diff --git a/cmd/schema-tweak/main.go b/cmd/schema-tweak/main.go new file mode 100644 index 000000000000..c48a68bbecbb --- /dev/null +++ b/cmd/schema-tweak/main.go @@ -0,0 +1,243 @@ +/* +Copyright 2024 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "bytes" + "fmt" + "io/fs" + "log" + "os" + "path/filepath" + "strings" + + "gopkg.in/yaml.v3" + "k8s.io/apimachinery/pkg/util/sets" +) + +const resourcesDir = "config/core/300-resources" + +func main() { + files, err := os.ReadDir(resourcesDir) + if err != nil { + log.Fatalln("failed to read CRD directory", err) + } + + for _, file := range files { + if !strings.HasSuffix(file.Name(), ".yaml") || !file.Type().IsRegular() { + continue + } + + processFile(file) + } + +} + +func processFile(file fs.DirEntry) { + fmt.Println("Processing", file.Name()) + + filename := filepath.Join(resourcesDir, file.Name()) + + fbytes, err := os.ReadFile(filename) + if err != nil { + log.Fatalln("failed to read CRD", err) + } + + var root yaml.Node + if err := yaml.Unmarshal(fbytes, &root); err != nil { + log.Fatalln("failed to unmarshal CRD", err) + } + + buf := bytes.Buffer{} + + enc := yaml.NewEncoder(&buf) + enc.SetIndent(2) + + // document node => content[0] => crd map + applyOverrides(root.Content[0]) + + if err = enc.Encode(&root); err != nil { + log.Fatalln("failed to marshal CRD", err) + } + + if err = enc.Close(); err != nil { + log.Fatalln("failed to close yaml encoder", err) + } + + if err = os.WriteFile(filename, buf.Bytes(), file.Type().Perm()); err != nil { + log.Fatalln("failed to write CRD", err) + } + +} + +func applyOverrides(root *yaml.Node) { + for _, override := range overrides { + crdName := stringValue(root, "metadata.name") + + if crdName != override.crdName { + continue + } + + versions := arrayValue(root, "spec.versions") + + for _, version := range versions { + for _, entry := range override.entries { + schemaNode := mapValue(version, "schema.openAPIV3Schema") + applyOverrideEntry(schemaNode, entry) + } + } + } +} + +func applyOverrideEntry(node *yaml.Node, entry entry) { + for _, segment := range strings.Split(entry.path, ".") { + node = children(node) + node = mapValue(node, segment) + + if node == nil { + log.Fatalf("node at path %q not found\n", entry.path) + } + } + + if node.Kind != yaml.MappingNode { + log.Fatalf("node at path %q not a mapping node\n", entry.path) + } + + if entry.description != "" { + setString(node, "description", entry.description) + } + + switch dataType(node) { + case "array": + case "object": + default: + // if we're at a leaf node then other operations are a noop + return + } + + dropRequiredFields(node, entry.dropRequired) + filterAllowedFields(node, entry.allowedFields, entry.featureFlagFields) + updateFeatureFlags(node, entry.featureFlagFields) + + if entry.dropListType { + deleteKey(node, "x-kubernetes-list-map-keys") + deleteKey(node, "x-kubernetes-list-type") + } +} + +func updateFeatureFlags(node *yaml.Node, features []flagField) { + node = children(node) + + for _, feature := range features { + propNode := mapValue(node, feature.name) + updateFeatureFlagProperty(propNode, feature) + } +} + +func updateFeatureFlagProperty(root *yaml.Node, f flagField) { + desc := fmt.Sprintf("This is accessible behind a feature flag - %s", f.flag) + + setString(root, "description", desc) + + node := root + switch dataType(root) { + case "array": + node = items(root) + setString(root, "items.description", desc) + deleteKeysExcluding(node, "description", "type", "x-kubernetes-map-type") + deleteKeysExcluding(root, "description", "type", "items") + case "object": + if mapValue(node, "properties") == nil { + // no child elements - so probably a map or dual type (int||str) + return + } + deleteKeysExcluding(node, "description", "type", "x-kubernetes-map-type") + default: + return + } + + node.Content = append(node.Content, + &yaml.Node{ + Kind: yaml.ScalarNode, + Tag: "!!str", + Style: yaml.FlowStyle, + Value: "x-kubernetes-preserve-unknown-fields", + }, + &yaml.Node{ + Kind: yaml.ScalarNode, + Tag: "!!bool", + Style: yaml.FlowStyle, + Value: "true", + }, + ) + +} + +func filterAllowedFields(node *yaml.Node, allowed sets.Set[string], features []flagField) { + allowed = allowed.Clone() + for _, feature := range features { + allowed.Insert(feature.name) + } + + if allowed.Len() == 0 { + return + } + + propNode := children(node) + keysToDelete := sets.Set[string]{} + + for i := 0; i < len(propNode.Content); i += 2 { + keyNode := propNode.Content[i] + + if !allowed.Has(keyNode.Value) { + keysToDelete.Insert(keyNode.Value) + } + } + + for _, key := range keysToDelete.UnsortedList() { + deleteKey(propNode, key) + } +} + +func dropRequiredFields(node *yaml.Node, fields sets.Set[string]) { + dataType := dataType(node) + + switch dataType { + case "array": + node = items(node) + } + + required := arrayValue(node, "required") + + if len(required) == 0 { + deleteKey(node, "required") + return + } + + for i := 0; i < len(required); i++ { + if fields.Has(required[i].Value) { + required = append(required[:i], required[i+1:]...) + break + } + } + + if len(required) == 0 { + deleteKey(node, "required") + } else { + setArray(node, "required", required) + } +} diff --git a/cmd/schema-tweak/overrides.go b/cmd/schema-tweak/overrides.go new file mode 100644 index 000000000000..3970da201f97 --- /dev/null +++ b/cmd/schema-tweak/overrides.go @@ -0,0 +1,423 @@ +/* +Copyright 2024 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "fmt" + "reflect" + "strings" + + "k8s.io/apimachinery/pkg/util/sets" + "knative.dev/serving/pkg/apis/config" + v1 "knative.dev/serving/pkg/apis/serving/v1" +) + +type override struct { + crdName string + entries []entry +} + +type entry struct { + path string + description string + allowedFields sets.Set[string] + featureFlagFields []flagField + dropRequired sets.Set[string] + + // Drops list-type + // x-kubernetes-list-map-keys: + // - name + // x-kubernetes-list-type: map + dropListType bool +} + +type flagField struct { + name string + flag string +} + +var overrides = []override{{ + crdName: "services.serving.knative.dev", + entries: revSpecOverrides("spec.template.spec"), +}, { + crdName: "configurations.serving.knative.dev", + entries: revSpecOverrides("spec.template.spec"), +}, { + crdName: "revisions.serving.knative.dev", + entries: revSpecOverrides("spec"), +}, { + crdName: "podautoscalers.autoscaling.internal.knative.dev", + entries: []entry{{ + path: "spec.scaleTargetRef", + allowedFields: sets.New( + "apiVersion", + "kind", + "name", + ), + }}, +}} + +func revSpecOverrides(prefixPath string) []entry { + entries := []entry{{ + allowedFields: sets.New( + "automountServiceAccountToken", + "containers", + "enableServiceLinks", + "imagePullSecrets", + "serviceAccountName", + "volumes", + ).Insert(revisionSpecFields()...), + featureFlagFields: []flagField{ + {name: "affinity", flag: config.FeaturePodSpecAffinity}, + {name: "dnsConfig", flag: config.FeaturePodSpecDNSConfig}, + {name: "dnsPolicy", flag: config.FeaturePodSpecDNSPolicy}, + {name: "hostAliases", flag: config.FeaturePodSpecHostAliases}, + {name: "hostIPC", flag: config.FeaturePodSpecHostIPC}, + {name: "hostNetwork", flag: config.FeaturePodSpecHostNetwork}, + {name: "hostPID", flag: config.FeaturePodSpecHostPID}, + {name: "initContainers", flag: config.FeaturePodSpecInitContainers}, + {name: "nodeSelector", flag: config.FeaturePodSpecNodeSelector}, + {name: "priorityClassName", flag: config.FeaturePodSpecPriorityClassName}, + {name: "runtimeClassName", flag: config.FeaturePodSpecRuntimeClassName}, + {name: "schedulerName", flag: config.FeaturePodSpecSchedulerName}, + {name: "securityContext", flag: config.FeaturePodSpecSecurityContext}, + {name: "shareProcessNamespace", flag: config.FeaturePodSpecShareProcessNamespace}, + {name: "tolerations", flag: config.FeaturePodSpecTolerations}, + {name: "topologySpreadConstraints", flag: config.FeaturePodSpecTopologySpreadConstraints}, + }, + }, { + path: "containers", + dropListType: true, + dropRequired: sets.New("name"), + allowedFields: sets.New( + "args", + "command", + "env", + "envFrom", + "image", + "imagePullPolicy", + "livenessProbe", + "name", + "ports", + "readinessProbe", + "resources", + "securityContext", + "startupProbe", + "terminationMessagePath", + "terminationMessagePolicy", + "volumeMounts", + "workingDir", + ), + }, { + path: "containers.ports", + dropListType: true, + dropRequired: sets.New("containerPort"), + allowedFields: sets.New( + "containerPort", + "name", + "protocol", + ), + }, { + path: "containers.securityContext", + allowedFields: sets.New( + "allowPrivilegeEscalation", + "capabilities", + "privileged", + "readOnlyRootFilesystem", + "runAsGroup", + "runAsNonRoot", + "runAsUser", + "seccompProfile", + ), + }, { + path: "containers.securityContext.privileged", + description: "Run container in privileged mode. This can only be set to explicitly to 'false'", + }, { + path: "containers.securityContext.capabilities", + allowedFields: sets.New( + "add", + "drop", + ), + }, { + path: "containers.securityContext.capabilities.add", + description: fmt.Sprintf("This is accessible behind a feature flag - %s", + config.FeatureContainerSpecAddCapabilities), + }, { + path: "containers.resources", + allowedFields: sets.New( + "limits", + "requests", + ), + }, { + path: "containers.env", + allowedFields: sets.New( + "name", + "value", + "valueFrom", + ), + }, { + path: "containers.env.valueFrom", + allowedFields: sets.New( + "configMapKeyRef", + "secretKeyRef", + ), + featureFlagFields: []flagField{{ + name: "fieldRef", + flag: config.FeaturePodSpecFieldRef, + }, { + name: "resourceFieldRef", + flag: config.FeaturePodSpecFieldRef, + }}, + }, { + path: "containers.env.valueFrom.configMapKeyRef", + allowedFields: sets.New( + "name", + "key", + "optional", + ), + }, { + path: "containers.env.valueFrom.secretKeyRef", + allowedFields: sets.New( + "name", + "key", + "optional", + ), + }, { + path: "containers.envFrom", + allowedFields: sets.New( + "prefix", + "configMapRef", + "secretRef", + ), + }, { + path: "containers.envFrom.configMapRef", + allowedFields: sets.New( + "name", + "optional", + ), + }, { + path: "containers.envFrom.secretRef", + allowedFields: sets.New( + "name", + "optional", + ), + }, { + path: "enableServiceLinks", + description: "EnableServiceLinks indicates whether information about" + + "services should be injected into pod's environment variables, " + + "matching the syntax of Docker links. Optional: Knative defaults this to false.", + }, { + path: "containers.volumeMounts", + allowedFields: sets.New( + "name", + "readOnly", + "mountPath", + "subPath", + ), + }, { + path: "volumes", + allowedFields: sets.New( + "name", + "secret", + "configMap", + "projected", + ), + featureFlagFields: []flagField{{ + name: "emptyDir", + flag: config.FeaturePodSpecEmptyDir, + }, { + name: "persistentVolumeClaim", + flag: config.FeaturePodSpecPVClaim, + }, { + name: "hostPath", + flag: config.FeaturePodSpecHostPath, + }}, + }, { + path: "volumes.secret", + allowedFields: sets.New( + "defaultMode", + "items", + "optional", + "secretName", + ), + }, { + path: "volumes.secret.items", + allowedFields: sets.New( + "key", + "path", + "mode", + ), + }, { + path: "volumes.configMap", + allowedFields: sets.New( + "defaultMode", + "items", + "optional", + "name", + ), + }, { + path: "volumes.configMap.items", + allowedFields: sets.New( + "key", + "path", + "mode", + ), + }, { + path: "volumes.projected", + allowedFields: sets.New( + "defaultMode", + "sources", + ), + }, { + path: "volumes.projected.sources", + allowedFields: sets.New( + // "clusterTrustBundle", + "configMap", + "downwardAPI", + "secret", + "serviceAccountToken", + ), + }, { + path: "volumes.projected.sources.configMap", + allowedFields: sets.New( + "items", + "name", + "optional", + ), + }, { + path: "volumes.projected.sources.configMap.items", + allowedFields: sets.New( + "key", + "path", + "mode", + ), + }, { + path: "volumes.projected.sources.secret", + allowedFields: sets.New( + "items", + "name", + "optional", + ), + }, { + path: "volumes.projected.sources.secret.items", + allowedFields: sets.New( + "key", + "path", + "mode", + ), + }, { + path: "volumes.projected.sources.serviceAccountToken", + allowedFields: sets.New( + "audience", + "expirationSeconds", + "path", + ), + }, { + path: "volumes.projected.sources.downwardAPI", + allowedFields: sets.New( + "items", + ), + }, { + path: "volumes.projected.sources.downwardAPI.items", + allowedFields: sets.New( + "path", + "fieldRef", + "mode", + "resourceFieldRef", + ), + }} + + probes := []string{"livenessProbe", "readinessProbe", "startupProbe"} + + for _, probe := range probes { + entries = append(entries, entry{ + path: fmt.Sprintf("containers.%s", probe), + allowedFields: sets.New( + "initialDelaySeconds", + "timeoutSeconds", + "periodSeconds", + "successThreshold", + "failureThreshold", + + // probe handlers + "httpGet", + "exec", + "tcpSocket", + "grpc", + ), + }) + + entries = append(entries, entry{ + path: fmt.Sprintf("containers.%s.periodSeconds", probe), + description: "How often (in seconds) to perform the probe.", + }, entry{ + path: fmt.Sprintf("containers.%s.httpGet", probe), + dropRequired: sets.New("port"), + allowedFields: sets.New( + "host", + "httpHeaders", + "path", + "port", + "scheme", + ), + }, entry{ + path: fmt.Sprintf("containers.%s.exec", probe), + allowedFields: sets.New("command"), + }, entry{ + path: fmt.Sprintf("containers.%s.tcpSocket", probe), + dropRequired: sets.New("port"), + allowedFields: sets.New( + "host", + "port", + ), + }, entry{ + path: fmt.Sprintf("containers.%s.grpc", probe), + dropRequired: sets.New("port"), + allowedFields: sets.New( + "port", + "service", + ), + }) + } + + for i := range entries { + if entries[i].path == "" { + entries[i].path = prefixPath + } else { + entries[i].path = prefixPath + "." + entries[i].path + } + } + return entries +} + +func revisionSpecFields() []string { + var ( + fields []string + revType = reflect.TypeOf(v1.RevisionSpec{}) + ) + + for i := 0; i < revType.NumField(); i++ { + if revType.Field(i).Name == "PodSpec" { + continue + } + + jsonTag := revType.Field(i).Tag.Get("json") + fields = append(fields, strings.Split(jsonTag, ",")[0]) + } + + return fields +} diff --git a/cmd/schema-tweak/yaml.go b/cmd/schema-tweak/yaml.go new file mode 100644 index 000000000000..e98642ebbc07 --- /dev/null +++ b/cmd/schema-tweak/yaml.go @@ -0,0 +1,154 @@ +/* +Copyright 2024 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "log" + "strings" + + "gopkg.in/yaml.v3" + "k8s.io/apimachinery/pkg/util/sets" +) + +func mapValue(node *yaml.Node, path string) *yaml.Node { + segments := strings.Split(path, ".") + +outer: + for _, segment := range segments { + if node.Kind != yaml.MappingNode { + log.Panicf("node at segment %q not a mapping node\n", segment) + } + + for i := 0; i < len(node.Content); i += 2 { + keyNode := node.Content[i] + valueNode := node.Content[i+1] + if keyNode.Value == segment { + node = valueNode + continue outer + } + } + + return nil + } + + return node +} + +func stringValue(node *yaml.Node, path string) string { + if path != "" { + node = mapValue(node, path) + } + + if node == nil { + log.Panicf("node at path %q not found\n", path) + } + + if node.Kind != yaml.ScalarNode { + log.Panicf("node at path %q not a scalar node\n", path) + } + + if node.ShortTag() != "!!str" { + log.Panicf("node at path %q not a string node\n", path) + } + + return node.Value +} + +func arrayValue(node *yaml.Node, path