CUE Central Registry

cue.dev/x/k8s.io@v0.7.0

api/storage/v1/schema.cue raw

  1package v1
  2
  3import (
  4	"cue.dev/x/k8s.io/apimachinery/pkg/apis/meta/v1"
  5	"cue.dev/x/k8s.io/apimachinery/pkg/api/resource"
  6	v1_9 "cue.dev/x/k8s.io/api/core/v1"
  7)
  8
  9// CSIDriver captures information about a Container Storage
 10// Interface (CSI) volume driver deployed on the cluster.
 11// Kubernetes attach detach controller uses this object to
 12// determine whether attach is required. Kubelet uses this object
 13// to determine whether pod information needs to be passed on
 14// mount. CSIDriver objects are non-namespaced.
 15#CSIDriver: {
 16	// APIVersion defines the versioned schema of this representation
 17	// of an object. Servers should convert recognized schemas to the
 18	// latest internal value, and may reject unrecognized values.
 19	// More info:
 20	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 21	"apiVersion": "storage.k8s.io/v1"
 22
 23	// Kind is a string value representing the REST resource this
 24	// object represents. Servers may infer this from the endpoint
 25	// the client submits requests to. Cannot be updated. In
 26	// CamelCase. More info:
 27	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 28	"kind": "CSIDriver"
 29
 30	// Standard object metadata. metadata.Name indicates the name of
 31	// the CSI driver that this object refers to; it MUST be the same
 32	// name returned by the CSI GetPluginName() call for that driver.
 33	// The driver name must be 63 characters or less, beginning and
 34	// ending with an alphanumeric character ([a-z0-9A-Z]) with
 35	// dashes (-), dots (.), and alphanumerics between. More info:
 36	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 37	"metadata"?: v1.#ObjectMeta
 38
 39	// spec represents the specification of the CSI Driver.
 40	"spec"!: #CSIDriverSpec
 41}
 42
 43// CSIDriverList is a collection of CSIDriver objects.
 44#CSIDriverList: {
 45	// APIVersion defines the versioned schema of this representation
 46	// of an object. Servers should convert recognized schemas to the
 47	// latest internal value, and may reject unrecognized values.
 48	// More info:
 49	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 50	"apiVersion": "storage.k8s.io/v1"
 51
 52	// items is the list of CSIDriver
 53	"items"!: [...#CSIDriver]
 54
 55	// Kind is a string value representing the REST resource this
 56	// object represents. Servers may infer this from the endpoint
 57	// the client submits requests to. Cannot be updated. In
 58	// CamelCase. More info:
 59	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 60	"kind": "CSIDriverList"
 61
 62	// Standard list metadata More info:
 63	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 64	"metadata"?: v1.#ListMeta
 65}
 66
 67// CSIDriverSpec is the specification of a CSIDriver.
 68#CSIDriverSpec: {
 69	// attachRequired indicates this CSI volume driver requires an
 70	// attach operation (because it implements the CSI
 71	// ControllerPublishVolume() method), and that the Kubernetes
 72	// attach detach controller should call the attach volume
 73	// interface which checks the volumeattachment status and waits
 74	// until the volume is attached before proceeding to mounting.
 75	// The CSI external-attacher coordinates with CSI volume driver
 76	// and updates the volumeattachment status when the attach
 77	// operation is complete. If the value is specified to false, the
 78	// attach operation will be skipped. Otherwise the attach
 79	// operation will be called.
 80	//
 81	// This field is immutable.
 82	"attachRequired"?: bool
 83
 84	// fsGroupPolicy defines if the underlying volume supports
 85	// changing ownership and permission of the volume before being
 86	// mounted. Refer to the specific FSGroupPolicy values for
 87	// additional details.
 88	//
 89	// This field was immutable in Kubernetes < 1.29 and now is
 90	// mutable.
 91	//
 92	// Defaults to ReadWriteOnceWithFSType, which will examine each
 93	// volume to determine if Kubernetes should modify ownership and
 94	// permissions of the volume. With the default policy the defined
 95	// fsGroup will only be applied if a fstype is defined and the
 96	// volume's access mode contains ReadWriteOnce.
