diff --git a/.github/workflows/license-lint.yaml b/.github/workflows/license-lint.yaml index 972babe2826..f5cb8b1ab08 100644 --- a/.github/workflows/license-lint.yaml +++ b/.github/workflows/license-lint.yaml @@ -32,7 +32,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Check out code into the Go module directory diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 71ec12b8989..48962819960 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -25,7 +25,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Set release version and target branch for vNext diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2db870e8ca0..2484d12fc87 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -37,7 +37,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Get tag diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml index 7570ea6f916..277f3de8314 100644 --- a/.github/workflows/scan-vulns.yaml +++ b/.github/workflows/scan-vulns.yaml @@ -33,7 +33,7 @@ jobs: steps: - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2 diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 1bfd0904039..c2e985dee5d 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -42,7 +42,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true # source: https://github.com/golangci/golangci-lint-action @@ -68,7 +68,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Unit test @@ -97,7 +97,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Check go.mod and manifests run: | @@ -123,7 +123,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Download e2e dependencies @@ -155,7 +155,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Bootstrap e2e @@ -279,7 +279,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - go-version: "1.21" + go-version: "1.22" check-latest: true - name: Bootstrap e2e diff --git a/.go-version b/.go-version index 3500250a4b0..57807d6d0d0 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.21.0 +1.22.0 diff --git a/.golangci.yaml b/.golangci.yaml index 45f97871159..d4ddf3b08d7 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -22,7 +22,7 @@ linters-settings: locale: US staticcheck: # Select the Go version to target. The default is '1.13'. - go: "1.21" + go: "1.22" linters: disable-all: true diff --git a/Dockerfile b/Dockerfile index d4db5c85f79..76a2ca45218 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.21-bullseye" +ARG BUILDERIMAGE="golang:1.22-bookworm" # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details ARG BASEIMAGE="gcr.io/distroless/static:nonroot" diff --git a/Tiltfile b/Tiltfile index a141bec7557..00ecc8ca54c 100644 --- a/Tiltfile +++ b/Tiltfile @@ -17,7 +17,7 @@ if settings.get("trigger_mode", "auto").lower() == "manual": trigger_mode(TRIGGER_MODE_MANUAL) TILT_DOCKERFILE = """ -FROM golang:1.21-bullseye as tilt-helper +FROM golang:1.22-bookworm as tilt-helper # Support live reloading with Tilt RUN wget --output-document /restart.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/restart.sh && \ wget --output-document /start.sh --quiet https://raw.githubusercontent.com/tilt-dev/rerun-process-wrapper/60eaa572cdf825c646008e1ea28b635f83cefb38/start.sh && \ diff --git a/apis/config/v1alpha1/zz_generated.deepcopy.go b/apis/config/v1alpha1/zz_generated.deepcopy.go index 2df3903752c..75babe05f76 100644 --- a/apis/config/v1alpha1/zz_generated.deepcopy.go +++ b/apis/config/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/expansion/unversioned/zz_generated.deepcopy.go b/apis/expansion/unversioned/zz_generated.deepcopy.go index 3cd1633496d..4d789857276 100644 --- a/apis/expansion/unversioned/zz_generated.deepcopy.go +++ b/apis/expansion/unversioned/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/expansion/v1alpha1/zz_generated.deepcopy.go b/apis/expansion/v1alpha1/zz_generated.deepcopy.go index d44b368c3a1..678a47e3720 100644 --- a/apis/expansion/v1alpha1/zz_generated.deepcopy.go +++ b/apis/expansion/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/expansion/v1beta1/zz_generated.deepcopy.go b/apis/expansion/v1beta1/zz_generated.deepcopy.go index 6ae018f2d27..9a5a8ab01e0 100644 --- a/apis/expansion/v1beta1/zz_generated.deepcopy.go +++ b/apis/expansion/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/mutations/unversioned/zz_generated.deepcopy.go b/apis/mutations/unversioned/zz_generated.deepcopy.go index 0b0c3a9bb23..14932e0cbb7 100644 --- a/apis/mutations/unversioned/zz_generated.deepcopy.go +++ b/apis/mutations/unversioned/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/mutations/v1/zz_generated.deepcopy.go b/apis/mutations/v1/zz_generated.deepcopy.go index fc732100f53..659053c8820 100644 --- a/apis/mutations/v1/zz_generated.deepcopy.go +++ b/apis/mutations/v1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/mutations/v1alpha1/zz_generated.deepcopy.go b/apis/mutations/v1alpha1/zz_generated.deepcopy.go index 274942c8825..2598e5a3527 100644 --- a/apis/mutations/v1alpha1/zz_generated.deepcopy.go +++ b/apis/mutations/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/mutations/v1beta1/zz_generated.deepcopy.go b/apis/mutations/v1beta1/zz_generated.deepcopy.go index 50ef1e24539..7ac11182c3e 100644 --- a/apis/mutations/v1beta1/zz_generated.deepcopy.go +++ b/apis/mutations/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/status/v1beta1/zz_generated.deepcopy.go b/apis/status/v1beta1/zz_generated.deepcopy.go index 5a42224d349..c361b6cdd9a 100644 --- a/apis/status/v1beta1/zz_generated.deepcopy.go +++ b/apis/status/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/apis/syncset/v1alpha1/zz_generated.deepcopy.go b/apis/syncset/v1alpha1/zz_generated.deepcopy.go index f3e663e93e0..af4e96c6165 100644 --- a/apis/syncset/v1alpha1/zz_generated.deepcopy.go +++ b/apis/syncset/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/build/tooling/Dockerfile b/build/tooling/Dockerfile index c5124a2d806..4a16fc563e4 100644 --- a/build/tooling/Dockerfile +++ b/build/tooling/Dockerfile @@ -1,7 +1,7 @@ -FROM golang:1.21-bullseye@sha256:47fa179d4966a0950485ede2ef81567bb1cf62e1e87af07e9830e5c928d06cd0 +FROM golang:1.22-bookworm@sha256:d996c645c9934e770e64f05fc2bc103755197b43fd999b3aa5419142e1ee6d78 -RUN GO111MODULE=on go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.10.0 -RUN GO111MODULE=on go install k8s.io/code-generator/cmd/conversion-gen@v0.25.4 +RUN GO111MODULE=on go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 +RUN GO111MODULE=on go install k8s.io/code-generator/cmd/conversion-gen@v0.29.3 RUN mkdir /gatekeeper WORKDIR /gatekeeper diff --git a/config/crd/bases/_.yaml b/config/crd/bases/_.yaml index 25f6032cf97..597bc60f700 100644 --- a/config/crd/bases/_.yaml +++ b/config/crd/bases/_.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 spec: group: "" names: diff --git a/config/crd/bases/config.gatekeeper.sh_configs.yaml b/config/crd/bases/config.gatekeeper.sh_configs.yaml index f9207c4dbab..de66db3a7a5 100644 --- a/config/crd/bases/config.gatekeeper.sh_configs.yaml +++ b/config/crd/bases/config.gatekeeper.sh_configs.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: configs.config.gatekeeper.sh spec: group: config.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: Config is the Schema for the configs API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,10 +45,10 @@ spec: properties: excludedNamespaces: items: - description: 'A string that supports globbing at its front - or end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array diff --git a/config/crd/bases/expansion.gatekeeper.sh_expansiontemplate.yaml b/config/crd/bases/expansion.gatekeeper.sh_expansiontemplate.yaml index e9a9298cb20..ded7d078046 100644 --- a/config/crd/bases/expansion.gatekeeper.sh_expansiontemplate.yaml +++ b/config/crd/bases/expansion.gatekeeper.sh_expansiontemplate.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: expansiontemplate.expansion.gatekeeper.sh spec: group: expansion.