + r.notMatchingHunks[fileName] = hunks + } else { + r.notMatchingHunks[fileName] = append(r.notMatchingHunks[fileName], hunks...) + } +} + +func (r ProwAutobumpResult) ShortString() string { + if r.IsApproved() { + return prowAutobumpApproveComment + } else { + comment := prowAutobumpDisapproveComment + comment += fmt.Sprintf("\nFiles:") + for fileName := range r.notMatchingHunks { + comment += fmt.Sprintf("\n* `%s`", fileName) + } + return comment + } +} + type ProwAutobump struct { relevantFileDiffs []*diff.FileDiff notMatchingHunks []*diff.Hunk @@ -87,9 +114,11 @@ func (t *ProwAutobump) Review() BotReviewResult { result := &ProwAutobumpResult{} for _, fileDiff := range t.relevantFileDiffs { + fileName := strings.TrimPrefix(fileDiff.NewName, "b/") for _, hunk := range fileDiff.Hunks { - if !prowAutobumpHunkBodyMatcher.Match(hunk.Body) { - result.notMatchingHunks = append(result.notMatchingHunks, hunk) + match := prowAutobumpHunkBodyMatcher.Match(hunk.Body) + if !match { + result.AddReviewFailure(fileName, hunk) } } } diff --git a/external-plugins/botreview/review/prow_autobump_test.go b/external-plugins/botreview/review/prow_autobump_test.go index 3ec3b2b3a4..35d5851813 100644 --- a/external-plugins/botreview/review/prow_autobump_test.go +++ b/external-plugins/botreview/review/prow_autobump_test.go @@ -104,10 +104,8 @@ func TestProwAutobump_Review(t1 *testing.T) { }, }, want: &ProwAutobumpResult{ - notMatchingHunks: []*diff.Hunk{ - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"].Hunks[0], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"].Hunks[1], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"].Hunks[2], + notMatchingHunks: map[string][]*diff.Hunk{ + "github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prowjob-crd/prowjob_customresourcedefinition.yaml": diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"].Hunks, }, }, }, diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go index 2795a7bd51..45b774de9f 100644 --- a/external-plugins/botreview/review/review.go +++ b/external-plugins/botreview/review/review.go @@ -42,6 +42,12 @@ type BotReviewResult interface { // CanMerge states if the pull request can get merged without any further action CanMerge() bool + + // AddReviewFailure stores the data of a hunk of code that failed review + AddReviewFailure(fileName string, hunks ...*diff.Hunk) + + // ShortString provides a short description of the review result + ShortString() string } func newPossibleReviewTypes() []KindOfChange { @@ -84,6 +90,14 @@ func (n BasicResult) CanMerge() bool { return false } +func (n BasicResult) AddReviewFailure(fileName string, hunks ...*diff.Hunk) { + panic("not implemented") +} + +func (n BasicResult) ShortString() string { + return n.String() +} + type Reviewer struct { l *logrus.Entry org string @@ -185,9 +199,11 @@ func (r *Reviewer) AttachReviewComments(botReviewResults []BotReviewResult, gith } isApproved, canMerge := true, true botReviewComments := make([]string, 0, len(botReviewResults)) + shortBotReviewComments := make([]string, 0, len(botReviewResults)) for _, reviewResult := range botReviewResults { isApproved, canMerge = isApproved && reviewResult.IsApproved(), canMerge && reviewResult.CanMerge() botReviewComments = append(botReviewComments, fmt.Sprintf("%s", reviewResult)) + shortBotReviewComments = append(shortBotReviewComments, fmt.Sprintf(reviewResult.ShortString())) } approveLabels := unapprovePRComment if isApproved { @@ -204,6 +220,15 @@ func (r *Reviewer) AttachReviewComments(botReviewResults []BotReviewResult, gith approveLabels, holdComment, ) + if len(botReviewComment) > 2<<15 { + botReviewComment = fmt.Sprintf( + botReviewCommentPattern, + botUser.Login, + "* "+strings.Join(shortBotReviewComments, "\n* "), + approveLabels, + holdComment, + ) + } if !r.dryRun { err = githubClient.CreateComment(r.org, r.repo, r.num, botReviewComment) if err != nil { From 8ca1dd5d2d2eb802b0252de4bba6b973f0a17aeb Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Wed, 12 Jul 2023 14:27:49 +0200 Subject: [PATCH 11/17] bazel, image, docs: botreview image Signed-off-by: Daniel Hiller --- WORKSPACE | 7 +++++ external-plugins/botreview/BUILD.bazel | 19 ++++++++++++++ external-plugins/botreview/Makefile | 17 ++++++++++++ external-plugins/botreview/README.md | 21 +++++++++++++++ .../project-infra-postsubmits.yaml | 26 +++++++++++++++++++ 5 files changed, 90 insertions(+) create mode 100644 external-plugins/botreview/Makefile create mode 100644 external-plugins/botreview/README.md diff --git a/WORKSPACE b/WORKSPACE index 5de5abbf62..d503245932 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -86,6 +86,13 @@ container_pull( tag = "v20210120-b86882c9314933ba1a0c77965ed9d54a747f7957", ) +container_pull( + name = "botreview-base", + registry = "index.docker.io", + repository = "alpine/git", + tag = "v2.40.1", +) + load( "@io_bazel_rules_docker//go:image.bzl", _go_image_repos = "repositories", diff --git a/external-plugins/botreview/BUILD.bazel b/external-plugins/botreview/BUILD.bazel index 7fa4938494..1363ac762d 100644 --- a/external-plugins/botreview/BUILD.bazel +++ b/external-plugins/botreview/BUILD.bazel @@ -21,3 +21,22 @@ go_binary( embed = [":go_default_library"], visibility = ["//visibility:public"], ) + +load("@io_bazel_rules_docker//go:image.bzl", "go_image") + +go_image( + name = "app", + base = "@infra-base//image", + embed = [":go_default_library"], +) + +load("@io_bazel_rules_docker//container:container.bzl", "container_push") + +container_push( + name = "push", + format = "Docker", + image = ":app", + registry = "quay.io", + repository = "kubevirtci/botreview", + tag = "{DOCKER_TAG}", +) diff --git a/external-plugins/botreview/Makefile b/external-plugins/botreview/Makefile new file mode 100644 index 0000000000..a0a84775da --- /dev/null +++ b/external-plugins/botreview/Makefile @@ -0,0 +1,17 @@ + +.PHONY: all clean format test push +all: format test push +bazelbin := bazelisk + +build: + $(bazelbin) build //external-plugins/botreview/... + +format: + gofmt -w . + +test: + $(bazelbin) test //external-plugins/botreview/... + +push: + $(bazelbin) run --stamp --workspace_status_command="./hack/print-workspace-status-no-git-tag.sh" //external-plugins/botreview:push + bash -x ../../hack/update-deployments-with-latest-image.sh quay.io/kubevirtci/botreview diff --git a/external-plugins/botreview/README.md b/external-plugins/botreview/README.md new file mode 100644 index 0000000000..22d7ee744f --- /dev/null +++ b/external-plugins/botreview/README.md @@ -0,0 +1,21 @@ +botreview plugin +================ + +Automates "simple reviews", meaning reviews that have been created by automation and where a review process can be easily put into code. + +Motivation +---------- +Most of the time `ci-maintainers` are looking at PRs that have been created by some kind of automation, i.e. the prow update mechanism, the prowjob image update, the kubevirtci bump, etc. +Updates in these PRs are mostly tedious to review for a human, since they contain lengthy repeated updates to some URLs or some image reference. A human could only look at these changes and try to manually spot errors in the references, which first of all is hard and second is already covered by the prow-deploy-presubmit. + +What `botreview` can at least do is automate what a human would do anyway, like applying an expected change pattern to the changes. And this is what botreview does. + +`botreview` has of course room for improval, i.e. it might generate a list of the images and check whether these are pullable, or even perform further checks on the images. **Note: the latter is not implemented (yet)** + +TODOs +----- + +* [ ] create image +* [ ] create deployment +* [ ] create service +* [ ] add secret diff --git a/github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml b/github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml index e767f788ea..63b7cc48a2 100644 --- a/github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml +++ b/github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml @@ -52,6 +52,32 @@ postsubmits: memory: "8Gi" limits: memory: "8Gi" + - name: publish-botreview-image + always_run: false + run_if_changed: "external-plugins/botreview/.*" + annotations: + testgrid-create-test-group: "false" + decorate: true + cluster: ibm-prow-jobs + max_concurrency: 1 + labels: + preset-bazel-cache: "true" + preset-kubevirtci-quay-credential: "true" + spec: + containers: + - image: quay.io/kubevirtci/bootstrap:v20230626-e1b7af2 + command: + - "/usr/local/bin/runner.sh" + - "/bin/bash" + - "-c" + - | + cat "$QUAY_PASSWORD" | docker login --username $(cat "$QUAY_USER") --password-stdin=true quay.io + make -C ./external-plugins/botreview push + resources: + requests: + memory: "8Gi" + limits: + memory: "8Gi" - name: publish-kubevirt-infra-bootstrap-image always_run: false run_if_changed: "images/kubevirt-infra-bootstrap/.*" From ab5fffecfe32cd0b9b5e12fb432a72c9c21d3f51 Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Fri, 17 Nov 2023 15:13:15 +0100 Subject: [PATCH 12/17] fix, image_update: add missing review failure Signed-off-by: Daniel Hiller --- external-plugins/botreview/review/image_update.go | 9 ++++++++- external-plugins/botreview/review/review_test.go | 3 +-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/external-plugins/botreview/review/image_update.go b/external-plugins/botreview/review/image_update.go index c84cf01a68..b61e1f5169 100644 --- a/external-plugins/botreview/review/image_update.go +++ b/external-plugins/botreview/review/image_update.go @@ -67,7 +67,14 @@ func (r ProwJobImageUpdateResult) CanMerge() bool { } func (r *ProwJobImageUpdateResult) AddReviewFailure(fileName string, hunks ...*diff.Hunk) { - + if r.notMatchingHunks == nil { + r.notMatchingHunks = make(map[string][]*diff.Hunk) + } + if _, exists := r.notMatchingHunks[fileName]; !exists { + r.notMatchingHunks[fileName] = hunks + } else { + r.notMatchingHunks[fileName] = append(r.notMatchingHunks[fileName], hunks...) + } } func (r ProwJobImageUpdateResult) ShortString() string { diff --git a/external-plugins/botreview/review/review_test.go b/external-plugins/botreview/review/review_test.go index a28b3f36a0..30001870ee 100644 --- a/external-plugins/botreview/review/review_test.go +++ b/external-plugins/botreview/review/review_test.go @@ -13,8 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright 2022 Red Hat, Inc. - * + * Copyright the KubeVirt Authors. */ package review From c48c19a232391b0954836b0494c5efb0a23cd6f3 Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Tue, 28 Nov 2023 18:37:01 +0100 Subject: [PATCH 13/17] image: add Containerfile for botreview Signed-off-by: Daniel Hiller --- images/botreview/Containerfile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 images/botreview/Containerfile diff --git a/images/botreview/Containerfile b/images/botreview/Containerfile new file mode 100644 index 0000000000..bb0361a982 --- /dev/null +++ b/images/botreview/Containerfile @@ -0,0 +1,16 @@ +FROM docker.io/library/golang:1.20 as builder + +WORKDIR /go/src/github.com/kubevirt/project-infra/ +RUN mkdir -p /go/src/kubevirt/ && \ + cd /go/src/kubevirt/ && \ + git clone https://github.com/dhiller/project-infra.git && \ + cd project-infra/ && \ + git checkout botreview && \ + go mod vendor && \ + env GOPROXY=off GOFLAGS=-mod=vendor CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /go/bin/botreview ./external-plugins/botreview/main.go + +FROM gcr.io/k8s-prow/git:v20220523-6026203ca9 + +COPY --from=builder /go/bin/botreview /usr/bin/botreview + +ENTRYPOINT ["/usr/bin/botreview"] From b74710073abc1f7bca4f8bff88d33dd953814e1b Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Tue, 28 Nov 2023 12:47:57 +0100 Subject: [PATCH 14/17] prow, deployment: create deployment, add to external_plugins config Fix copyright notice, pass through dry run and add checkout in server mode. Add server checkout. Don't attach comment if the review didn't match any type. Use latest tag for botreview image. Fix bazel with gazelle. Signed-off-by: Daniel Hiller --- external-plugins/botreview/README.md | 10 +--- external-plugins/botreview/main.go | 10 ++-- external-plugins/botreview/review/BUILD.bazel | 1 + .../botreview/review/bump_kubevirtci.go | 2 +- .../botreview/review/bump_kubevirtci_test.go | 2 +- .../botreview/review/image_update.go | 2 +- .../botreview/review/image_update_test.go | 2 +- .../botreview/review/prow_autobump.go | 2 +- .../botreview/review/prow_autobump_test.go | 2 +- external-plugins/botreview/review/review.go | 28 ++++++++- external-plugins/botreview/server/BUILD.bazel | 1 + external-plugins/botreview/server/server.go | 60 +++++++++++++++---- .../base/configs/current/plugins/plugins.yaml | 4 ++ .../kustom/base/kustomization.yaml | 2 + .../manifests/local/botreview-deployment.yaml | 57 ++++++++++++++++++ .../manifests/local/botreview-service.yaml | 13 ++++ images/botreview/Containerfile | 3 +- robots/cmd/botreview/main.go | 42 ++++++------- 18 files changed, 185 insertions(+), 58 deletions(-) create mode 100644 github/ci/prow-deploy/kustom/base/manifests/local/botreview-deployment.yaml create mode 100644 github/ci/prow-deploy/kustom/base/manifests/local/botreview-service.yaml diff --git a/external-plugins/botreview/README.md b/external-plugins/botreview/README.md index 22d7ee744f..0a6e6b8fd1 100644 --- a/external-plugins/botreview/README.md +++ b/external-plugins/botreview/README.md @@ -10,12 +10,4 @@ Updates in these PRs are mostly tedious to review for a human, since they contai What `botreview` can at least do is automate what a human would do anyway, like applying an expected change pattern to the changes. And this is what botreview does. -`botreview` has of course room for improval, i.e. it might generate a list of the images and check whether these are pullable, or even perform further checks on the images. **Note: the latter is not implemented (yet)** - -TODOs ------ - -* [ ] create image -* [ ] create deployment -* [ ] create service -* [ ] add secret +`botreview` has of course room for improval, i.e. it might generate a list of the images and check whether these are pull-able, or even perform further checks on the images. **Note: the latter is not implemented (yet)** diff --git a/external-plugins/botreview/main.go b/external-plugins/botreview/main.go index 481e1620c1..1d7aa419d1 100644 --- a/external-plugins/botreview/main.go +++ b/external-plugins/botreview/main.go @@ -13,8 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright 2022 Red Hat, Inc. - * + * Copyright the KubeVirt Authors. */ package main @@ -107,8 +106,11 @@ func main() { TokenGenerator: secret.GetTokenGenerator(o.webhookSecretFile), BotName: botUserData.Name, - Ghc: githubClient, - Log: log, + GitClient: gitClient, + Ghc: githubClient, + Log: log, + + DryRun: o.dryRun, } mux := http.NewServeMux() diff --git a/external-plugins/botreview/review/BUILD.bazel b/external-plugins/botreview/review/BUILD.bazel index 942a00a4fd..0292b3c11f 100644 --- a/external-plugins/botreview/review/BUILD.bazel +++ b/external-plugins/botreview/review/BUILD.bazel @@ -13,6 +13,7 @@ go_library( deps = [ "@com_github_sirupsen_logrus//:go_default_library", "@com_github_sourcegraph_go_diff//diff:go_default_library", + "@io_k8s_test_infra//prow/git:go_default_library", "@io_k8s_test_infra//prow/github:go_default_library", ], ) diff --git a/external-plugins/botreview/review/bump_kubevirtci.go b/external-plugins/botreview/review/bump_kubevirtci.go index 61eac59229..0766e128a8 100644 --- a/external-plugins/botreview/review/bump_kubevirtci.go +++ b/external-plugins/botreview/review/bump_kubevirtci.go @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright 2022 Red Hat, Inc. + * Copyright the KubeVirt authors. * */ diff --git a/external-plugins/botreview/review/bump_kubevirtci_test.go b/external-plugins/botreview/review/bump_kubevirtci_test.go index 4e19eefb63..69f938c99f 100644 --- a/external-plugins/botreview/review/bump_kubevirtci_test.go +++ b/external-plugins/botreview/review/bump_kubevirtci_test.go @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright 2022 Red Hat, Inc. + * Copyright the KubeVirt authors. * */ diff --git a/external-plugins/botreview/review/image_update.go b/external-plugins/botreview/review/image_update.go index b61e1f5169..87f6ef445b 100644 --- a/external-plugins/botreview/review/image_update.go +++ b/external-plugins/botreview/review/image_update.go @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright 2022 Red Hat, Inc. + * Copyright the KubeVirt authors. * */ diff --git a/external-plugins/botreview/review/image_update_test.go b/external-plugins/botreview/review/image_update_test.go index 13e5009e23..4b60020947 100644 --- a/external-plugins/botreview/review/image_update_test.go +++ b/external-plugins/botreview/review/image_update_test.go @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright 2022 Red Hat, Inc. + * Copyright the KubeVirt authors. * */ diff --git a/external-plugins/botreview/review/prow_autobump.go b/external-plugins/botreview/review/prow_autobump.go index d9a16f474e..b97c31d972 100644 --- a/external-plugins/botreview/review/prow_autobump.go +++ b/external-plugins/botreview/review/prow_autobump.go @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright 2022 Red Hat, Inc. + * Copyright the KubeVirt authors. * */ diff --git a/external-plugins/botreview/review/prow_autobump_test.go b/external-plugins/botreview/review/prow_autobump_test.go index 35d5851813..27bf4dd74d 100644 --- a/external-plugins/botreview/review/prow_autobump_test.go +++ b/external-plugins/botreview/review/prow_autobump_test.go @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright 2022 Red Hat, Inc. + * Copyright the KubeVirt authors. * */ diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go index 45b774de9f..4d10c65d21 100644 --- a/external-plugins/botreview/review/review.go +++ b/external-plugins/botreview/review/review.go @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * Copyright 2022 Red Hat, Inc. + * Copyright the KubeVirt authors. * */ @@ -23,6 +23,7 @@ import ( "fmt" "github.com/sirupsen/logrus" "github.com/sourcegraph/go-diff/diff" + "k8s.io/test-infra/prow/git" "k8s.io/test-infra/prow/github" "os/exec" "strings" @@ -239,3 +240,28 @@ func (r *Reviewer) AttachReviewComments(botReviewResults []BotReviewResult, gith } return nil } + +type PRReviewOptions struct { + PullRequestNumber int + Org string + Repo string +} + +func PreparePullRequestReview(gitClient *git.Client, prReviewOptions PRReviewOptions, githubClient github.Client) (*github.PullRequest, string, error) { + // checkout repo to a temporary directory to have it reviewed + clone, err := gitClient.Clone(prReviewOptions.Org, prReviewOptions.Repo) + if err != nil { + logrus.WithError(err).Fatal("error cloning