1package v1
  2
  3import "cue.dev/x/k8s.io/apimachinery/pkg/apis/meta/v1"
  4
  5// CustomResourceColumnDefinition specifies a column for server
  6// side printing.
  7#CustomResourceColumnDefinition: {
  8	// description is a human readable description of this column.
  9	"description"?: string
 10
 11	// format is an optional OpenAPI type definition for this column.
 12	// The 'name' format is applied to the primary identifier column
 13	// to assist in clients identifying column is the resource name.
 14	// See
 15	// https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types
 16	// for details.
 17	"format"?: string
 18
 19	// jsonPath is a simple JSON path (i.e. with array notation) which
 20	// is evaluated against each custom resource to produce the value
 21	// for this column.
 22	"jsonPath"!: string
 23
 24	// name is a human readable name for the column.
 25	"name"!: string
 26
 27	// priority is an integer defining the relative importance of this
 28	// column compared to others. Lower numbers are considered higher
 29	// priority. Columns that may be omitted in limited space
 30	// scenarios should be given a priority greater than 0.
 31	"priority"?: int32 & int
 32
 33	// type is an OpenAPI type definition for this column. See
 34	// https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types
 35	// for details.
 36	"type"!: string
 37}
 38
 39// CustomResourceConversion describes how to convert different
 40// versions of a CR.
 41#CustomResourceConversion: {
 42	// strategy specifies how custom resources are converted between
 43	// versions. Allowed values are: - `"None"`: The converter only
 44	// change the apiVersion and would not touch any other field in
 45	// the custom resource. - `"Webhook"`: API Server will call to an
 46	// external webhook to do the conversion. Additional information
 47	// is needed for this option. This requires
 48	// spec.preserveUnknownFields to be false, and
 49	// spec.conversion.webhook to be set.
 50	"strategy"!: string
 51
 52	// webhook describes how to call the conversion webhook. Required
 53	// when `strategy` is set to `"Webhook"`.
 54	"webhook"?: #WebhookConversion
 55}
 56
 57// CustomResourceDefinition represents a resource that should be
 58// exposed on the API server. Its name MUST be in the format
 59// <.spec.name>.<.spec.group>.
 60#CustomResourceDefinition: {
 61	// APIVersion defines the versioned schema of this representation
 62	// of an object. Servers should convert recognized schemas to the
 63	// latest internal value, and may reject unrecognized values.
 64	// More info:
 65	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 66	"apiVersion": "apiextensions.k8s.io/v1"
 67
 68	// Kind is a string value representing the REST resource this
 69	// object represents. Servers may infer this from the endpoint
 70	// the client submits requests to. Cannot be updated. In
 71	// CamelCase. More info:
 72	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 73	"kind": "CustomResourceDefinition"
 74
 75	// Standard object's metadata More info:
 76	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 77	"metadata"?: v1.#ObjectMeta
 78
 79	// spec describes how the user wants the resources to appear
 80	"spec"!: #CustomResourceDefinitionSpec
 81
 82	// status indicates the actual state of the
 83	// CustomResourceDefinition
 84	"status"?: #CustomResourceDefinitionStatus
 85}
 86
 87// CustomResourceDefinitionCondition contains details for the
 88// current condition of this pod.
 89#CustomResourceDefinitionCondition: {
 90	// lastTransitionTime last time the condition transitioned from
 91	// one status to another.
 92	"lastTransitionTime"?: v1.#Time
 93
 94	// message is a human-readable message indicating details about
 95	// last transition.
 96	"message"?: string
 97
 98	// observedGeneration represents the .metadata.generation that the
 99	// condition was set based upon. For instance, if
100	// .metadata.generation is currently 12, but the
101	// .status.conditions[x].observedGeneration is 9, the condition
102	// is out of date with respect to the current state of the
103	// instance.
104	"observedGeneration"?: int64 & int
105
106	// reason is a unique, one-word, CamelCase reason for the
107	// condition's last transition.
108	"reason"?: string
109
110	// status is the status of the condition. Can be True, False,
111	// Unknown.
112	"status"!: string
113
114	// type is the type of the condition. Types include Established,
115	// NamesAccepted and Terminating.
116	"type"!: string
117}
118
119// CustomResourceDefinitionList is a list of
120// CustomResourceDefinition objects.