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,11 +40,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -57,14 +63,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to - be used for resources matching the ExpansionTemplate. Specifying - an empty value will use the enforcement action specified by the - Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which - the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -74,9 +81,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator - resource to use as the base for expanded resource. For Pod-creating - generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -110,10 +118,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias - to string. Being a type captures intent and helps make sure - that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array @@ -129,14 +137,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -144,11 +157,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -165,14 +180,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to - be used for resources matching the ExpansionTemplate. Specifying - an empty value will use the enforcement action specified by the - Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which - the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -182,9 +198,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator - resource to use as the base for expanded resource. For Pod-creating - generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -218,10 +235,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias - to string. Being a type captures intent and helps make sure - that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array diff --git a/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml b/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml index 1fd9983a63b..436b9c917ce 100644 --- a/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml +++ b/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: matchcrd.match.gatekeeper.sh spec: group: match.gatekeeper.sh @@ -18,44 +17,50 @@ spec: - name: match schema: openAPIV3Schema: - description: DummyCRD is a "dummy" CRD to hold the Match object, which we - ultimately need to generate JSONSchemaProps. The TypeMeta and ObjectMeta - fields are required for controller-gen to generate the CRD. + description: |- + DummyCRD is a "dummy" CRD to hold the Match object, which we ultimately + need to generate JSONSchemaProps. The TypeMeta and ObjectMeta fields are + required for controller-gen to generate the CRD. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string embeddedMatch: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If - defined, a constraint only applies to resources not in a listed - namespace. ExcludedNamespaces also supports a prefix or suffix based - glob. For example, `excludedNamespaces: [kube-*]` matches both - `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` - matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. - Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and - kinds fields that list the groups/kinds of objects to which the - mutation will apply. If multiple groups/kinds objects are specified, + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of the - slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -66,35 +71,36 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: - `matchLabels` and `matchExpressions`. These two fields provide - different methods of selecting or excluding k8s objects based on - the label keys and values included in object metadata. All selection - expressions from both sections are ANDed to determine if an object - meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -107,47 +113,47 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` - and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's - containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -160,37 +166,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. - Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). - A value of `Generated` will only match generated resources, while - `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -198,9 +206,12 @@ spec: type: string type: object kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadataDummy: type: object diff --git a/config/crd/bases/mutations.gatekeeper.sh_assign.yaml b/config/crd/bases/mutations.gatekeeper.sh_assign.yaml index 42d3c1bc386..57bfcf59b00 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_assign.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_assign.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: assign.mutations.gatekeeper.sh spec: group: mutations.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,13 +40,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -63,37 +68,40 @@ spec: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -104,36 +112,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -145,49 +154,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -199,37 +207,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -248,22 +258,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -291,15 +302,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -332,9 +346,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -343,9 +357,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -368,14 +383,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -383,13 +403,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -410,37 +431,40 @@ spec: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -451,36 +475,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -492,49 +517,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -546,37 +570,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -595,22 +621,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -638,15 +665,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -679,9 +709,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -690,9 +720,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -715,14 +746,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -730,13 +766,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -757,37 +794,40 @@ spec: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -798,36 +838,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -839,49 +880,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -893,37 +933,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -942,22 +984,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -985,15 +1028,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -1026,9 +1072,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1037,9 +1083,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml b/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml index b472e067181..0c9ad144db8 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: assignimage.mutations.gatekeeper.sh spec: group: mutations.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: AssignImage is the Schema for the assignimage API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,13 +40,14 @@ spec: description: AssignImageSpec defines the desired state of AssignImage. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -63,37 +68,40 @@ spec: `spec.containers[name: main].image`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -104,36 +112,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -145,49 +154,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -199,37 +207,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -240,28 +250,33 @@ spec: description: Parameters define the behavior of the mutator. properties: assignDomain: - description: AssignDomain sets the domain component on an image - string. The trailing slash should not be included. + description: |- + AssignDomain sets the domain component on an image string. The trailing + slash should not be included. type: string assignPath: description: AssignPath sets the domain component on an image string. type: string assignTag: - description: AssignImage sets the image component on an image - string. It must start with a `:` or `@`. + description: |- + AssignImage sets the image component on an image string. It must start + with a `:` or `@`. type: string pathTests: items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -294,9 +309,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -305,9 +320,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml b/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml index 902aba1db61..575657b7e23 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: assignmetadata.mutations.gatekeeper.sh spec: group: mutations.