 97	"fsGroupPolicy"?: string
 98
 99	// nodeAllocatableUpdatePeriodSeconds specifies the interval
100	// between periodic updates of the CSINode allocatable capacity
101	// for this driver. When set, both periodic updates and updates
102	// triggered by capacity-related failures are enabled. If not
103	// set, no updates occur (neither periodic nor upon detecting
104	// capacity-related failures), and the allocatable.count remains
105	// static. The minimum allowed value for this field is 10
106	// seconds.
107	//
108	// This is a beta feature and requires the
109	// MutableCSINodeAllocatableCount feature gate to be enabled.
110	//
111	// This field is mutable.
112	"nodeAllocatableUpdatePeriodSeconds"?: int64 & int
113
114	// podInfoOnMount indicates this CSI volume driver requires
115	// additional pod information (like podName, podUID, etc.) during
116	// mount operations, if set to true. If set to false, pod
117	// information will not be passed on mount. Default is false.
118	//
119	// The CSI driver specifies podInfoOnMount as part of driver
120	// deployment. If true, Kubelet will pass pod information as
121	// VolumeContext in the CSI NodePublishVolume() calls. The CSI
122	// driver is responsible for parsing and validating the
123	// information passed in as VolumeContext.
124	//
125	// The following VolumeContext will be passed if podInfoOnMount is
126	// set to true. This list might grow, but the prefix will be
127	// used. "csi.storage.k8s.io/pod.name": pod.Name
128	// "csi.storage.k8s.io/pod.namespace": pod.Namespace
129	// "csi.storage.k8s.io/pod.uid": string(pod.UID)
130	// "csi.storage.k8s.io/ephemeral": "true" if the volume is an
131	// ephemeral inline volume
132	// defined by a CSIVolumeSource, otherwise "false"
133	//
134	// "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes
135	// 1.16. It is only required for drivers which support both the
136	// "Persistent" and "Ephemeral" VolumeLifecycleMode. Other
137	// drivers can leave pod info disabled and/or ignore this field.
138	// As Kubernetes 1.15 doesn't support this field, drivers can
139	// only support one mode when deployed on such a cluster and the
140	// deployment determines which mode that is, for example via a
141	// command line parameter of the driver.
142	//
143	// This field was immutable in Kubernetes < 1.29 and now is
144	// mutable.
145	"podInfoOnMount"?: bool
146
147	// requiresRepublish indicates the CSI driver wants
148	// `NodePublishVolume` being periodically called to reflect any
149	// possible change in the mounted volume. This field defaults to
150	// false.
151	//
152	// Note: After a successful initial NodePublishVolume call,
153	// subsequent calls to NodePublishVolume should only update the
154	// contents of the volume. New mount points will not be seen by a
155	// running container.
156	"requiresRepublish"?: bool
157
158	// seLinuxMount specifies if the CSI driver supports "-o context"
159	// mount option.
160	//
161	// When "true", the CSI driver must ensure that all volumes
162	// provided by this CSI driver can be mounted separately with
163	// different `-o context` options. This is typical for storage
164	// backends that provide volumes as filesystems on block devices
165	// or as independent shared volumes. Kubernetes will call
166	// NodeStage / NodePublish with "-o context=xyz" mount option
167	// when mounting a ReadWriteOncePod volume used in Pod that has
168	// explicitly set SELinux context. In the future, it may be
169	// expanded to other volume AccessModes. In any case, Kubernetes
170	// will ensure that the volume is mounted only with a single
171	// SELinux context.
172	//
173	// When "false", Kubernetes won't pass any special SELinux mount
174	// options to the driver. This is typical for volumes that
175	// represent subdirectories of a bigger shared filesystem.
176	//
177	// Default is "false".