121#CustomResourceDefinitionList: {
122	// APIVersion defines the versioned schema of this representation
123	// of an object. Servers should convert recognized schemas to the
124	// latest internal value, and may reject unrecognized values.
125	// More info:
126	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
127	"apiVersion": "apiextensions.k8s.io/v1"
128
129	// items list individual CustomResourceDefinition objects
130	"items"!: [...#CustomResourceDefinition]
131
132	// Kind is a string value representing the REST resource this
133	// object represents. Servers may infer this from the endpoint
134	// the client submits requests to. Cannot be updated. In
135	// CamelCase. More info:
136	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
137	"kind": "CustomResourceDefinitionList"
138
139	// Standard object's metadata More info:
140	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
141	"metadata"?: v1.#ListMeta
142}
143
144// CustomResourceDefinitionNames indicates the names to serve this
145// CustomResourceDefinition
146#CustomResourceDefinitionNames: {
147	// categories is a list of grouped resources this custom resource
148	// belongs to (e.g. 'all'). This is published in API discovery
149	// documents, and used by clients to support invocations like
150	// `kubectl get all`.
151	"categories"?: [...string]
152
153	// kind is the serialized kind of the resource. It is normally
154	// CamelCase and singular. Custom resource instances will use
155	// this value as the `kind` attribute in API calls.
156	"kind"!: string
157
158	// listKind is the serialized kind of the list for this resource.
159	// Defaults to "`kind`List".
160	"listKind"?: string
161
162	// plural is the plural name of the resource to serve. The custom
163	// resources are served under
164	// `/apis/<group>/<version>/.../<plural>`. Must match the name of
165	// the CustomResourceDefinition (in the form
166	// `<names.plural>.<group>`). Must be all lowercase.
167	"plural"!: string
168
169	// shortNames are short names for the resource, exposed in API
170	// discovery documents, and used by clients to support
171	// invocations like `kubectl get <shortname>`. It must be all
172	// lowercase.
173	"shortNames"?: [...string]
174
175	// singular is the singular name of the resource. It must be all
176	// lowercase. Defaults to lowercased `kind`.
177	"singular"?: string
178}
179
180// CustomResourceDefinitionSpec describes how a user wants their
181// resource to appear
182#CustomResourceDefinitionSpec: {
183	// conversion defines conversion settings for the CRD.
184	"conversion"?: #CustomResourceConversion
185
186	// group is the API group of the defined custom resource. The
187	// custom resources are served under `/apis/<group>/...`. Must
188	// match the name of the CustomResourceDefinition (in the form
189	// `<names.plural>.<group>`).
190	"group"!: string
191
192	// names specify the resource and kind names for the custom
193	// resource.
194	"names"!: #CustomResourceDefinitionNames
195
196	// preserveUnknownFields indicates that object fields which are
197	// not specified in the OpenAPI schema should be preserved when
198	// persisting to storage. apiVersion, kind, metadata and known
199	// fields inside metadata are always preserved. This field is
200	// deprecated in favor of setting `x-preserve-unknown-fields` to
201	// true in `spec.versions[*].schema.openAPIV3Schema`. See
202	// https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning
203	// for details.
204	"preserveUnknownFields"?: bool
205
206	// scope indicates whether the defined custom resource is cluster-
207	// or namespace-scoped. Allowed values are `Cluster` and
208	// `Namespaced`.
209	"scope"!: string
210
211	// versions is the list of all API versions of the defined custom
212	// resource. Version names are used to compute the order in which
213	// served versions are listed in API discovery. If the version
214	// string is "kube-like", it will sort above non "kube-like"
215	// version strings, which are ordered lexicographically.
216	// "Kube-like" versions start with a "v", then are followed by a
217	// number (the major version), then optionally the string "alpha"
218	// or "beta" and another number (the minor version). These are
219	// sorted first by GA > beta > alpha (where GA is a version with
220	// no suffix such as beta or alpha), and then by comparing major
221	// version, then minor version. An example sorted list of
222	// versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1,
223	// v11alpha2, foo1, foo10.
224	"versions"!: [...#CustomResourceDefinitionVersion]
225}
226
227// CustomResourceDefinitionStatus indicates the state of the
228// CustomResourceDefinition
229#CustomResourceDefinitionStatus: {
230	// acceptedNames are the names that are actually being used to
231	// serve discovery. They may be different than the names in spec.