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,32 +45,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -77,36 +83,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -118,49 +125,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -172,37 +178,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -220,22 +228,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -267,9 +276,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. @@ -284,9 +293,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -295,9 +304,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -320,14 +330,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -340,32 +355,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -376,36 +393,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -417,49 +435,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -471,37 +488,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -519,22 +538,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -566,9 +586,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. @@ -583,9 +603,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -594,9 +614,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -619,14 +640,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -639,32 +665,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -675,36 +703,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -716,49 +745,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -770,37 +798,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -818,22 +848,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the - data that will be sent to the external data provider - as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use - when the external data provider returns an error and - the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply - when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -865,9 +896,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. @@ -882,9 +913,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -893,9 +924,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml b/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml index 7e95583fb54..52222e8f46c 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: modifyset.mutations.gatekeeper.sh spec: group: mutations.gatekeeper.sh @@ -18,18 +17,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as + description: |- + ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,13 +42,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -64,37 +70,40 @@ spec: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -105,36 +114,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -146,49 +156,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -200,37 +209,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -249,18 +260,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can - be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -298,9 +313,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -309,9 +324,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -331,18 +347,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as + description: |- + ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -350,13 +372,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -377,37 +400,40 @@ spec: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -418,36 +444,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -459,49 +486,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -513,37 +539,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -562,18 +590,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can - be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -611,9 +643,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -622,9 +654,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -644,18 +677,24 @@ spec: - name: v1beta1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as + description: |- + ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -663,13 +702,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds - a mutation will be applied to. This is necessary because every mutation - implies part of an object schema and object schemas are associated - with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should - apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -690,37 +730,40 @@ spec: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. - Individual match criteria are AND-ed together. An undefined match - criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. - If defined, a constraint only applies to resources not in a - listed namespace. ExcludedNamespaces also supports a prefix - or suffix based glob. For example, `excludedNamespaces: [kube-*]` - matches both `kube-system` and `kube-public`, and `excludedNamespaces: - [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups - and kinds fields that list the groups/kinds of objects to - which the mutation will apply. If multiple groups/kinds objects - are specified, only one match is needed for the resource to - be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of - the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -731,36 +774,37 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional - fields: `matchLabels` and `matchExpressions`. These two fields - provide different methods of selecting or excluding k8s objects - based on the label keys and values included in object metadata. All - selection expressions from both sections are ANDed to determine - if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -772,49 +816,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `name: pod-*` would match - both `pod-a` and `pod-b`, and `name: *-pod` would match both - `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an - object's containing namespace or the object itself, if the object - is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -826,37 +869,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `namespaces: - [kube-*]` matches both `kube-system` and `kube-public`, and - `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or - end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The - asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. - (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `Generated`|`Original`|`All` (defaults - to `All`). A value of `Generated` will only match generated - resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -875,18 +920,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can - be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the - mutation works if parent paths are missing. It traverses the - list in order. All sub paths are tested against the provided - condition, if the test fails, the mutation is not applied. - All `subPath` entries must be a prefix of `location`. Any + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to - expand the matching glob in `location`. \n Available Tests: - * MustExist - the path must exist or do not mutate * MustNotExist - - the path must not exist or do not mutate." + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either @@ -924,9 +973,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error - for use by controller code. If not present, the error - should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -935,9 +984,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, - such as when a mutator has been recreated after its CRD was - deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/status.gatekeeper.sh_constraintpodstatuses.yaml b/config/crd/bases/status.gatekeeper.sh_constraintpodstatuses.yaml index fa7b9a1da46..f9678eb0f0a 100644 --- a/config/crd/bases/status.gatekeeper.sh_constraintpodstatuses.yaml +++ b/config/crd/bases/status.gatekeeper.sh_constraintpodstatuses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: constraintpodstatuses.status.gatekeeper.sh spec: group: status.gatekeeper.sh @@ -22,14 +21,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,8 +41,9 @@ spec: description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus. properties: constraintUID: - description: Storing the constraint UID allows us to detect drift, - such as when a constraint has been recreated after its CRD was deleted + description: |- + Storing the constraint UID allows us to detect drift, such as + when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch type: string enforced: diff --git a/config/crd/bases/status.gatekeeper.sh_constrainttemplatepodstatuses.yaml b/config/crd/bases/status.gatekeeper.sh_constrainttemplatepodstatuses.yaml index ca3cc7fd925..9030379a557 100644 --- a/config/crd/bases/status.gatekeeper.sh_constrainttemplatepodstatuses.yaml +++ b/config/crd/bases/status.gatekeeper.sh_constrainttemplatepodstatuses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: constrainttemplatepodstatuses.status.gatekeeper.sh spec: group: status.gatekeeper.sh @@ -22,14 +21,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -65,10 +69,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being - a type captures intent and helps make sure that UIDs and names do - not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object diff --git a/config/crd/bases/status.gatekeeper.sh_expansiontemplatepodstatuses.yaml b/config/crd/bases/status.gatekeeper.sh_expansiontemplatepodstatuses.yaml index 4335d45f5ca..18eb2b21385 100644 --- a/config/crd/bases/status.gatekeeper.sh_expansiontemplatepodstatuses.yaml +++ b/config/crd/bases/status.gatekeeper.sh_expansiontemplatepodstatuses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: expansiontemplatepodstatuses.status.gatekeeper.sh spec: group: status.gatekeeper.sh @@ -22,14 +21,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -60,10 +64,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being - a type captures intent and helps make sure that UIDs and names do - not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object diff --git a/config/crd/bases/status.gatekeeper.sh_mutatorpodstatuses.yaml b/config/crd/bases/status.gatekeeper.sh_mutatorpodstatuses.yaml index aee1905768b..6d9e9770821 100644 --- a/config/crd/bases/status.gatekeeper.sh_mutatorpodstatuses.yaml +++ b/config/crd/bases/status.gatekeeper.sh_mutatorpodstatuses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: mutatorpodstatuses.status.gatekeeper.sh spec: group: status.gatekeeper.sh @@ -21,14 +20,19 @@ spec: description: MutatorPodStatus is the Schema for the mutationpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -45,9 +49,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use - by controller code. If not present, the error should be treated - as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -56,9 +60,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such - as when a mutator has been recreated after its CRD was deleted out - from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/config/crd/bases/syncset.gatekeeper.sh_syncsets.yaml b/config/crd/bases/syncset.gatekeeper.sh_syncsets.yaml index 08ec5fc832e..2b1aa8978b0 100644 --- a/config/crd/bases/syncset.gatekeeper.sh_syncsets.yaml +++ b/config/crd/bases/syncset.gatekeeper.sh_syncsets.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: syncsets.syncset.gatekeeper.sh spec: group: syncset.gatekeeper.sh @@ -23,14 +22,19 @@ spec: defines the sets of resources that will be synced. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a258338234b..f3416ee2060 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: manager-role rules: - apiGroups: @@ -178,7 +177,6 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - creationTimestamp: null name: manager-role namespace: gatekeeper-system rules: diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 107758db5c2..9c89134b2d5 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -2,7 +2,6 @@ apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - creationTimestamp: null name: mutating-webhook-configuration webhooks: - admissionReviewVersions: @@ -31,7 +30,6 @@ webhooks: apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - creationTimestamp: null name: validating-webhook-configuration webhooks: - admissionReviewVersions: diff --git a/gator.Dockerfile b/gator.Dockerfile index 907c1b8f528..aac863f0285 100644 --- a/gator.Dockerfile +++ b/gator.Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.21-bullseye" +ARG BUILDERIMAGE="golang:1.22-bookworm" # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details ARG BASEIMAGE="gcr.io/distroless/static:nonroot" diff --git a/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml index 0221a194812..ccc4ebacaf6 100644 --- a/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assign.mutations.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -37,9 +46,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -59,21 +73,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -84,21 +117,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -110,29 +157,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -144,21 +208,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -176,17 +258,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -209,7 +297,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -239,7 +338,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -248,7 +349,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -271,10 +375,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -282,9 +395,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -304,21 +422,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -329,21 +466,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -355,29 +506,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -389,21 +557,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -421,17 +607,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -454,7 +646,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -484,7 +687,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -493,7 +698,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -516,10 +724,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -527,9 +744,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -549,21 +771,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -574,21 +815,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -600,29 +855,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -634,21 +906,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -666,17 +956,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -699,7 +995,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -729,7 +1036,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -738,7 +1047,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml index 197f2f17933..17bcf1d95c6 100644 --- a/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assignimage.mutations.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: AssignImage is the Schema for the assignimage API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -37,9 +46,14 @@ spec: description: AssignImageSpec defines the desired state of AssignImage. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -59,21 +73,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].image`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -84,21 +117,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -110,29 +157,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -144,21 +208,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -169,17 +251,32 @@ spec: description: Parameters define the behavior of the mutator. properties: assignDomain: - description: AssignDomain sets the domain component on an image string. The trailing slash should not be included. + description: |- + AssignDomain sets the domain component on an image string. The trailing + slash should not be included. type: string assignPath: description: AssignPath sets the domain component on an image string. type: string assignTag: - description: AssignImage sets the image component on an image string. It must start with a `:` or `@`. + description: |- + AssignImage sets the image component on an image string. It must start + with a `:` or `@`. type: string pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -209,7 +306,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -218,7 +317,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml index 65c17ed3ae1..ffa5dd09f8c 100644 --- a/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assignmetadata.mutations.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -42,18 +51,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -64,21 +89,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -90,29 +129,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -124,21 +180,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -155,17 +229,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -192,7 +272,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -205,7 +287,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -214,7 +298,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -237,10 +324,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -253,18 +349,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -275,21 +387,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -301,29 +427,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -335,21 +478,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -366,17 +527,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -403,7 +570,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -416,7 +585,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -425,7 +596,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -448,10 +622,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -464,18 +647,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -486,21 +685,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -512,29 +725,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -546,21 +776,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -577,17 +825,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -614,7 +868,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -627,7 +883,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -636,7 +894,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml index 269ca95f9a2..d267bbb387b 100644 --- a/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: configs.config.