repo") + } + + // checkout PR head commit, change dir + pullRequest, err := githubClient.GetPullRequest(prReviewOptions.Org, prReviewOptions.Repo, prReviewOptions.PullRequestNumber) + if err != nil { + logrus.WithError(err).Fatal("error fetching PR") + } + err = clone.Checkout(pullRequest.Head.SHA) + if err != nil { + logrus.WithError(err).Fatal("error checking out PR head commit") + } + return pullRequest, clone.Directory(), err +} diff --git a/external-plugins/botreview/server/BUILD.bazel b/external-plugins/botreview/server/BUILD.bazel index e4c96dc409..1180d13b8b 100644 --- a/external-plugins/botreview/server/BUILD.bazel +++ b/external-plugins/botreview/server/BUILD.bazel @@ -9,6 +9,7 @@ go_library( "//external-plugins/botreview/review:go_default_library", "@com_github_sirupsen_logrus//:go_default_library", "@io_k8s_test_infra//prow/config:go_default_library", + "@io_k8s_test_infra//prow/git:go_default_library", "@io_k8s_test_infra//prow/github:go_default_library", "@io_k8s_test_infra//prow/pluginhelp:go_default_library", ], diff --git a/external-plugins/botreview/server/server.go b/external-plugins/botreview/server/server.go index 4def1c6364..8ee7361aaf 100644 --- a/external-plugins/botreview/server/server.go +++ b/external-plugins/botreview/server/server.go @@ -1,13 +1,33 @@ +/* + * This file is part of the KubeVirt project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright the KubeVirt Authors. + */ + package server import ( "encoding/json" "github.com/sirupsen/logrus" "k8s.io/test-infra/prow/config" + "k8s.io/test-infra/prow/git" "k8s.io/test-infra/prow/github" "k8s.io/test-infra/prow/pluginhelp" "kubevirt.io/project-infra/external-plugins/botreview/review" "net/http" + "os" ) const pluginName = "botreview" @@ -32,10 +52,10 @@ func HelpProvider(_ []config.OrgRepo) (*pluginhelp.PluginHelp, error) { } pluginHelp.AddCommand(pluginhelp.Command{ Usage: "/botreview", - Description: "Mark a PR or issue as a release blocker.", + Description: "Trigger review of a PR.", Featured: true, WhoCanUse: "Project members", - Examples: []string{"/release-blocker release-3.9", "/release-blocker release-1.15"}, + Examples: []string{"/botreview"}, }) return pluginHelp, nil } @@ -46,9 +66,13 @@ type Server struct { TokenGenerator func() []byte BotName string - // Used for unit testing - Ghc githubClient + GitClient *git.Client + Ghc github.Client + Log *logrus.Entry + + // Whether to create comments on PRs or to just write them to the log + DryRun bool } // ServeHTTP validates an incoming webhook and puts it into the event channel. @@ -109,18 +133,30 @@ func (s *Server) handlePullRequest(l *logrus.Entry, action github.PullRequestEve l.Info("skipping review") return nil } - - // TODO: make dryRun configurable - reviewer := review.NewReviewer(l, action, org, repo, num, user, true) - botReviewResults, err := reviewer.ReviewLocalCode() + prReviewOptions := review.PRReviewOptions{ + PullRequestNumber: num, + Org: org, + Repo: repo, + } + pullRequest, cloneDirectory, err := review.PreparePullRequestReview(s.GitClient, prReviewOptions, s.Ghc) if err != nil { - return err + logrus.WithError(err).Fatal("error preparing pull request for review") + } + err = os.Chdir(cloneDirectory) + if err != nil { + logrus.WithError(err).Fatal("error changing to directory") } - // TODO: casting will NOT work here - err = reviewer.AttachReviewComments(botReviewResults, s.Ghc.(github.Client)) + reviewer := review.NewReviewer(l, action, org, repo, num, user, s.DryRun) + reviewer.BaseSHA = pullRequest.Base.SHA + botReviewResults, err := reviewer.ReviewLocalCode() if err != nil { return err } - return nil + logrus.Infof("bot review results: %v", botReviewResults) + if len(botReviewResults) == 0 { + return nil + } + + return reviewer.AttachReviewComments(botReviewResults, s.Ghc) } diff --git a/github/ci/prow-deploy/kustom/base/configs/current/plugins/plugins.yaml b/github/ci/prow-deploy/kustom/base/configs/current/plugins/plugins.yaml index 171191c697..79d2745732 100644 --- a/github/ci/prow-deploy/kustom/base/configs/current/plugins/plugins.yaml +++ b/github/ci/prow-deploy/kustom/base/configs/current/plugins/plugins.yaml @@ -524,6 +524,10 @@ external_plugins: events: - pull_request - issue_comment + - name: botreview + endpoint: http://botreview:9900 + events: + - pull_request triggers: - repos: diff --git a/github/ci/prow-deploy/kustom/base/kustomization.yaml b/github/ci/prow-deploy/kustom/base/kustomization.yaml index 050b53e82c..e3f153f446 100644 --- a/github/ci/prow-deploy/kustom/base/kustomization.yaml +++ b/github/ci/prow-deploy/kustom/base/kustomization.yaml @@ -1,4 +1,6 @@ resources: + - manifests/local/botreview-deployment.yaml + - manifests/local/botreview-service.yaml - manifests/local/branch-protector.yaml - manifests/local/cherrypicker_deployment.yaml - manifests/local/cherrypicker_service.yaml diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/botreview-deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/botreview-deployment.yaml new file mode 100644 index 0000000000..fc9bb33931 --- /dev/null +++ b/github/ci/prow-deploy/kustom/base/manifests/local/botreview-deployment.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: botreview + labels: + app: botreview +spec: + replicas: 1 + selector: + matchLabels: + app: botreview + template: + metadata: + labels: + app: botreview + spec: + terminationGracePeriodSeconds: 180 + containers: + - name: botreview + # FIXME: change tag to proper version after initial testing is done and there's a postsubmit that updates botreview images + image: quay.io/kubevirtci/botreview:latest + args: + # FIXME: stay with dry run for now + - --dry-run=true + - --port=9900 + - --github-token-path=/etc/github/oauth + - --github-endpoint=http://ghproxy + - --github-endpoint=https://api.github.com + ports: + - name: http + containerPort: 9900 + volumeMounts: + - name: hmac + mountPath: /etc/webhook + readOnly: true + - name: oauth + mountPath: /etc/github + readOnly: true + - name: plugins + mountPath: /etc/plugins + readOnly: true + - name: cache + mountPath: /var/run/cache + readOnly: false + volumes: + - name: hmac + secret: + secretName: hmac-token + - name: oauth + secret: + secretName: oauth-token + - name: plugins + configMap: + name: plugins + - name: cache + emptyDir: {} diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/botreview-service.