178	"seLinuxMount"?: bool
179
180	// serviceAccountTokenInSecrets is an opt-in for CSI drivers to
181	// indicate that service account tokens should be passed via the
182	// Secrets field in NodePublishVolumeRequest instead of the
183	// VolumeContext field. The CSI specification provides a
184	// dedicated Secrets field for sensitive information like tokens,
185	// which is the appropriate mechanism for handling credentials.
186	// This addresses security concerns where sensitive tokens were
187	// being logged as part of volume context.
188	//
189	// When "true", kubelet will pass the tokens only in the Secrets
190	// field with the key "csi.storage.k8s.io/serviceAccount.tokens".
191	// The CSI driver must be updated to read tokens from the Secrets
192	// field instead of VolumeContext.
193	//
194	// When "false" or not set, kubelet will pass the tokens in
195	// VolumeContext with the key
196	// "csi.storage.k8s.io/serviceAccount.tokens" (existing
197	// behavior). This maintains backward compatibility with existing
198	// CSI drivers.
199	//
200	// This field can only be set when TokenRequests is configured.
201	// The API server will reject CSIDriver specs that set this field
202	// without TokenRequests.
203	//
204	// Default behavior if unset is to pass tokens in the
205	// VolumeContext field.
206	"serviceAccountTokenInSecrets"?: bool
207
208	// storageCapacity indicates that the CSI volume driver wants pod
209	// scheduling to consider the storage capacity that the driver
210	// deployment will report by creating CSIStorageCapacity objects
211	// with capacity information, if set to true.
212	//
213	// The check can be enabled immediately when deploying a driver.
214	// In that case, provisioning new volumes with late binding will
215	// pause until the driver deployment has published some suitable
216	// CSIStorageCapacity object.
217	//
218	// Alternatively, the driver can be deployed with the field unset
219	// or false and it can be flipped later when storage capacity
220	// information has been published.
221	//
222	// This field was immutable in Kubernetes <= 1.22 and now is
223	// mutable.
224	"storageCapacity"?: bool
225
226	// tokenRequests indicates the CSI driver needs pods' service
227	// account tokens it is mounting volume for to do necessary
228	// authentication. Kubelet will pass the tokens in VolumeContext
229	// in the CSI NodePublishVolume calls. The CSI driver should
230	// parse and validate the following VolumeContext:
231	// "csi.storage.k8s.io/serviceAccount.tokens": {
232	// "<audience>": {
233	// "token": <token>,
234	// "expirationTimestamp": <expiration timestamp in RFC3339>,
235	// },
236	// ...
237	// }
238	//
239	// Note: Audience in each TokenRequest should be different and at
240	// most one token is empty string. To receive a new token after
241	// expiry, RequiresRepublish can be used to trigger
242	// NodePublishVolume periodically.
243	"tokenRequests"?: [...#TokenRequest]
244
245	// volumeLifecycleModes defines what kind of volumes this CSI
246	// volume driver supports. The default if the list is empty is
247	// "Persistent", which is the usage defined by the CSI
248	// specification and implemented in Kubernetes via the usual
249	// PV/PVC mechanism.
250	//
251	// The other mode is "Ephemeral". In this mode, volumes are
252	// defined inline inside the pod spec with CSIVolumeSource and
253	// their lifecycle is tied to the lifecycle of that pod. A driver
254	// has to be aware of this because it is only going to get a
255	// NodePublishVolume call for such a volume.
256	//
257	// For more information about implementing this mode, see
258	// https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html
259	// A driver can support one or more of these modes and more modes
260	// may be added in the future.
261	//
262	// This field is beta. This field is immutable.
263	"volumeLifecycleModes"?: [...string]
264}
265
266// CSINode holds information about all CSI drivers installed on a
267// node. CSI drivers do not need to create the CSINode object
268// directly. As long as they use the node-driver-registrar
269// sidecar container, the kubelet will automatically populate the
270// CSINode object for the CSI driver as part of kubelet plugin
271// registration. CSINode has the same name as a node. If the
272// object is missing, it means either there are no CSI Drivers
273// available on the node, or the Kubelet version is low enough
274// that it doesn't create this object. CSINode has an
275// OwnerReference that points to the corresponding node object.