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: Config is the Schema for the configs API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -38,7 +47,10 @@ spec: properties: excludedNamespaces: items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array diff --git a/manifest_staging/charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml index c1e3199057d..566ac21f376 100644 --- a/manifest_staging/charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/constraintpodstatus-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: constraintpodstatuses.status.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: ConstraintPodStatus is the Schema for the constraintpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -33,7 +42,10 @@ spec: description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus. properties: constraintUID: - description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the constraint UID allows us to detect drift, such as + when a constraint has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string enforced: type: boolean diff --git a/manifest_staging/charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml index 271572bd7e8..f6290d17f7a 100644 --- a/manifest_staging/charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: constrainttemplatepodstatuses.status.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -58,7 +67,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object diff --git a/manifest_staging/charts/gatekeeper/crds/expansiontemplate-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/expansiontemplate-customresourcedefinition.yaml index 0452edb7761..f5838f6e50e 100644 --- a/manifest_staging/charts/gatekeeper/crds/expansiontemplate-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/expansiontemplate-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: expansiontemplate.expansion.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -37,9 +46,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -56,10 +69,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -69,7 +87,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -101,7 +122,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array @@ -117,10 +141,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -128,9 +161,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -147,10 +184,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -160,7 +202,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -192,7 +237,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array diff --git a/manifest_staging/charts/gatekeeper/crds/expansiontemplatepodstatus-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/expansiontemplatepodstatus-customresourcedefinition.yaml index 8f49b4c5f7f..004abaf343d 100644 --- a/manifest_staging/charts/gatekeeper/crds/expansiontemplatepodstatus-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/expansiontemplatepodstatus-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: expansiontemplatepodstatuses.status.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: ExpansionTemplatePodStatus is the Schema for the expansiontemplatepodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,7 +63,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object diff --git a/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml index 46574fd369f..e4bdd600a8f 100644 --- a/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: modifyset.mutations.gatekeeper.sh @@ -19,13 +19,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -37,9 +48,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -59,21 +75,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -84,21 +119,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -110,29 +159,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -144,21 +210,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -176,9 +260,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -212,7 +309,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -221,7 +320,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -241,13 +343,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -255,9 +368,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -277,21 +395,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -302,21 +439,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -328,29 +479,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -362,21 +530,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -394,9 +580,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -430,7 +629,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -439,7 +640,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -459,13 +663,24 @@ spec: - name: v1beta1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -473,9 +688,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -495,21 +715,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -520,21 +759,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -546,29 +799,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -580,21 +850,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -612,9 +900,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -648,7 +949,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -657,7 +960,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml index fd6a0f6dea6..931e05e147a 100644 --- a/manifest_staging/charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/mutatorpodstatus-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: mutatorpodstatuses.status.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: MutatorPodStatus is the Schema for the mutationpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,7 +50,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -50,7 +61,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 diff --git a/manifest_staging/charts/gatekeeper/crds/syncset-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/syncset-customresourcedefinition.yaml index c5c51f9da4a..1ef7ce4154e 100644 --- a/manifest_staging/charts/gatekeeper/crds/syncset-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/syncset-customresourcedefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: syncsets.syncset.gatekeeper.sh @@ -22,10 +22,19 @@ spec: description: SyncSet defines which resources Gatekeeper will cache. The union of all SyncSets plus the syncOnly field of Gatekeeper's Config resource defines the sets of resources that will be synced. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-clusterrole.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-clusterrole.yaml index 2693455e989..e41f96c9790 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-clusterrole.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-clusterrole.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null labels: app: '{{ template "gatekeeper.name" . }}' chart: '{{ template "gatekeeper.name" . }}' diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-role.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-role.yaml index 1018dcdb667..72d7513baaf 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-role.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-manager-role-role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - creationTimestamp: null labels: app: '{{ template "gatekeeper.name" . }}' chart: '{{ template "gatekeeper.name" . }}' diff --git a/manifest_staging/deploy/gatekeeper.yaml b/manifest_staging/deploy/gatekeeper.yaml index 4fba41b01e4..6d264be23c0 100644 --- a/manifest_staging/deploy/gatekeeper.yaml +++ b/manifest_staging/deploy/gatekeeper.yaml @@ -34,7 +34,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assign.mutations.gatekeeper.sh @@ -54,10 +54,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -69,9 +78,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -91,21 +105,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -116,21 +149,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -142,29 +189,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -176,21 +240,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -208,17 +290,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -241,7 +329,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -271,7 +370,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -280,7 +381,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -303,10 +407,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -314,9 +427,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -336,21 +454,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -361,21 +498,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -387,29 +538,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -421,21 +589,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -453,17 +639,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -486,7 +678,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -516,7 +719,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -525,7 +730,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -548,10 +756,19 @@ spec: description: Assign is the Schema for the assign API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -559,9 +776,14 @@ spec: description: AssignSpec defines the desired state of Assign. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -581,21 +803,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -606,21 +847,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -632,29 +887,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -666,21 +938,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -698,17 +988,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -731,7 +1027,18 @@ spec: type: object pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -761,7 +1068,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -770,7 +1079,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -792,7 +1104,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assignimage.mutations.gatekeeper.sh @@ -812,10 +1124,19 @@ spec: description: AssignImage is the Schema for the assignimage API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -827,9 +1148,14 @@ spec: description: AssignImageSpec defines the desired state of AssignImage. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -849,21 +1175,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].image`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -874,21 +1219,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -900,29 +1259,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -934,21 +1310,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -959,17 +1353,32 @@ spec: description: Parameters define the behavior of the mutator. properties: assignDomain: - description: AssignDomain sets the domain component on an image string. The trailing slash should not be included. + description: |- + AssignDomain sets the domain component on an image string. The trailing + slash should not be included. type: string assignPath: description: AssignPath sets the domain component on an image string. type: string assignTag: - description: AssignImage sets the image component on an image string. It must start with a `:` or `@`. + description: |- + AssignImage sets the image component on an image string. It must start + with a `:` or `@`. type: string pathTests: items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -999,7 +1408,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1008,7 +1419,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -1030,7 +1444,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: assignmetadata.mutations.gatekeeper.sh @@ -1050,10 +1464,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -1070,18 +1493,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -1092,21 +1531,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1118,29 +1571,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1152,21 +1622,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -1183,17 +1671,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -1220,7 +1714,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -1233,7 +1729,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1242,7 +1740,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -1265,10 +1766,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1281,18 +1791,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -1303,21 +1829,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1329,29 +1869,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1363,21 +1920,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -1394,17 +1969,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -1431,7 +2012,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -1444,7 +2027,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1453,7 +2038,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -1476,10 +2064,19 @@ spec: description: AssignMetadata is the Schema for the assignmetadata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1492,18 +2089,34 @@ spec: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -1514,21 +2127,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1540,29 +2167,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1574,21 +2218,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -1605,17 +2267,23 @@ spec: properties: dataSource: default: ValueAtLocation - description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters. + description: |- + DataSource specifies where to extract the data that will be sent + to the external data provider as parameters. enum: - ValueAtLocation - Username type: string default: - description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault". + description: |- + Default specifies the default value to use when the external data + provider returns an error and the failure policy is set to "UseDefault". type: string failurePolicy: default: Fail - description: FailurePolicy specifies the policy to apply when the external data provider returns an error. + description: |- + FailurePolicy specifies the policy to apply when the external data + provider returns an error. enum: - UseDefault - Ignore @@ -1642,7 +2310,9 @@ spec: description: AssignMetadataStatus defines the observed state of AssignMetadata. properties: byPod: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file items: description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus. properties: @@ -1655,7 +2325,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -1664,7 +2336,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -1686,7 +2361,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: configs.config.gatekeeper.sh @@ -1706,10 +2381,19 @@ spec: description: Config is the Schema for the configs API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1722,7 +2406,10 @@ spec: properties: excludedNamespaces: items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array @@ -1792,7 +2479,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: constraintpodstatuses.status.gatekeeper.sh @@ -1812,10 +2499,19 @@ spec: description: ConstraintPodStatus is the Schema for the constraintpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1823,7 +2519,10 @@ spec: description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus. properties: constraintUID: - description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the constraint UID allows us to detect drift, such as + when a constraint has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string enforced: type: boolean @@ -1860,7 +2559,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: constrainttemplatepodstatuses.status.gatekeeper.sh @@ -1880,10 +2579,19 @@ spec: description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1916,7 +2624,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object @@ -2285,7 +2996,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: expansiontemplate.expansion.gatekeeper.sh @@ -2305,10 +3016,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -2320,9 +3040,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -2339,10 +3063,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -2352,7 +3081,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -2384,7 +3116,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array @@ -2400,10 +3135,19 @@ spec: description: ExpansionTemplate is the Schema for the ExpansionTemplate API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2411,9 +3155,13 @@ spec: description: ExpansionTemplateSpec defines the desired state of ExpansionTemplate. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded. + description: |- + ApplyTo lists the specific groups, versions and kinds of generator resources + which will be expanded. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -2430,10 +3178,15 @@ spec: type: object type: array enforcementAction: - description: EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation. + description: |- + EnforcementAction specifies the enforcement action to be used for resources + matching the ExpansionTemplate. Specifying an empty value will use the + enforcement action specified by the Constraint in violation. type: string generatedGVK: - description: GeneratedGVK specifies the GVK of the resources which the generator resource creates. + description: |- + GeneratedGVK specifies the GVK of the resources which the generator + resource creates. properties: group: type: string @@ -2443,7 +3196,10 @@ spec: type: string type: object templateSource: - description: TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template + description: |- + TemplateSource specifies the source field on the generator resource to + use as the base for expanded resource. For Pod-creating generators, this + is usually spec.template type: string type: object status: @@ -2475,7 +3231,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: array @@ -2490,7 +3249,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: expansiontemplatepodstatuses.status.gatekeeper.sh @@ -2510,10 +3269,19 @@ spec: description: ExpansionTemplatePodStatus is the Schema for the expansiontemplatepodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2542,7 +3310,10 @@ spec: type: string type: array templateUID: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + description: |- + UID is a type that holds unique ID values, including UUIDs. Because we + don't ONLY use UUIDs, this is an alias to string. Being a type captures + intent and helps make sure that UIDs and names do not get conflated. type: string type: object type: object @@ -2553,7 +3324,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: modifyset.mutations.gatekeeper.sh @@ -2570,13 +3341,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -2588,9 +3370,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -2610,21 +3397,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -2635,21 +3441,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2661,29 +3481,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2695,21 +3532,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -2727,9 +3582,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -2763,7 +3631,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -2772,7 +3642,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -2792,13 +3665,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2806,9 +3690,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -2828,21 +3717,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -2853,21 +3761,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2879,29 +3801,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2913,21 +3852,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -2945,9 +3902,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -2981,7 +3951,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -2990,7 +3962,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -3010,13 +3985,24 @@ spec: - name: v1beta1 schema: openAPIV3Schema: - description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container. + description: |- + ModifySet allows the user to modify non-keyed lists, such as + the list of arguments to a container. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3024,9 +4010,14 @@ spec: description: ModifySetSpec defines the desired state of ModifySet. properties: applyTo: - description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs. + description: |- + ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. + This is necessary because every mutation implies part of an object schema and object + schemas are associated with specific GVKs. items: - description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + description: |- + ApplyTo determines what GVKs items the mutation should apply to. + Globs are not allowed. properties: groups: items: @@ -3046,21 +4037,40 @@ spec: description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.' type: string match: - description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything. + description: |- + Match allows the user to limit which resources get mutated. + Individual match criteria are AND-ed together. An undefined + match criteria matches everything. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `excludedNamespaces: [kube-*]` matches both `kube-system` and + `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and + `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, + only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -3071,21 +4081,35 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `matchLabels` + and `matchExpressions`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3097,29 +4121,46 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match + both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3131,21 +4172,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both + `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both + `kube-system` and `gatekeeper-system`. items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`) type: string source: - description: Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of + `Generated` will only match generated resources, while `Original` will only + match regular resources. enum: - All - Generated @@ -3163,9 +4222,22 @@ spec: - prune type: string pathTests: - description: PathTests are a series of existence tests that can be checked before a mutation is applied + description: |- + PathTests are a series of existence tests that can be checked + before a mutation is applied items: - description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate." + description: |- + PathTest allows the user to customize how the mutation works if parent + paths are missing. It traverses the list in order. All sub paths are + tested against the provided condition, if the test fails, the mutation is + not applied. All `subPath` entries must be a prefix of `location`. Any + glob characters will take on the same value as was used to + expand the matching glob in `location`. + + + Available Tests: + * MustExist - the path must exist or do not mutate + * MustNotExist - the path must not exist or do not mutate. properties: condition: description: Condition describes whether the path either MustExist or MustNotExist in the original object @@ -3199,7 +4271,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -3208,7 +4282,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -3230,7 +4307,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: mutatorpodstatuses.status.gatekeeper.sh @@ -3250,10 +4327,19 @@ spec: description: MutatorPodStatus is the Schema for the mutationpodstatuses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3269,7 +4355,9 @@ spec: message: type: string type: - description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type. + description: |- + Type indicates a specific class of error for use by controller code. + If not present, the error should be treated as not matching any known type. type: string required: - message @@ -3278,7 +4366,10 @@ spec: id: type: string mutatorUID: - description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + description: |- + Storing the mutator UID allows us to detect drift, such as + when a mutator has been recreated after its CRD was deleted + out from under it, interrupting the watch type: string observedGeneration: format: int64 @@ -3375,7 +4466,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: gatekeeper.sh/system: "yes" name: syncsets.syncset.gatekeeper.sh @@ -3395,10 +4486,19 @@ spec: description: SyncSet defines which resources Gatekeeper will cache. The union of all SyncSets plus the syncOnly field of Gatekeeper's Config resource defines the sets of resources that will be synced. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -3435,7 +4535,6 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - creationTimestamp: null labels: gatekeeper.sh/system: "yes" name: gatekeeper-manager-role @@ -3464,7 +4563,6 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null labels: gatekeeper.sh/system: "yes" name: gatekeeper-manager-role diff --git a/pkg/mutation/match/zz_generated.deepcopy.go b/pkg/mutation/match/zz_generated.deepcopy.go index 26213f1e2d5..d06323b2094 100644 --- a/pkg/mutation/match/zz_generated.deepcopy.go +++ b/pkg/mutation/match/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* diff --git a/pkg/target/matchcrd_constant.go b/pkg/target/matchcrd_constant.go index fd454258514..87e993cd953 100644 --- a/pkg/target/matchcrd_constant.go +++ b/pkg/target/matchcrd_constant.go @@ -9,8 +9,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: matchcrd.match.gatekeeper.sh spec: group: match.gatekeeper.sh @@ -24,44 +23,50 @@ spec: - name: match schema: openAPIV3Schema: - description: DummyCRD is a "dummy" CRD to hold the Match object, which we - ultimately need to generate JSONSchemaProps. The TypeMeta and ObjectMeta - fields are required for controller-gen to generate the CRD. + description: |- + DummyCRD is a "dummy" CRD to hold the Match object, which we ultimately + need to generate JSONSchemaProps. The TypeMeta and ObjectMeta fields are + required for controller-gen to generate the CRD. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string embeddedMatch: description: Match selects which objects are in scope. properties: excludedNamespaces: - description: 'ExcludedNamespaces is a list of namespace names. If - defined, a constraint only applies to resources not in a listed - namespace. ExcludedNamespaces also supports a prefix or suffix based - glob. For example, `+"`"+`excludedNamespaces: [kube-*]`+"`"+` matches both - `+"`"+`kube-system`+"`"+` and `+"`"+`kube-public`+"`"+`, and `+"`"+`excludedNamespaces: [*-system]`+"`"+` - matches both `+"`"+`kube-system`+"`"+` and `+"`"+`gatekeeper-system`+"`"+`.' + description: |- + ExcludedNamespaces is a list of namespace names. If defined, a + constraint only applies to resources not in a listed namespace. + ExcludedNamespaces also supports a prefix or suffix based glob. For example, + `+"`"+`excludedNamespaces: [kube-*]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and + `+"`"+`kube-public`+"`"+`, and `+"`"+`excludedNamespaces: [*-system]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and + `+"`"+`gatekeeper-system`+"`"+`. items: - description: 'A string that supports globbing at its front or end. - Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array kinds: items: - description: Kinds accepts a list of objects with apiGroups and - kinds fields that list the groups/kinds of objects to which the - mutation will apply. If multiple groups/kinds objects are specified, + description: |- + Kinds accepts a list of objects with apiGroups and kinds fields + that list the groups/kinds of objects to which the mutation will apply. + If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. properties: apiGroups: - description: APIGroups is the API groups the resources belong - to. '*' is all groups. If '*' is present, the length of the - slice must be one. Required. + description: |- + APIGroups is the API groups the resources belong to. '*' is all groups. + If '*' is present, the length of the slice must be one. + Required. items: type: string type: array @@ -72,35 +77,36 @@ spec: type: object type: array labelSelector: - description: 'LabelSelector is the combination of two optional fields: - `+"`"+`matchLabels`+"`"+` and `+"`"+`matchExpressions`+"`"+`. These two fields provide - different methods of selecting or excluding k8s objects based on - the label keys and values included in object metadata. All selection - expressions from both sections are ANDed to determine if an object - meets the cumulative requirements of the selector.' + description: |- + LabelSelector is the combination of two optional fields: `+"`"+`matchLabels`+"`"+` + and `+"`"+`matchExpressions`+"`"+`. These two fields provide different methods of + selecting or excluding k8s objects based on the label keys and values + included in object metadata. All selection expressions from both + sections are ANDed to determine if an object meets the cumulative + requirements of the selector. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -113,47 +119,47 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic name: - description: 'Name is the name of an object. If defined, it will - match against objects with the specified name. Name also supports - a prefix or suffix glob. For example, `+"`"+`name: pod-*`+"`"+` would match - both `+"`"+`pod-a`+"`"+` and `+"`"+`pod-b`+"`"+`, and `+"`"+`name: *-pod`+"`"+` would match both `+"`"+`a-pod`+"`"+` - and `+"`"+`b-pod`+"`"+`.' + description: |- + Name is the name of an object. If defined, it will match against objects with the specified + name. Name also supports a prefix or suffix glob. For example, `+"`"+`name: pod-*`+"`"+` would match + both `+"`"+`pod-a`+"`"+` and `+"`"+`pod-b`+"`"+`, and `+"`"+`name: *-pod`+"`"+` would match both `+"`"+`a-pod`+"`"+` and `+"`"+`b-pod`+"`"+`. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string namespaceSelector: - description: NamespaceSelector is a label selector against an object's - containing namespace or the object itself, if the object is a namespace. + description: |- + NamespaceSelector is a label selector against an object's containing + namespace or the object itself, if the object is a namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -166,37 +172,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: 'Namespaces is a list of namespace names. If defined, - a constraint only applies to resources in a listed namespace. Namespaces - also supports a prefix or suffix based glob. For example, `+"`"+`namespaces: - [kube-*]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and `+"`"+`kube-public`+"`"+`, and `+"`"+`namespaces: - [*-system]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and `+"`"+`gatekeeper-system`+"`"+`.' + description: |- + Namespaces is a list of namespace names. If defined, a constraint only + applies to resources in a listed namespace. Namespaces also supports a + prefix or suffix based glob. For example, `+"`"+`namespaces: [kube-*]`+"`"+` matches both + `+"`"+`kube-system`+"`"+` and `+"`"+`kube-public`+"`"+`, and `+"`"+`namespaces: [*-system]`+"`"+` matches both + `+"`"+`kube-system`+"`"+` and `+"`"+`gatekeeper-system`+"`"+`. items: - description: 'A string that supports globbing at its front or end. - Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' + description: |- + A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or + "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is + required for wildcard matching. pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ type: string type: array scope: - description: Scope determines if cluster-scoped and/or namespaced-scoped - resources are matched. Accepts `+"`"+`*`+"`"+`, `+"`"+`Cluster`+"`"+`, or `+"`"+`Namespaced`+"`"+`. - (defaults to `+"`"+`*`+"`"+`) + description: |- + Scope determines if cluster-scoped and/or namespaced-scoped resources + are matched. Accepts `+"`"+`*`+"`"+`, `+"`"+`Cluster`+"`"+`, or `+"`"+`Namespaced`+"`"+`. (defaults to `+"`"+`*`+"`"+`) type: string source: - description: Source determines whether generated or original resources - are matched. Accepts `+"`"+`Generated`+"`"+`|`+"`"+`Original`+"`"+`|`+"`"+`All`+"`"+` (defaults to `+"`"+`All`+"`"+`). - A value of `+"`"+`Generated`+"`"+` will only match generated resources, while - `+"`"+`Original`+"`"+` will only match regular resources. + description: |- + Source determines whether generated or original resources are matched. + Accepts `+"`"+`Generated`+"`"+`|`+"`"+`Original`+"`"+`|`+"`"+`All`+"`"+` (defaults to `+"`"+`All`+"`"+`). A value of + `+"`"+`Generated`+"`"+` will only match generated resources, while `+"`"+`Original`+"`"+` will only + match regular resources. enum: - All - Generated @@ -204,9 +212,12 @@ spec: type: string type: object kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadataDummy: type: object diff --git a/test/externaldata/dummy-provider/Dockerfile b/test/externaldata/dummy-provider/Dockerfile index 001880610c9..86daf931342 100644 --- a/test/externaldata/dummy-provider/Dockerfile +++ b/test/externaldata/dummy-provider/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.21-bullseye" +ARG BUILDERIMAGE="golang:1.22-bookworm" ARG BASEIMAGE="gcr.io/distroless/static:nonroot" FROM --platform=$BUILDPLATFORM $BUILDERIMAGE as builder diff --git a/test/image/Dockerfile b/test/image/Dockerfile index 293ce9bec9e..fb6b26a36c1 100644 --- a/test/image/Dockerfile +++ b/test/image/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21-bullseye@sha256:47fa179d4966a0950485ede2ef81567bb1cf62e1e87af07e9830e5c928d06cd0 as builder +FROM golang:1.22-bullseye@sha256:d996c645c9934e770e64f05fc2bc103755197b43fd999b3aa5419142e1ee6d78 as builder ARG BATS_VERSION ARG ORAS_VERSION diff --git a/test/pubsub/fake-subscriber/Dockerfile b/test/pubsub/fake-subscriber/Dockerfile index fa389e7c05d..74a77f7528e 100644 --- a/test/pubsub/fake-subscriber/Dockerfile +++ b/test/pubsub/fake-subscriber/Dockerfile @@ -1,5 +1,5 @@ ARG BUILDPLATFORM="linux/amd64" -ARG BUILDERIMAGE="golang:1.21-bullseye" +ARG BUILDERIMAGE="golang:1.22-bookworm" ARG BASEIMAGE="gcr.io/distroless/static:nonroot" FROM --platform=$BUILDPLATFORM $BUILDERIMAGE as builder