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/botreview-service.yaml new file mode 100644 index 0000000000..9f5fc9d2bf --- /dev/null +++ b/github/ci/prow-deploy/kustom/base/manifests/local/botreview-service.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: botreview +spec: + ports: + - port: 9900 + protocol: TCP + targetPort: 9900 + selector: + app: botreview + type: ClusterIP diff --git a/images/botreview/Containerfile b/images/botreview/Containerfile index bb0361a982..4c4c0a66c8 100644 --- a/images/botreview/Containerfile +++ b/images/botreview/Containerfile @@ -1,11 +1,12 @@ FROM docker.io/library/golang:1.20 as builder WORKDIR /go/src/github.com/kubevirt/project-infra/ +# FIXME: switch to https://github.com/kubevirt/project-infra.git when creating postsubmit for image creation RUN mkdir -p /go/src/kubevirt/ && \ cd /go/src/kubevirt/ && \ git clone https://github.com/dhiller/project-infra.git && \ cd project-infra/ && \ - git checkout botreview && \ + git checkout d0387efd4297294de17a2a84a3cc1a5155e12ba3 && \ go mod vendor && \ env GOPROXY=off GOFLAGS=-mod=vendor CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /go/bin/botreview ./external-plugins/botreview/main.go diff --git a/robots/cmd/botreview/main.go b/robots/cmd/botreview/main.go index c50bfda606..83d94ae8f8 100644 --- a/robots/cmd/botreview/main.go +++ b/robots/cmd/botreview/main.go @@ -39,9 +39,7 @@ func init() { } type options struct { - pullRequestNumber int - org string - repo string + review.PRReviewOptions dryRun bool github prowflagutil.GitHubOptions @@ -55,7 +53,7 @@ func (o *options) Validate() error { } } - if o.org == "" || o.repo == "" || o.pullRequestNumber == 0 { + if o.Org == "" || o.Repo == "" || o.PullRequestNumber == 0 { return fmt.Errorf("org, repo and pr-number are required") } @@ -66,9 +64,9 @@ func gatherOptions() options { o := options{} fs := flag.NewFlagSet(os.Args[0], flag.ExitOnError) fs.BoolVar(&o.dryRun, "dry-run", true, "Dry run for testing. Uses API tokens but does not mutate.") - fs.StringVar(&o.org, "org", "kubevirt", "Pull request github org.") - fs.StringVar(&o.repo, "repo", "", "Pull request github repo.") - fs.IntVar(&o.pullRequestNumber, "pr-number", 0, "Pull request to review.") + fs.StringVar(&o.Org, "org", "kubevirt", "Pull request github org.") + fs.StringVar(&o.Repo, "repo", "", "Pull request github repo.") + fs.IntVar(&o.PullRequestNumber, "pr-number", 0, "Pull request to review.") for _, group := range []flagutil.OptionGroup{&o.github} { group.AddFlags(fs) } @@ -93,33 +91,27 @@ func main() { if err != nil { logrus.WithError(err).Fatal("error getting Git client") } - user, err := githubClient.BotUser() - if err != nil { - logrus.WithError(err).Fatal("error getting bot user") - } - - // checkout repo to a temporary directory to have it reviewed - clone, err := gitClient.Clone(o.org, o.repo) - if err != nil { - logrus.WithError(err).Fatal("error cloning repo") - } - // checkout PR head commit, change dir - pullRequest, err := githubClient.GetPullRequest(o.org, o.repo, o.pullRequestNumber) - if err != nil { - logrus.WithError(err).Fatal("error fetching PR") + prReviewOptions := review.PRReviewOptions{ + PullRequestNumber: o.PullRequestNumber, + Org: o.Org, + Repo: o.Repo, } - err = clone.Checkout(pullRequest.Head.SHA) + pullRequest, cloneDirectory, err := review.PreparePullRequestReview(gitClient, prReviewOptions, githubClient) if err != nil { - logrus.WithError(err).Fatal("error checking out PR head commit") + logrus.WithError(err).Fatal("error preparing pull request for review") } - err = os.Chdir(clone.Directory()) + err = os.Chdir(cloneDirectory) if err != nil { logrus.WithError(err).Fatal("error changing to directory") } // Perform review - reviewer := review.NewReviewer(log, github.PullRequestActionEdited, o.org, o.repo, o.pullRequestNumber, user.Login, o.dryRun) + user, err := githubClient.BotUser() + if err != nil { + logrus.WithError(err).Fatal("error getting bot user") + } + reviewer := review.NewReviewer(log, github.PullRequestActionEdited, o.Org, o.Repo, o.PullRequestNumber, user.Login, o.dryRun) reviewer.BaseSHA = pullRequest.Base.SHA botReviewResults, err := reviewer.ReviewLocalCode() if err != nil { From f3105a9cc116c0a2a0bcfcadeaf1713914f53187 Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Mon, 4 Dec 2023 13:19:10 +0100 Subject: [PATCH 15/17] review: address comments Signed-off-by: Daniel Hiller --- WORKSPACE | 7 -- external-plugins/botreview/Makefile | 3 +- external-plugins/botreview/README.md | 2 +- .../botreview/review/bump_kubevirtci_test.go | 44 +++++----- .../botreview/review/image_update_test.go | 20 ++--- .../botreview/review/prow_autobump_test.go | 82 +++++++++---------- external-plugins/botreview/review/review.go | 24 ------ .../botreview/review/review_test.go | 30 +++---- .../project-infra-postsubmits.yaml | 5 +- go.mod | 2 - images/botreview/Containerfile | 9 +- 11 files changed, 95 insertions(+), 133 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index d503245932..5de5abbf62 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -86,13 +86,6 @@ container_pull( tag = "v20210120-b86882c9314933ba1a0c77965ed9d54a747f7957", ) -container_pull( - name = "botreview-base", - registry = "index.docker.io", - repository = "alpine/git", - tag = "v2.40.1", -) - load( "@io_bazel_rules_docker//go:image.bzl", _go_image_repos = "repositories", diff --git a/external-plugins/botreview/Makefile b/external-plugins/botreview/Makefile index a0a84775da..ae7e80a401 100644 --- a/external-plugins/botreview/Makefile +++ b/external-plugins/botreview/Makefile @@ -13,5 +13,4 @@ test: $(bazelbin) test //external-plugins/botreview/... push: - $(bazelbin) run --stamp --workspace_status_command="./hack/print-workspace-status-no-git-tag.sh" //external-plugins/botreview:push - bash -x ../../hack/update-deployments-with-latest-image.sh quay.io/kubevirtci/botreview + podman build -f ./images/botreview/Containerfile -t quay.io/kubevirtci/botreview:latest && podman push quay.io/kubevirtci/botreview:latest diff --git a/external-plugins/botreview/README.md b/external-plugins/botreview/README.md index 0a6e6b8fd1..10b9146be1 100644 --- a/external-plugins/botreview/README.md +++ b/external-plugins/botreview/README.md @@ -10,4 +10,4 @@ Updates in these PRs are mostly tedious to review for a human, since they contai What `botreview` can at least do is automate what a human would do anyway, like applying an expected change pattern to the changes. And this is what botreview does. -`botreview` has of course room for improval, i.e. it might generate a list of the images and check whether these are pull-able, or even perform further checks on the images. **Note: the latter is not implemented (yet)** +`botreview` has of course room for improvement, i.e. it might generate a list of the images and check whether these are pullable, or even perform further checks on the images. **Note: the latter is not implemented (yet)** diff --git a/external-plugins/botreview/review/bump_kubevirtci_test.go b/external-plugins/botreview/review/bump_kubevirtci_test.go index 69f938c99f..48e8d72b32 100644 --- a/external-plugins/botreview/review/bump_kubevirtci_test.go +++ b/external-plugins/botreview/review/bump_kubevirtci_test.go @@ -28,26 +28,26 @@ import ( ) func TestBumpKubevirtCI_Review(t1 *testing.T) { - diffFilePathes := []string{} + diffFilePaths := []string{} entries, err := os.ReadDir("testdata/kubevirtci-bump") if err != nil { t1.Errorf("failed to read files: %v", err) } for _, entry := range entries { - diffFilePathes = append(diffFilePathes, filepath.Join("testdata/kubevirtci-bump", entry.Name())) + diffFilePaths = append(diffFilePaths, filepath.Join("testdata/kubevirtci-bump", entry.Name())) } - diffFilePathes = append(diffFilePathes, "testdata/mixed_bump_prow_job.patch0") - diffFilePathesToDiffs := map[string]*diff.FileDiff{} - for _, diffFile := range diffFilePathes { - bump_images_diff_file, err := os.ReadFile(diffFile) + diffFilePaths = append(diffFilePaths, "testdata/mixed_bump_prow_job.patch0") + diffFilePathsToDiffs := map[string]*diff.FileDiff{} + for _, diffFile := range diffFilePaths { + bumpImagesDiffFile, err := os.ReadFile(diffFile) if err != nil { t1.Errorf("failed to read diff: %v", err) } - bump_file_diffs, err := diff.ParseFileDiff(bump_images_diff_file) + bumpFileDiffs, err := diff.ParseFileDiff(bumpImagesDiffFile) if err != nil { t1.Errorf("failed to read diff: %v", err) } - diffFilePathesToDiffs[diffFile] = bump_file_diffs + diffFilePathsToDiffs[diffFile] = bumpFileDiffs } type fields struct { relevantFileDiffs []*diff.FileDiff @@ -61,14 +61,14 @@ func TestBumpKubevirtCI_Review(t1 *testing.T) { name: "simple prow autobump", fields: fields{ relevantFileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up-sha.txt"], - diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh"], - diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_sriov-node_node.sh"], - diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind_common.sh"], - diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind_configure-registry-proxy.sh"], - diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_hack_common.sh"], - diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_version.txt"], - diffFilePathesToDiffs["testdata/kubevirtci-bump/hack_config-default.sh"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/cluster-up-sha.txt"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_sriov-node_node.sh"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind_common.sh"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind_configure-registry-proxy.sh"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/cluster-up_hack_common.sh"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/cluster-up_version.txt"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/hack_config-default.sh"], }, }, want: &BumpKubevirtCIResult{}, @@ -77,21 +77,21 @@ func TestBumpKubevirtCI_Review(t1 *testing.T) { name: "mixed image bump", fields: fields{ relevantFileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up-sha.txt"], - diffFilePathesToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh"], - diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/cluster-up-sha.txt"], + diffFilePathsToDiffs["testdata/kubevirtci-bump/cluster-up_cluster_kind-1.22-sriov_provider.sh"], + diffFilePathsToDiffs["testdata/mixed_bump_prow_job.patch0"], }, }, want: &BumpKubevirtCIResult{ - notMatchingHunks: map[string][]*diff.Hunk{"github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml": diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks}, + notMatchingHunks: map[string][]*diff.Hunk{"github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml": diffFilePathsToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks}, }, }, } for _, tt := range tests { t1.Run(tt.name, func(t1 *testing.T) { t := &BumpKubevirtCI{} - for _, diff := range tt.fields.relevantFileDiffs { - t.AddIfRelevant(diff) + for _, fileDiff := range tt.fields.relevantFileDiffs { + t.AddIfRelevant(fileDiff) } if got := t.Review(); !reflect.DeepEqual(got, tt.want) { t1.Errorf("Review() = %v, want %v", got, tt.want) diff --git a/external-plugins/botreview/review/image_update_test.go b/external-plugins/botreview/review/image_update_test.go index 4b60020947..545902217e 100644 --- a/external-plugins/botreview/review/image_update_test.go +++ b/external-plugins/botreview/review/image_update_test.go @@ -27,22 +27,22 @@ import ( ) func TestProwJobImageUpdate_Review(t1 *testing.T) { - diffFilePathes := []string{ + diffFilePaths := []string{ "testdata/simple_bump-prow-job-images_sh.patch0", "testdata/simple_bump-prow-job-images_sh.patch1", "testdata/mixed_bump_prow_job.patch0", } - diffFilePathesToDiffs := map[string]*diff.FileDiff{} - for _, diffFile := range diffFilePathes { - bump_images_diff_file, err := os.ReadFile(diffFile) + diffFilePathsToDiffs := map[string]*diff.FileDiff{} + for _, diffFile := range diffFilePaths { + bumpImagesDiffFile, err := os.ReadFile(diffFile) if err != nil { t1.Errorf("failed to read diff: %v", err) } - bump_file_diffs, err := diff.ParseFileDiff(bump_images_diff_file) + bumpFileDiffs, err := diff.ParseFileDiff(bumpImagesDiffFile) if err != nil { t1.Errorf("failed to read diff: %v", err) } - diffFilePathesToDiffs[diffFile] = bump_file_diffs + diffFilePathsToDiffs[diffFile] = bumpFileDiffs } type fields struct { relevantFileDiffs []*diff.FileDiff @@ -56,8 +56,8 @@ func