276#CSINode: {
277	// APIVersion defines the versioned schema of this representation
278	// of an object. Servers should convert recognized schemas to the
279	// latest internal value, and may reject unrecognized values.
280	// More info:
281	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
282	"apiVersion": "storage.k8s.io/v1"
283
284	// Kind is a string value representing the REST resource this
285	// object represents. Servers may infer this from the endpoint
286	// the client submits requests to. Cannot be updated. In
287	// CamelCase. More info:
288	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
289	"kind": "CSINode"
290
291	// Standard object's metadata. metadata.name must be the
292	// Kubernetes node name.
293	"metadata"?: v1.#ObjectMeta
294
295	// spec is the specification of CSINode
296	"spec"!: #CSINodeSpec
297}
298
299// CSINodeDriver holds information about the specification of one
300// CSI driver installed on a node
301#CSINodeDriver: {
302	// allocatable represents the volume resources of a node that are
303	// available for scheduling. This field is beta.
304	"allocatable"?: #VolumeNodeResources
305
306	// name represents the name of the CSI driver that this object
307	// refers to. This MUST be the same name returned by the CSI
308	// GetPluginName() call for that driver.
309	"name"!: string
310
311	// nodeID of the node from the driver point of view. This field
312	// enables Kubernetes to communicate with storage systems that do
313	// not share the same nomenclature for nodes. For example,
314	// Kubernetes may refer to a given node as "node1", but the
315	// storage system may refer to the same node as "nodeA". When
316	// Kubernetes issues a command to the storage system to attach a
317	// volume to a specific node, it can use this field to refer to
318	// the node name using the ID that the storage system will
319	// understand, e.g. "nodeA" instead of "node1". This field is
320	// required.
321	"nodeID"!: string
322
323	// topologyKeys is the list of keys supported by the driver. When
324	// a driver is initialized on a cluster, it provides a set of
325	// topology keys that it understands (e.g. "company.com/zone",
326	// "company.com/region"). When a driver is initialized on a node,
327	// it provides the same topology keys along with values. Kubelet
328	// will expose these topology keys as labels on its own node
329	// object. When Kubernetes does topology aware provisioning, it
330	// can use this list to determine which labels it should retrieve
331	// from the node object and pass back to the driver. It is
332	// possible for different nodes to use different topology keys.
333	// This can be empty if driver does not support topology.
334	"topologyKeys"?: [...string]
335}
336
337// CSINodeList is a collection of CSINode objects.
338#CSINodeList: {
339	// APIVersion defines the versioned schema of this representation
340	// of an object. Servers should convert recognized schemas to the
341	// latest internal value, and may reject unrecognized values.
342	// More info:
343	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
344	"apiVersion": "storage.k8s.io/v1"
345
346	// items is the list of CSINode
347	"items"!: [...#CSINode]
348
349	// Kind is a string value representing the REST resource this
350	// object represents. Servers may infer this from the endpoint
351	// the client submits requests to. Cannot be updated. In
352	// CamelCase. More info:
353	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
354	"kind": "CSINodeList"
355
356	// Standard list metadata More info:
357	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
358	"metadata"?: v1.#ListMeta
359}
360
361// CSINodeSpec holds information about the specification of all
362// CSI drivers installed on a node
363#CSINodeSpec: {
364	// drivers is a list of information of all CSI Drivers existing on
365	// a node. If all drivers in the list are uninstalled, this can
366	// become empty.
367	"drivers"!: [...#CSINodeDriver]
368}
369
370// CSIStorageCapacity stores the result of one CSI GetCapacity
371// call. For a given StorageClass, this describes the available
372// capacity in a particular topology segment. This can be used
373// when considering where to instantiate new PersistentVolumes.
374//
375// For example this can express things like: - StorageClass
376// "standard" has "1234 GiB" available in
377// "topology.kubernetes.io/zone=us-east1" - StorageClass
378// "localssd" has "10 GiB" available in
379// "kubernetes.io/hostname=knode-abc123"
380//
381// The following three cases all imply that no capacity is
382// available for a certain combination: - no object exists with
383// suitable topology and storage class name - such an object
384// exists, but the capacity is unset - such an object exists, but
385// the capacity is zero
386//
387// The producer of these objects can decide which approach is more
388// suitable.