232	"acceptedNames"?: #CustomResourceDefinitionNames
233
234	// conditions indicate state for particular aspects of a
235	// CustomResourceDefinition
236	"conditions"?: [...#CustomResourceDefinitionCondition]
237
238	// The generation observed by the CRD controller.
239	"observedGeneration"?: int64 & int
240
241	// storedVersions lists all versions of CustomResources that were
242	// ever persisted. Tracking these versions allows a migration
243	// path for stored versions in etcd. The field is mutable so a
244	// migration controller can finish a migration to another version
245	// (ensuring no old objects are left in storage), and then remove
246	// the rest of the versions from this list. Versions may not be
247	// removed from `spec.versions` while they exist in this list.
248	"storedVersions"?: [...string]
249}
250
251// CustomResourceDefinitionVersion describes a version for CRD.
252#CustomResourceDefinitionVersion: {
253	// additionalPrinterColumns specifies additional columns returned
254	// in Table output. See
255	// https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables
256	// for details. If no columns are specified, a single column
257	// displaying the age of the custom resource is used.
258	"additionalPrinterColumns"?: [...#CustomResourceColumnDefinition]
259
260	// deprecated indicates this version of the custom resource API is
261	// deprecated. When set to true, API requests to this version
262	// receive a warning header in the server response. Defaults to
263	// false.
264	"deprecated"?: bool
265
266	// deprecationWarning overrides the default warning returned to
267	// API clients. May only be set when `deprecated` is true. The
268	// default warning indicates this version is deprecated and
269	// recommends use of the newest served version of equal or
270	// greater stability, if one exists.
271	"deprecationWarning"?: string
272
273	// name is the version name, e.g. “v1”, “v2beta1”, etc. The custom
274	// resources are served under this version at
275	// `/apis/<group>/<version>/...` if `served` is true.
276	"name"!: string
277
278	// schema describes the schema used for validation, pruning, and
279	// defaulting of this version of the custom resource.
280	"schema"?: #CustomResourceValidation
281
282	// selectableFields specifies paths to fields that may be used as
283	// field selectors. A maximum of 8 selectable fields are allowed.
284	// See
285	// https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors
286	"selectableFields"?: [...#SelectableField]
287
288	// served is a flag enabling/disabling this version from being
289	// served via REST APIs
290	"served"!: bool
291
292	// storage indicates this version should be used when persisting
293	// custom resources to storage. There must be exactly one version
294	// with storage=true.
295	"storage"!: bool
296
297	// subresources specify what subresources this version of the
298	// defined custom resource have.
299	"subresources"?: #CustomResourceSubresources
300}
301
302// CustomResourceSubresourceScale defines how to serve the scale
303// subresource for CustomResources.
304#CustomResourceSubresourceScale: {
305	// labelSelectorPath defines the JSON path inside of a custom
306	// resource that corresponds to Scale `status.selector`. Only
307	// JSON paths without the array notation are allowed. Must be a
308	// JSON Path under `.status` or `.spec`. Must be set to work with
309	// HorizontalPodAutoscaler. The field pointed by this JSON path
310	// must be a string field (not a complex selector struct) which
311	// contains a serialized label selector in string form. More
312	// info:
313	// https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource
314	// If there is no value under the given path in the custom
315	// resource, the `status.selector` value in the `/scale`
316	// subresource will default to the empty string.
317	"labelSelectorPath"?: string
318
319	// specReplicasPath defines the JSON path inside of a custom
320	// resource that corresponds to Scale `spec.replicas`. Only JSON
321	// paths without the array notation are allowed. Must be a JSON
322	// Path under `.spec`. If there is no value under the given path
323	// in the custom resource, the `/scale` subresource will return
324	// an error on GET.
325	"specReplicasPath"!: string
326
327	// statusReplicasPath defines the JSON path inside of a custom
328	// resource that corresponds to Scale `status.replicas`. Only
329	// JSON paths without the array notation are allowed. Must be a
330	// JSON Path under `.status`. If there is no value under the
331	// given path in the custom resource, the `status.replicas` value
332	// in the `/scale` subresource will default to 0.