TestProwJobImageUpdate_Review(t1 *testing.T) { name: "simple image bump", fields: fields{ relevantFileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], - diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], + diffFilePathsToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + diffFilePathsToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], }, }, want: &ProwJobImageUpdateResult{}, @@ -66,11 +66,11 @@ func TestProwJobImageUpdate_Review(t1 *testing.T) { name: "mixed image bump", fields: fields{ relevantFileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"], + diffFilePathsToDiffs["testdata/mixed_bump_prow_job.patch0"], }, }, want: &ProwJobImageUpdateResult{ - notMatchingHunks: map[string][]*diff.Hunk{"github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml": {diffFilePathesToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks[0]}}, + notMatchingHunks: map[string][]*diff.Hunk{"github/ci/prow-deploy/files/jobs/kubevirt/kubevirt/kubevirt-presubmits.yaml": {diffFilePathsToDiffs["testdata/mixed_bump_prow_job.patch0"].Hunks[0]}}, }, }, } diff --git a/external-plugins/botreview/review/prow_autobump_test.go b/external-plugins/botreview/review/prow_autobump_test.go index 27bf4dd74d..c60ebfbd23 100644 --- a/external-plugins/botreview/review/prow_autobump_test.go +++ b/external-plugins/botreview/review/prow_autobump_test.go @@ -28,25 +28,25 @@ import ( ) func TestProwAutobump_Review(t1 *testing.T) { - diffFilePathes := []string{} + diffFilePaths := []string{} entries, err := os.ReadDir("testdata/prow-autobump") if err != nil { t1.Errorf("failed to read files: %v", err) } for _, entry := range entries { - diffFilePathes = append(diffFilePathes, filepath.Join("testdata/prow-autobump", entry.Name())) + diffFilePaths = append(diffFilePaths, filepath.Join("testdata/prow-autobump", entry.Name())) } - diffFilePathesToDiffs := map[string]*diff.FileDiff{} - for _, diffFile := range diffFilePathes { - bump_images_diff_file, err := os.ReadFile(diffFile) + diffFilePathsToDiffs := map[string]*diff.FileDiff{} + for _, diffFile := range diffFilePaths { + bumpImagesDiffFile, err := os.ReadFile(diffFile) if err != nil { t1.Errorf("failed to read diff: %v", err) } - bump_file_diffs, err := diff.ParseFileDiff(bump_images_diff_file) + bumpFileDiffs, err := diff.ParseFileDiff(bumpImagesDiffFile) if err != nil { t1.Errorf("failed to read diff: %v", err) } - diffFilePathesToDiffs[diffFile] = bump_file_diffs + diffFilePathsToDiffs[diffFile] = bumpFileDiffs } type fields struct { relevantFileDiffs []*diff.FileDiff @@ -60,22 +60,22 @@ func TestProwAutobump_Review(t1 *testing.T) { name: "simple prow autobump", fields: fields{ relevantFileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml"], }, }, want: &ProwAutobumpResult{}, @@ -84,28 +84,28 @@ func TestProwAutobump_Review(t1 *testing.T) { name: "prow autobump with crd update", fields: fields{ relevantFileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml"], - diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_configs_current_config_config.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_branch-protector.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_cherrypicker_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-kubevirt.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_local_label-sync-nmstate.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_crier_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_deck_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_ghproxy.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_hook_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_horologium_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_needs-rebase_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prow_controller_manager_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_sinker_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_statusreconciler_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_tide_deployment.yaml"], + diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_overlays_ibmcloud-production_resources_prow-exporter-deployment.yaml"], }, }, want: &ProwAutobumpResult{ notMatchingHunks: map[string][]*diff.Hunk{ - "github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prowjob-crd/prowjob_customresourcedefinition.yaml": diffFilePathesToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"].Hunks, + "github/ci/prow-deploy/kustom/base/manifests/test_infra/current/prowjob-crd/prowjob_customresourcedefinition.yaml": diffFilePathsToDiffs["testdata/prow-autobump/github_ci_prow-deploy_kustom_base_manifests_test_infra_current_prowjob-crd_prowjob_customresourcedefinition.yaml"].Hunks, }, }, }, diff --git a/external-plugins/botreview/review/review.go b/external-plugins/botreview/review/review.go index 4d10c65d21..4d6751c914 100644 --- a/external-plugins/botreview/review/review.go +++ b/external-plugins/botreview/review/review.go @@ -75,30 +75,6 @@ func GuessReviewTypes(fileDiffs []*diff.FileDiff) []KindOfChange { return result } -type BasicResult struct { - message string -} - -func (n BasicResult) String() string { - return n.message -} - -func (n BasicResult) IsApproved() bool { - return false -} - -func (n BasicResult) CanMerge() bool { - return false -} - -func (n BasicResult) AddReviewFailure(fileName string, hunks ...*diff.Hunk) { - panic("not implemented") -} - -func (n BasicResult) ShortString() string { - return n.String() -} - type Reviewer struct { l *logrus.Entry org string diff --git a/external-plugins/botreview/review/review_test.go b/external-plugins/botreview/review/review_test.go index 30001870ee..18a5fee32d 100644 --- a/external-plugins/botreview/review/review_test.go +++ b/external-plugins/botreview/review/review_test.go @@ -26,23 +26,23 @@ import ( ) func TestGuessReviewTypes(t *testing.T) { - diffFilePathes := []string{ + diffFilePaths := []string{ "testdata/simple_bump-prow-job-images_sh.patch0", "testdata/simple_bump-prow-job-images_sh.patch1", "testdata/move_prometheus_stack.patch0", "testdata/move_prometheus_stack.patch1", } - diffFilePathesToDiffs := map[string]*diff.FileDiff{} - for _, diffFile := range diffFilePathes { - bump_images_diff_file, err := os.ReadFile(diffFile) + diffFilePathsToDiffs := map[string]*diff.FileDiff{} + for _, diffFile := range diffFilePaths { + bumpImagesDiffFile, err := os.ReadFile(diffFile) if err != nil { t.Errorf("failed to read diff: %v", err) } - bump_file_diffs, err := diff.ParseFileDiff(bump_images_diff_file) + bumpFileDiffs, err := diff.ParseFileDiff(bumpImagesDiffFile) if err != nil { t.Errorf("failed to read diff: %v", err) } - diffFilePathesToDiffs[diffFile] = bump_file_diffs + diffFilePathsToDiffs[diffFile] = bumpFileDiffs } type args struct { fileDiffs []*diff.FileDiff @@ -56,15 +56,15 @@ func TestGuessReviewTypes(t *testing.T) { name: "simple image bump should yield a change", args: args{ fileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], - diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], + diffFilePathsToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + diffFilePathsToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], }, }, want: []KindOfChange{ &ProwJobImageUpdate{ relevantFileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], - diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], + diffFilePathsToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + diffFilePathsToDiffs["testdata/simple_bump-prow-job-images_sh.patch1"], }, }, }, @@ -73,14 +73,14 @@ func TestGuessReviewTypes(t *testing.T) { name: "mixed with image bump should yield a partial change", args: args{ fileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], - diffFilePathesToDiffs["testdata/move_prometheus_stack.patch0"], + diffFilePathsToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + diffFilePathsToDiffs["testdata/move_prometheus_stack.patch0"], }, }, want: []KindOfChange{ &ProwJobImageUpdate{ relevantFileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], + diffFilePathsToDiffs["testdata/simple_bump-prow-job-images_sh.patch0"], }, }, }, @@ -89,8 +89,8 @@ func TestGuessReviewTypes(t *testing.T) { name: "non image bump should not yield a change", args: args{ fileDiffs: []*diff.FileDiff{ - diffFilePathesToDiffs["testdata/move_prometheus_stack.patch0"], - diffFilePathesToDiffs["testdata/move_prometheus_stack.patch1"], + diffFilePathsToDiffs["testdata/move_prometheus_stack.patch0"], + diffFilePathsToDiffs["testdata/move_prometheus_stack.patch1"], }, }, want: []KindOfChange{}, diff --git a/github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml b/github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml index 63b7cc48a2..191ce6ff3a 100644 --- a/github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml +++ b/github/ci/prow-deploy/files/jobs/kubevirt/project-infra/project-infra-postsubmits.yaml @@ -58,11 +58,12 @@ postsubmits: annotations: testgrid-create-test-group: "false" decorate: true - cluster: ibm-prow-jobs + cluster: kubevirt-prow-control-plane max_concurrency: 1 labels: preset-bazel-cache: "true" preset-kubevirtci-quay-credential: "true" + preset-podman-in-container-enabled: "true" spec: containers: - image: quay.io/kubevirtci/bootstrap:v20230626-e1b7af2 @@ -71,7 +72,7 @@ postsubmits: - "/bin/bash" - "-c" - | - cat "$QUAY_PASSWORD" | docker login --username $(cat "$QUAY_USER") --password-stdin=true quay.io + cat "$QUAY_PASSWORD" | podman login --username $(cat "$QUAY_USER") --password-stdin=true quay.io make -C ./external-plugins/botreview push resources: requests: diff --git a/go.mod b/go.mod index 7ad9a8d6fd..89da577744 100644 --- a/go.mod +++ b/go.mod @@ -37,8 +37,6 @@ require ( sigs.k8s.io/yaml v1.3.0 ) -require github.com/r3labs/diff/v3 v3.0.1 - require ( cloud.google.com/go v0.110.0 // indirect cloud.google.com/go/compute v1.19.0 // indirect diff --git a/images/botreview/Containerfile b/images/botreview/Containerfile index 4c4c0a66c8..21e9b8557a 100644 --- a/images/botreview/Containerfile +++ b/images/botreview/Containerfile @@ -1,17 +1,12 @@ FROM docker.io/library/golang:1.20 as builder - WORKDIR /go/src/github.com/kubevirt/project-infra/ -# FIXME: switch to https://github.com/kubevirt/project-infra.git when creating postsubmit for image creation RUN mkdir -p /go/src/kubevirt/ && \ cd /go/src/kubevirt/ && \ - git clone https://github.com/dhiller/project-infra.git && \ + git clone https://github.com/kubevirt/project-infra.git && \ cd project-infra/ && \ - git checkout d0387efd4297294de17a2a84a3cc1a5155e12ba3 && \ go mod vendor && \ env GOPROXY=off GOFLAGS=-mod=vendor CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /go/bin/botreview ./external-plugins/botreview/main.go -FROM gcr.io/k8s-prow/git:v20220523-6026203ca9 - +FROM gcr.io/k8s-prow/git:v20231107-c87e01249e COPY --from=builder /go/bin/botreview /usr/bin/botreview - ENTRYPOINT ["/usr/bin/botreview"] From 811d6319e53a26556d7b5d153552dc291f22870b Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Mon, 4 Dec 2023 15:42:02 +0100 Subject: [PATCH 16/17] make, push: fix path to Containerfile Signed-off-by: Daniel Hiller --- external-plugins/botreview/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external-plugins/botreview/Makefile b/external-plugins/botreview/Makefile index ae7e80a401..c752282018 100644 --- a/external-plugins/botreview/Makefile +++ b/external-plugins/botreview/Makefile @@ -13,4 +13,4 @@ test: $(bazelbin) test //external-plugins/botreview/... push: - podman build -f ./images/botreview/Containerfile -t quay.io/kubevirtci/botreview:latest && podman push quay.io/kubevirtci/botreview:latest + podman build -f ../../images/botreview/Containerfile -t quay.io/kubevirtci/botreview:latest && podman push quay.io/kubevirtci/botreview:latest From c61e7cf60d9abe62c3cc7ec08460f2a30c3451a7 Mon Sep 17 00:00:00 2001 From: Daniel Hiller Date: Thu, 7 Dec 2023 12:25:59 +0100 Subject: [PATCH 17/17] Use botreview-oauth-token Signed-off-by: Daniel Hiller --- .../kustom/base/manifests/local/botreview-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/ci/prow-deploy/kustom/base/manifests/local/botreview-deployment.yaml b/github/ci/prow-deploy/kustom/base/manifests/local/botreview-deployment.yaml index fc9bb33931..a8eacca156 100644 --- a/github/ci/prow-deploy/kustom/base/manifests/local/botreview-deployment.yaml +++ b/github/ci/prow-deploy/kustom/base/manifests/local/botreview-deployment.yaml @@ -49,7 +49,7 @@ spec: secretName: hmac-token - name: oauth secret: - secretName: oauth-token + secretName: botreview-oauth-token - name: plugins configMap: name: plugins