389//
390// They are consumed by the kube-scheduler when a CSI driver opts
391// into capacity-aware scheduling with
392// CSIDriverSpec.StorageCapacity. The scheduler compares the
393// MaximumVolumeSize against the requested size of pending
394// volumes to filter out unsuitable nodes. If MaximumVolumeSize
395// is unset, it falls back to a comparison against the less
396// precise Capacity. If that is also unset, the scheduler assumes
397// that capacity is insufficient and tries some other node.
398#CSIStorageCapacity: {
399	// APIVersion defines the versioned schema of this representation
400	// of an object. Servers should convert recognized schemas to the
401	// latest internal value, and may reject unrecognized values.
402	// More info:
403	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
404	"apiVersion": "storage.k8s.io/v1"
405
406	// capacity is the value reported by the CSI driver in its
407	// GetCapacityResponse for a GetCapacityRequest with topology and
408	// parameters that match the previous fields.
409	//
410	// The semantic is currently (CSI spec 1.2) defined as: The
411	// available capacity, in bytes, of the storage that can be used
412	// to provision volumes. If not set, that information is
413	// currently unavailable.
414	"capacity"?: resource.#Quantity
415
416	// Kind is a string value representing the REST resource this
417	// object represents. Servers may infer this from the endpoint
418	// the client submits requests to. Cannot be updated. In
419	// CamelCase. More info:
420	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
421	"kind": "CSIStorageCapacity"
422
423	// maximumVolumeSize is the value reported by the CSI driver in
424	// its GetCapacityResponse for a GetCapacityRequest with topology
425	// and parameters that match the previous fields.
426	//
427	// This is defined since CSI spec 1.4.0 as the largest size that
428	// may be used in a
429	// CreateVolumeRequest.capacity_range.required_bytes field to
430	// create a volume with the same parameters as those in
431	// GetCapacityRequest. The corresponding value in the Kubernetes
432	// API is ResourceRequirements.Requests in a volume claim.
433	"maximumVolumeSize"?: resource.#Quantity
434
435	// Standard object's metadata. The name has no particular meaning.
436	// It must be a DNS subdomain (dots allowed, 253 characters). To
437	// ensure that there are no conflicts with other CSI drivers on
438	// the cluster, the recommendation is to use csisc-<uuid>, a
439	// generated name, or a reverse-domain name which ends with the
440	// unique CSI driver name.
441	//
442	// Objects are namespaced.
443	//
444	// More info:
445	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
446	"metadata"?: v1.#ObjectMeta
447
448	// nodeTopology defines which nodes have access to the storage for
449	// which capacity was reported. If not set, the storage is not
450	// accessible from any node in the cluster. If empty, the storage
451	// is accessible from all nodes. This field is immutable.
452	"nodeTopology"?: v1.#LabelSelector
453
454	// storageClassName represents the name of the StorageClass that
455	// the reported capacity applies to. It must meet the same
456	// requirements as the name of a StorageClass object (non-empty,
457	// DNS subdomain). If that object no longer exists, the
458	// CSIStorageCapacity object is obsolete and should be removed by
459	// its creator. This field is immutable.
460	"storageClassName"!: string
461}
462
463// CSIStorageCapacityList is a collection of CSIStorageCapacity
464// objects.
465#CSIStorageCapacityList: {
466	// APIVersion defines the versioned schema of this representation
467	// of an object. Servers should convert recognized schemas to the
468	// latest internal value, and may reject unrecognized values.
469	// More info:
470	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
471	"apiVersion": "storage.k8s.io/v1"
472
473	// items is the list of CSIStorageCapacity objects.