333	"statusReplicasPath"!: string
334}
335
336// CustomResourceSubresourceStatus defines how to serve the status
337// subresource for CustomResources. Status is represented by the
338// `.status` JSON path inside of a CustomResource. When set, *
339// exposes a /status subresource for the custom resource * PUT
340// requests to the /status subresource take a custom resource
341// object, and ignore changes to anything except the status
342// stanza * PUT/POST/PATCH requests to the custom resource ignore
343// changes to the status stanza
344#CustomResourceSubresourceStatus: {}
345
346// CustomResourceSubresources defines the status and scale
347// subresources for CustomResources.
348#CustomResourceSubresources: {
349	// scale indicates the custom resource should serve a `/scale`
350	// subresource that returns an `autoscaling/v1` Scale object.
351	"scale"?: #CustomResourceSubresourceScale
352
353	// status indicates the custom resource should serve a `/status`
354	// subresource. When enabled: 1. requests to the custom resource
355	// primary endpoint ignore changes to the `status` stanza of the
356	// object. 2. requests to the custom resource `/status`
357	// subresource ignore changes to anything other than the `status`
358	// stanza of the object.
359	"status"?: #CustomResourceSubresourceStatus
360}
361
362// CustomResourceValidation is a list of validation methods for
363// CustomResources.
364#CustomResourceValidation: {
365	// openAPIV3Schema is the OpenAPI v3 schema to use for validation
366	// and pruning.
367	"openAPIV3Schema"?: #JSONSchemaProps
368}
369
370// ExternalDocumentation allows referencing an external resource
371// for extended documentation.
372#ExternalDocumentation: {
373	"description"?: string
374	"url"?:         string
375}
376
377// JSON represents any valid JSON value. These types are
378// supported: bool, int64, float64, string, []interface{},
379// map[string]interface{} and nil.
380#JSON: _
381
382// JSONSchemaProps is a JSON-Schema following Specification Draft
383// 4 (http://json-schema.org/).
384#JSONSchemaProps: {
385	"$ref"?:                 string
386	"$schema"?:              string
387	"additionalItems"?:      #JSONSchemaPropsOrBool
388	"additionalProperties"?: #JSONSchemaPropsOrBool
389	"allOf"?: [...#JSONSchemaProps]
390	"anyOf"?: [...#JSONSchemaProps]
391
392	// default is a default value for undefined object fields.
393	// Defaulting is a beta feature under the
394	// CustomResourceDefaulting feature gate. Defaulting requires
395	// spec.preserveUnknownFields to be false.
396	"default"?: #JSON
397	"definitions"?: {
398		[string]: #JSONSchemaProps
399	}
400	"dependencies"?: {
401		[string]: #JSONSchemaPropsOrStringArray
402	}
403	"description"?: string
404	"enum"?: [...#JSON]
405	"example"?:          #JSON
406	"exclusiveMaximum"?: bool
407	"exclusiveMinimum"?: bool
408	"externalDocs"?:     #ExternalDocumentation
409
410	// format is an OpenAPI v3 format string. Unknown formats are
411	// ignored. The following formats are validated:
412	//
413	// - bsonobjectid: a bson object ID, i.e. a 24 characters hex
414	// string - uri: an URI as parsed by Golang
415	// net/url.ParseRequestURI - email: an email address as parsed by
416	// Golang net/mail.ParseAddress - hostname: a valid
417	// representation for an Internet host name, as defined by RFC
418	// 1034, section 3.1 [RFC1034]. - ipv4: an IPv4 IP as parsed by
419	// Golang net.ParseIP - ipv6: an IPv6 IP as parsed by Golang
420	// net.ParseIP - cidr: a CIDR as parsed by Golang net.ParseCIDR -
421	// mac: a MAC address as parsed by Golang net.ParseMAC - uuid: an
422	// UUID that allows uppercase defined by the regex
423	// (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$
424	// - uuid3: an UUID3 that allows uppercase defined by the regex
425	// (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$
426	// - uuid4: an UUID4 that allows uppercase defined by the regex
427	// (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
428	// - uuid5: an UUID5 that allows uppercase defined by the regex
429	// (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$
430	// - isbn: an ISBN10 or ISBN13 number string like "0321751043" or
431	// "978-0321751041" - isbn10: an ISBN10 number string like
432	// "0321751043" - isbn13: an ISBN13 number string like
433	// "978-0321751041" - creditcard: a credit card number defined by
434	// the regex
435	// ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$
436	// with any non digit characters mixed in - ssn: a U.S. social
437	// security number following the regex ^\\d{3}[- ]?\\d{2}[-
438	// ]?\\d{4}$ - hexcolor: an hexadecimal color code like "#FFFFFF:
439	// following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ -
440	// rgbcolor: an RGB color code like rgb like "rgb(255,255,2559" -
441	// byte: base64 encoded binary data - password: any kind of
442	// string - date: a date string like "2006-01-02" as defined by
443	// full-date in RFC3339 - duration: a duration string like "22
444	// ns" as parsed by Golang time.ParseDuration or compatible with
445	// Scala duration format - datetime: a date time string like
446	// "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339.