474	"items"!: [...#CSIStorageCapacity]
475
476	// Kind is a string value representing the REST resource this
477	// object represents. Servers may infer this from the endpoint
478	// the client submits requests to. Cannot be updated. In
479	// CamelCase. More info:
480	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
481	"kind": "CSIStorageCapacityList"
482
483	// Standard list metadata More info:
484	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
485	"metadata"?: v1.#ListMeta
486}
487
488// StorageClass describes the parameters for a class of storage
489// for which PersistentVolumes can be dynamically provisioned.
490//
491// StorageClasses are non-namespaced; the name of the storage
492// class according to etcd is in ObjectMeta.Name.
493#StorageClass: {
494	// allowVolumeExpansion shows whether the storage class allow
495	// volume expand.
496	"allowVolumeExpansion"?: bool
497
498	// allowedTopologies restrict the node topologies where volumes
499	// can be dynamically provisioned. Each volume plugin defines its
500	// own supported topology specifications. An empty
501	// TopologySelectorTerm list means there is no topology
502	// restriction. This field is only honored by servers that enable
503	// the VolumeScheduling feature.
504	"allowedTopologies"?: [...v1_9.#TopologySelectorTerm]
505
506	// APIVersion defines the versioned schema of this representation
507	// of an object. Servers should convert recognized schemas to the
508	// latest internal value, and may reject unrecognized values.
509	// More info:
510	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
511	"apiVersion": "storage.k8s.io/v1"
512
513	// Kind is a string value representing the REST resource this
514	// object represents. Servers may infer this from the endpoint
515	// the client submits requests to. Cannot be updated. In
516	// CamelCase. More info:
517	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
518	"kind": "StorageClass"
519
520	// Standard object's metadata. More info:
521	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
522	"metadata"?: v1.#ObjectMeta
523
524	// mountOptions controls the mountOptions for dynamically
525	// provisioned PersistentVolumes of this storage class. e.g.
526	// ["ro", "soft"]. Not validated - mount of the PVs will simply
527	// fail if one is invalid.
528	"mountOptions"?: [...string]
529
530	// parameters holds the parameters for the provisioner that should
531	// create volumes of this storage class.
532	"parameters"?: {
533		[string]: string
534	}
535
536	// provisioner indicates the type of the provisioner.
537	"provisioner"!: string
538
539	// reclaimPolicy controls the reclaimPolicy for dynamically
540	// provisioned PersistentVolumes of this storage class. Defaults
541	// to Delete.
542	"reclaimPolicy"?: string
543
544	// volumeBindingMode indicates how PersistentVolumeClaims should
545	// be provisioned and bound. When unset, VolumeBindingImmediate
546	// is used. This field is only honored by servers that enable the
547	// VolumeScheduling feature.
548	"volumeBindingMode"?: string
549}
550
551// StorageClassList is a collection of storage classes.
552#StorageClassList: {
553	// APIVersion defines the versioned schema of this representation
554	// of an object. Servers should convert recognized schemas to the
555	// latest internal value, and may reject unrecognized values.
556	// More info:
557	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
558	"apiVersion": "storage.k8s.io/v1"
559
560	// items is the list of StorageClasses
561	"items"!: [...#StorageClass]
562
563	// Kind is a string value representing the REST resource this
564	// object represents. Servers may infer this from the endpoint
565	// the client submits requests to. Cannot be updated. In
566	// CamelCase. More info:
567	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
568	"kind": "StorageClassList"
569
570	// Standard list metadata More info:
571	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
572	"metadata"?: v1.#ListMeta
573}
574
575// TokenRequest contains parameters of a service account token.
576#TokenRequest: {
577	// audience is the intended audience of the token in
578	// "TokenRequestSpec". It will default to the audiences of kube
579	// apiserver.
580	"audience"!: string
581
582	// expirationSeconds is the duration of validity of the token in
583	// "TokenRequestSpec". It has the same default value of
584	// "ExpirationSeconds" in "TokenRequestSpec".
585	"expirationSeconds"?: int64 & int
586}
587
588// VolumeAttachment captures the intent to attach or detach the
589// specified volume to/from the specified node.
590//
591// VolumeAttachment objects are non-namespaced.