447	"format"?:        string
448	"id"?:            string
449	"items"?:         #JSONSchemaPropsOrArray
450	"maxItems"?:      int64 & int
451	"maxLength"?:     int64 & int
452	"maxProperties"?: int64 & int
453	"maximum"?:       number
454	"minItems"?:      int64 & int
455	"minLength"?:     int64 & int
456	"minProperties"?: int64 & int
457	"minimum"?:       number
458	"multipleOf"?:    number
459	"not"?:           #JSONSchemaProps
460	"nullable"?:      bool
461	"oneOf"?: [...#JSONSchemaProps]
462	"pattern"?: string
463	"patternProperties"?: {
464		[string]: #JSONSchemaProps
465	}
466	"properties"?: {
467		[string]: #JSONSchemaProps
468	}
469	"required"?: [...string]
470	"title"?:       string
471	"type"?:        string
472	"uniqueItems"?: bool
473
474	// x-kubernetes-embedded-resource defines that the value is an
475	// embedded Kubernetes runtime.Object, with TypeMeta and
476	// ObjectMeta. The type must be object. It is allowed to further
477	// restrict the embedded object. kind, apiVersion and metadata
478	// are validated automatically.
479	// x-kubernetes-preserve-unknown-fields is allowed to be true,
480	// but does not have to be if the object is fully specified (up
481	// to kind, apiVersion, metadata).
482	"x-kubernetes-embedded-resource"?: bool
483
484	// x-kubernetes-int-or-string specifies that this value is either
485	// an integer or a string. If this is true, an empty type is
486	// allowed and type as child of anyOf is permitted if following
487	// one of the following patterns:
488	//
489	// 1) anyOf:
490	// - type: integer
491	// - type: string
492	// 2) allOf:
493	// - anyOf:
494	// - type: integer
495	// - type: string
496	// - ... zero or more
497	"x-kubernetes-int-or-string"?: bool
498
499	// x-kubernetes-list-map-keys annotates an array with the
500	// x-kubernetes-list-type `map` by specifying the keys used as
501	// the index of the map.
502	//
503	// This tag MUST only be used on lists that have the
504	// "x-kubernetes-list-type" extension set to "map". Also, the
505	// values specified for this attribute must be a scalar typed
506	// field of the child structure (no nesting is supported).
507	//
508	// The properties specified must either be required or have a
509	// default value, to ensure those properties are present for all
510	// list items.
511	"x-kubernetes-list-map-keys"?: [...string]
512
513	// x-kubernetes-list-type annotates an array to further describe
514	// its topology. This extension must only be used on lists and
515	// may have 3 possible values:
516	//
517	// 1) `atomic`: the list is treated as a single entity, like a
518	// scalar.
519	// Atomic lists will be entirely replaced when updated. This
520	// extension
521	// may be used on any type of list (struct, scalar, ...).
522	// 2) `set`:
523	// Sets are lists that must not have multiple items with the same
524	// value. Each
525	// value must be a scalar, an object with x-kubernetes-map-type
526	// `atomic` or an
527	// array with x-kubernetes-list-type `atomic`.
528	// 3) `map`:
529	// These lists are like maps in that their elements have a
530	// non-index key
531	// used to identify them. Order is preserved upon merge. The map
532	// tag
533	// must only be used on a list with elements of type object.
534	// Defaults to atomic for arrays.
535	"x-kubernetes-list-type"?: string
536
537	// x-kubernetes-map-type annotates an object to further describe
538	// its topology. This extension must only be used when type is
539	// object and may have 2 possible values:
540	//
541	// 1) `granular`:
542	// These maps are actual maps (key-value pairs) and each fields
543	// are independent
544	// from each other (they can each be manipulated by separate
545	// actors). This is
546	// the default behaviour for all maps.