592#VolumeAttachment: {
593	// APIVersion defines the versioned schema of this representation
594	// of an object. Servers should convert recognized schemas to the
595	// latest internal value, and may reject unrecognized values.
596	// More info:
597	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
598	"apiVersion": "storage.k8s.io/v1"
599
600	// Kind is a string value representing the REST resource this
601	// object represents. Servers may infer this from the endpoint
602	// the client submits requests to. Cannot be updated. In
603	// CamelCase. More info:
604	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
605	"kind": "VolumeAttachment"
606
607	// Standard object metadata. More info:
608	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
609	"metadata"?: v1.#ObjectMeta
610
611	// spec represents specification of the desired attach/detach
612	// volume behavior. Populated by the Kubernetes system.
613	"spec"!: #VolumeAttachmentSpec
614
615	// status represents status of the VolumeAttachment request.
616	// Populated by the entity completing the attach or detach
617	// operation, i.e. the external-attacher.
618	"status"?: #VolumeAttachmentStatus
619}
620
621// VolumeAttachmentList is a collection of VolumeAttachment
622// objects.
623#VolumeAttachmentList: {
624	// APIVersion defines the versioned schema of this representation
625	// of an object. Servers should convert recognized schemas to the
626	// latest internal value, and may reject unrecognized values.
627	// More info:
628	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
629	"apiVersion": "storage.k8s.io/v1"
630
631	// items is the list of VolumeAttachments
632	"items"!: [...#VolumeAttachment]
633
634	// Kind is a string value representing the REST resource this
635	// object represents. Servers may infer this from the endpoint
636	// the client submits requests to. Cannot be updated. In
637	// CamelCase. More info:
638	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
639	"kind": "VolumeAttachmentList"
640
641	// Standard list metadata More info:
642	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
643	"metadata"?: v1.#ListMeta
644}
645
646// VolumeAttachmentSource represents a volume that should be
647// attached. Right now only PersistentVolumes can be attached via
648// external attacher, in the future we may allow also inline
649// volumes in pods. Exactly one member can be set.
650#VolumeAttachmentSource: {
651	// inlineVolumeSpec contains all the information necessary to
652	// attach a persistent volume defined by a pod's inline
653	// VolumeSource. This field is populated only for the
654	// CSIMigration feature. It contains translated fields from a
655	// pod's inline VolumeSource to a PersistentVolumeSpec. This
656	// field is beta-level and is only honored by servers that
657	// enabled the CSIMigration feature.
658	"inlineVolumeSpec"?: v1_9.#PersistentVolumeSpec
659
660	// persistentVolumeName represents the name of the persistent
661	// volume to attach.
662	"persistentVolumeName"?: string
663}
664
665// VolumeAttachmentSpec is the specification of a VolumeAttachment
666// request.
667#VolumeAttachmentSpec: {
668	// attacher indicates the name of the volume driver that MUST
669	// handle this request. This is the name returned by
670	// GetPluginName().
671	"attacher"!: string
672
673	// nodeName represents the node that the volume should be attached
674	// to.
675	"nodeName"!: string
676
677	// source represents the volume that should be attached.
678	"source"!: #VolumeAttachmentSource
679}
680
681// VolumeAttachmentStatus is the status of a VolumeAttachment
682// request.
683#VolumeAttachmentStatus: {
684	// attachError represents the last error encountered during attach
685	// operation, if any. This field must only be set by the entity
686	// completing the attach operation, i.e. the external-attacher.
687	"attachError"?: #VolumeError
688
689	// attached indicates the volume is successfully attached. This
690	// field must only be set by the entity completing the attach
691	// operation, i.e. the external-attacher.
692	"attached"!: bool
693
694	// attachmentMetadata is populated with any information returned
695	// by the attach operation, upon successful attach, that must be
696	// passed into subsequent WaitForAttach or Mount calls. This
697	// field must only be set by the entity completing the attach
698	// operation, i.e. the external-attacher.