547	// 2) `atomic`: the list is treated as a single entity, like a
548	// scalar.
549	// Atomic maps will be entirely replaced when updated.
550	"x-kubernetes-map-type"?: string
551
552	// x-kubernetes-preserve-unknown-fields stops the API server
553	// decoding step from pruning fields which are not specified in
554	// the validation schema. This affects fields recursively, but
555	// switches back to normal pruning behaviour if nested properties
556	// or additionalProperties are specified in the schema. This can
557	// either be true or undefined. False is forbidden.
558	"x-kubernetes-preserve-unknown-fields"?: bool
559
560	// x-kubernetes-validations describes a list of validation rules
561	// written in the CEL expression language.
562	"x-kubernetes-validations"?: [...#ValidationRule]
563}
564
565// JSONSchemaPropsOrArray represents a value that can either be a
566// JSONSchemaProps or an array of JSONSchemaProps. Mainly here
567// for serialization purposes.
568#JSONSchemaPropsOrArray: _
569
570// JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean
571// value. Defaults to true for the boolean property.
572#JSONSchemaPropsOrBool: _
573
574// JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a
575// string array.
576#JSONSchemaPropsOrStringArray: _
577
578// SelectableField specifies the JSON path of a field that may be
579// used with field selectors.
580#SelectableField: {
581	// jsonPath is a simple JSON path which is evaluated against each
582	// custom resource to produce a field selector value. Only JSON
583	// paths without the array notation are allowed. Must point to a
584	// field of type string, boolean or integer. Types with enum
585	// values and strings with formats are allowed. If jsonPath
586	// refers to absent field in a resource, the jsonPath evaluates
587	// to an empty string. Must not point to metdata fields.
588	// Required.
589	"jsonPath"!: string
590}
591
592// ServiceReference holds a reference to Service.legacy.k8s.io
593#ServiceReference: {
594	// name is the name of the service. Required
595	"name"!: string
596
597	// namespace is the namespace of the service. Required
598	"namespace"!: string
599
600	// path is an optional URL path at which the webhook will be
601	// contacted.
602	"path"?: string
603
604	// port is an optional service port at which the webhook will be
605	// contacted. `port` should be a valid port number (1-65535,
606	// inclusive). Defaults to 443 for backward compatibility.
607	"port"?: int32 & int
608}
609
610// ValidationRule describes a validation rule written in the CEL
611// expression language.
612#ValidationRule: {
613	// fieldPath represents the field path returned when the
614	// validation fails. It must be a relative JSON path (i.e. with
615	// array notation) scoped to the location of this
616	// x-kubernetes-validations extension in the schema and refer to
617	// an existing field. e.g. when validation checks if a specific
618	// attribute `foo` under a map `testMap`, the fieldPath could be
619	// set to `.testMap.foo` If the validation checks two lists must
620	// have unique attributes, the fieldPath could be set to either
621	// of the list: e.g. `.testList` It does not support list numeric
622	// index. It supports child operation to refer to an existing
623	// field currently. Refer to [JSONPath support in
624	// Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/)
625	// for more info. Numeric index of array is not supported. For
626	// field name which contains special characters, use
627	// `['specialName']` to refer the field name. e.g. for attribute
628	// `foo.34$` appears in a list `testList`, the fieldPath could be
629	// set to `.testList['foo.34$']`
630	"fieldPath"?: string
631
632	// Message represents the message displayed when validation fails.
633	// The message is required if the Rule contains line breaks. The
634	// message must not contain line breaks. If unset, the message is
635	// "failed rule: {Rule}". e.g. "must be a URL with the host
636	// matching spec.host"
637	"message"?: string
638
639	// MessageExpression declares a CEL expression that evaluates to
640	// the validation failure message that is returned when this rule
641	// fails. Since messageExpression is used as a failure message,
642	// it must evaluate to a string. If both message and
643	// messageExpression are present on a rule, then
644	// messageExpression will be used if validation fails. If
645	// messageExpression results in a runtime error, the runtime
646	// error is logged, and the validation failure message is
647	// produced as if the messageExpression field were unset. If
648	// messageExpression evaluates to an empty string, a string with
649	// only spaces, or a string that contains line breaks, then the
650	// validation failure message will also be produced as if the
651	// messageExpression field were unset, and the fact that
652	// messageExpression produced an empty string/string with only
653	// spaces/string with line breaks will be logged.
654	// messageExpression has access to all the same variables as the
655	// rule; the only difference is the return type. Example: "x must
656	// be less than max ("+string(self.max)+")"
657	"messageExpression"?: string
658
659	// optionalOldSelf is used to opt a transition rule into
660	// evaluation even when the object is first created, or if the
661	// old object is missing the value.
662	//
663	// When enabled `oldSelf` will be a CEL optional whose value will
664	// be `None` if there is no old value, or when the object is
665	// initially created.
666	//
667	// You may check for presence of oldSelf using
668	// `oldSelf.hasValue()` and unwrap it after checking using
669	// `oldSelf.value()`. Check the CEL documentation for Optional
670	// types for more information:
671	// https://pkg.go.dev/github.com/google/cel-go/cel#OptionalTypes
672	//
673	// May not be set unless `oldSelf` is used in `rule`.
674	"optionalOldSelf"?: bool
675
676	// reason provides a machine-readable validation failure reason
677	// that is returned to the caller when a request fails this
678	// validation rule. The HTTP status code returned to the caller
679	// will match the reason of the reason of the first failed
680	// validation rule. The currently supported reasons are:
681	// "FieldValueInvalid", "FieldValueForbidden",
682	// "FieldValueRequired", "FieldValueDuplicate". If not set,
683	// default to use "FieldValueInvalid". All future added reasons
684	// must be accepted by clients when reading this value and
685	// unknown reasons should be treated as FieldValueInvalid.
686	"reason"?: string
687
688	// Rule represents the expression which will be evaluated by CEL.
689	// ref: https://github.com/google/cel-spec The Rule is scoped to
690	// the location of the x-kubernetes-validations extension in the
691	// schema. The `self` variable in the CEL expression is bound to
692	// the scoped value. Example: - Rule scoped to the root of a
693	// resource with a status subresource: {"rule":
694	// "self.status.actual <= self.spec.maxDesired"}
695	//
696	// If the Rule is scoped to an object with properties, the
697	// accessible properties of the object are field selectable via
698	// `self.field` and field presence can be checked via
699	// `has(self.field)`. Null valued fields are treated as absent
700	// fields in CEL expressions. If the Rule is scoped to an object
701	// with additionalProperties (i.e. a map) the value of the map
702	// are accessible via `self[mapKey]`, map containment can be
703	// checked via `mapKey in self` and all entries of the map are
704	// accessible via CEL macros and functions such as
705	// `self.all(...)`. If the Rule is scoped to an array, the
706	// elements of the array are accessible via `self[i]` and also by
707	// macros and functions. If the Rule is scoped to a scalar,
708	// `self` is bound to the scalar value. Examples: - Rule scoped
709	// to a map of objects: {"rule":
710	// "self.components['Widget'].priority < 10"} - Rule scoped to a
711	// list of integers: {"rule": "self.values.all(value, value >= 0
712	// && value < 100)"} - Rule scoped to a string value: {"rule":
713	// "self.startsWith('kube')"}
714	//
715	// The `apiVersion`, `kind`, `metadata.name` and
716	// `metadata.generateName` are always accessible from the root of
717	// the object and from any x-kubernetes-embedded-resource
718	// annotated objects. No other metadata properties are
719	// accessible.
720	//
721	// Unknown data preserved in custom resources via
722	// x-kubernetes-preserve-unknown-fields is not accessible in CEL
723	// expressions. This includes: - Unknown field values that are
724	// preserved by object schemas with
725	// x-kubernetes-preserve-unknown-fields. - Object properties
726	// where the property schema is of an "unknown type". An "unknown
727	// type" is recursively defined as:
728	// - A schema with no type and
729	// x-kubernetes-preserve-unknown-fields set to true
730	// - An array where the items schema is of an "unknown type"
731	// - An object where the additionalProperties schema is of an
732	// "unknown type"
733	//
734	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`
735	// are accessible. Accessible property names are escaped
736	// according to the following rules when accessed in the
737	// expression: - '__' escapes to '__underscores__' - '.' escapes
738	// to '__dot__' - '-' escapes to '__dash__' - '/' escapes to
739	// '__slash__' - Property names that exactly match a CEL RESERVED
740	// keyword escape to '__{keyword}__'. The keywords are:
741	// "true", "false", "null", "in", "as", "break", "const",
742	// "continue", "else", "for", "function", "if",
743	// "import", "let", "loop", "package", "namespace", "return".