699	"attachmentMetadata"?: {
700		[string]: string
701	}
702
703	// detachError represents the last error encountered during detach
704	// operation, if any. This field must only be set by the entity
705	// completing the detach operation, i.e. the external-attacher.
706	"detachError"?: #VolumeError
707}
708
709// VolumeAttributesClass represents a specification of mutable
710// volume attributes defined by the CSI driver. The class can be
711// specified during dynamic provisioning of
712// PersistentVolumeClaims, and changed in the
713// PersistentVolumeClaim spec after provisioning.
714#VolumeAttributesClass: {
715	// APIVersion defines the versioned schema of this representation
716	// of an object. Servers should convert recognized schemas to the
717	// latest internal value, and may reject unrecognized values.
718	// More info:
719	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
720	"apiVersion": "storage.k8s.io/v1"
721
722	// Name of the CSI driver This field is immutable.
723	"driverName"!: string
724
725	// Kind is a string value representing the REST resource this
726	// object represents. Servers may infer this from the endpoint
727	// the client submits requests to. Cannot be updated. In
728	// CamelCase. More info:
729	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
730	"kind": "VolumeAttributesClass"
731
732	// Standard object's metadata. More info:
733	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
734	"metadata"?: v1.#ObjectMeta
735
736	// parameters hold volume attributes defined by the CSI driver.
737	// These values are opaque to the Kubernetes and are passed
738	// directly to the CSI driver. The underlying storage provider
739	// supports changing these attributes on an existing volume,
740	// however the parameters field itself is immutable. To invoke a
741	// volume update, a new VolumeAttributesClass should be created
742	// with new parameters, and the PersistentVolumeClaim should be
743	// updated to reference the new VolumeAttributesClass.
744	//
745	// This field is required and must contain at least one key/value
746	// pair. The keys cannot be empty, and the maximum number of
747	// parameters is 512, with a cumulative max size of 256K. If the
748	// CSI driver rejects invalid parameters, the target
749	// PersistentVolumeClaim will be set to an "Infeasible" state in
750	// the modifyVolumeStatus field.
751	"parameters"?: {
752		[string]: string
753	}
754}
755
756// VolumeAttributesClassList is a collection of
757// VolumeAttributesClass objects.
758#VolumeAttributesClassList: {
759	// APIVersion defines the versioned schema of this representation
760	// of an object. Servers should convert recognized schemas to the
761	// latest internal value, and may reject unrecognized values.
762	// More info:
763	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
764	"apiVersion": "storage.k8s.io/v1"
765
766	// items is the list of VolumeAttributesClass objects.
767	"items"!: [...#VolumeAttributesClass]
768
769	// Kind is a string value representing the REST resource this
770	// object represents. Servers may infer this from the endpoint
771	// the client submits requests to. Cannot be updated. In
772	// CamelCase. More info:
773	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
774	"kind": "VolumeAttributesClassList"
775
776	// Standard list metadata More info:
777	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
778	"metadata"?: v1.#ListMeta
779}
780
781// VolumeError captures an error encountered during a volume
782// operation.
783#VolumeError: {
784	// errorCode is a numeric gRPC code representing the error
785	// encountered during Attach or Detach operations.
786	//
787	// This is an optional, beta field that requires the
788	// MutableCSINodeAllocatableCount feature gate being enabled to
789	// be set.
790	"errorCode"?: int32 & int
791
792	// message represents the error encountered during Attach or
793	// Detach operation. This string may be logged, so it should not
794	// contain sensitive information.
795	"message"?: string
796
797	// time represents the time the error was encountered.
798	"time"?: v1.#Time
799}
800
801// VolumeNodeResources is a set of resource limits for scheduling
802// of volumes.
803#VolumeNodeResources: {
804	// count indicates the maximum number of unique volumes managed by
805	// the CSI driver that can be used on a node. A volume that is
806	// both attached and mounted on a node is considered to be used
807	// once, not twice. The same rule applies for a unique volume
808	// that is shared among multiple pods on the same node. If this
809	// field is not specified, then the supported number of volumes
810	// on this node is unbounded.
811	"count"?: int32 & int
812}