744	// Examples:
745	// - Rule accessing a property named "namespace": {"rule":
746	// "self.__namespace__ > 0"}
747	// - Rule accessing a property named "x-prop": {"rule":
748	// "self.x__dash__prop > 0"}
749	// - Rule accessing a property named "redact__d": {"rule":
750	// "self.redact__underscores__d > 0"}
751	//
752	// Equality on arrays with x-kubernetes-list-type of 'set' or
753	// 'map' ignores element order, i.e. [1, 2] == [2, 1].
754	// Concatenation on arrays with x-kubernetes-list-type use the
755	// semantics of the list type:
756	// - 'set': `X + Y` performs a union where the array positions of
757	// all elements in `X` are preserved and
758	// non-intersecting elements in `Y` are appended, retaining their
759	// partial order.
760	// - 'map': `X + Y` performs a merge where the array positions of
761	// all keys in `X` are preserved but the values
762	// are overwritten by values in `Y` when the key sets of `X` and
763	// `Y` intersect. Elements in `Y` with
764	// non-intersecting keys are appended, retaining their partial
765	// order.
766	//
767	// If `rule` makes use of the `oldSelf` variable it is implicitly
768	// a `transition rule`.
769	//
770	// By default, the `oldSelf` variable is the same type as `self`.
771	// When `optionalOldSelf` is true, the `oldSelf` variable is a
772	// CEL optional
773	// variable whose value() is the same type as `self`.
774	// See the documentation for the `optionalOldSelf` field for
775	// details.
776	//
777	// Transition rules by default are applied only on UPDATE requests
778	// and are skipped if an old value could not be found. You can
779	// opt a transition rule into unconditional evaluation by setting
780	// `optionalOldSelf` to true.
781	"rule"!: string
782}
783
784// WebhookClientConfig contains the information to make a TLS
785// connection with the webhook.
786#WebhookClientConfig: {
787	// caBundle is a PEM encoded CA bundle which will be used to
788	// validate the webhook's server certificate. If unspecified,
789	// system trust roots on the apiserver are used.
790	"caBundle"?: string
791
792	// service is a reference to the service for this webhook. Either
793	// service or url must be specified.
794	//
795	// If the webhook is running within the cluster, then you should
796	// use `service`.
797	"service"?: #ServiceReference
798
799	// url gives the location of the webhook, in standard URL form
800	// (`scheme://host:port/path`). Exactly one of `url` or `service`
801	// must be specified.
802	//
803	// The `host` should not refer to a service running in the
804	// cluster; use the `service` field instead. The host might be
805	// resolved via external DNS in some apiservers (e.g.,
806	// `kube-apiserver` cannot resolve in-cluster DNS as that would
807	// be a layering violation). `host` may also be an IP address.
808	//
809	// Please note that using `localhost` or `127.0.0.1` as a `host`
810	// is risky unless you take great care to run this webhook on all
811	// hosts which run an apiserver which might need to make calls to
812	// this webhook. Such installs are likely to be non-portable,
813	// i.e., not easy to turn up in a new cluster.
814	//
815	// The scheme must be "https"; the URL must begin with "https://".
816	//
817	// A path is optional, and if present may be any string
818	// permissible in a URL. You may use the path to pass an
819	// arbitrary string to the webhook, for example, a cluster
820	// identifier.
821	//
822	// Attempting to use a user or basic auth e.g. "user:password@" is
823	// not allowed. Fragments ("#...") and query parameters ("?...")
824	// are not allowed, either.
825	"url"?: string
826}
827
828// WebhookConversion describes how to call a conversion webhook
829#WebhookConversion: {
830	// clientConfig is the instructions for how to call the webhook if
831	// strategy is `Webhook`.
832	"clientConfig"?: #WebhookClientConfig
833
834	// conversionReviewVersions is an ordered list of preferred
835	// `ConversionReview` versions the Webhook expects. The API
836	// server will use the first version in the list which it
837	// supports. If none of the versions specified in this list are
838	// supported by API server, conversion will fail for the custom
839	// resource. If a persisted Webhook configuration specifies
840	// allowed versions and does not include any versions known to
841	// the API Server, calls to the webhook will fail.
842	"conversionReviewVersions"!: [...string]
843}