string) []*yaml.Node { + node = mapValue(node, path) + + if node == nil { + return nil + } + + if node.Kind != yaml.SequenceNode { + log.Panicf("node at path %q not a sequence node\n", path) + } + + return node.Content +} + +func setArray(node *yaml.Node, path string, values []*yaml.Node) { + node = mapValue(node, path) + + if node.Kind != yaml.SequenceNode { + log.Panicf("node at path %q not a sequence node\n", path) + } + + node.Content = values +} + +func deleteKey(node *yaml.Node, key string) { + if node.Kind != yaml.MappingNode { + log.Panicf("node is not mapping node") + } + + for i := 0; i < len(node.Content); i += 2 { + keyNode := node.Content[i] + if keyNode.Value == key { + node.Content = append(node.Content[:i], node.Content[i+2:]...) + return + } + } +} + +func children(node *yaml.Node) *yaml.Node { + dataType := dataType(node) + + switch dataType { + case "object": + return properties(node) + case "array": + return properties(items(node)) + default: + log.Panicf("node has no children") + return nil + } +} + +func properties(node *yaml.Node) *yaml.Node { + return mapValue(node, "properties") +} + +func items(node *yaml.Node) *yaml.Node { + return mapValue(node, "items") +} + +func dataType(node *yaml.Node) string { + return stringValue(node, "type") +} + +func setString(node *yaml.Node, path, value string) { + if path != "" { + node = mapValue(node, path) + } + + node.Value = value +} + +func deleteKeysExcluding(node *yaml.Node, keys ...string) { + keySet := sets.New(keys...) + for i := 0; i < len(node.Content); i += 2 { + keyNode := node.Content[i] + + if !keySet.Has(keyNode.Value) { + node.Content = append(node.Content[:i], node.Content[i+2:]...) + i -= 2 // reset index + } + } + +} diff --git a/config/core/300-resources/configuration.yaml b/config/core/300-resources/configuration.yaml index 7e23eba933ee..cb423ed3fe84 100644 --- a/config/core/300-resources/configuration.yaml +++ b/config/core/300-resources/configuration.yaml @@ -216,9 +216,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -226,15 +224,17 @@ spec: type: boolean x-kubernetes-map-type: atomic fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref type: object - x-kubernetes-preserve-unknown-fields: true x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref type: object - x-kubernetes-preserve-unknown-fields: true x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true secretKeyRef: description: Selects a key of a secret in the pod's namespace type: object @@ -250,9 +250,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -285,9 +283,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -307,9 +303,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -364,8 +358,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. type: object - required: - - port properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -376,9 +368,9 @@ spec: Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string + default: "" httpGet: description: HTTPGet specifies the http request to perform. type: object @@ -431,7 +423,8 @@ spec: type: integer format: int32 periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. type: integer format: int32 successThreshold: @@ -482,8 +475,6 @@ spec: items: description: ContainerPort represents a network port in a single container. type: object - required: - - containerPort properties: containerPort: description: |- @@ -503,10 +494,6 @@ spec: Defaults to "TCP". type: string default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map readinessProbe: description: |- Periodic probe of container service readiness. @@ -539,8 +526,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. type: object - required: - - port properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -551,9 +536,9 @@ spec: Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string + default: "" httpGet: description: HTTPGet specifies the http request to perform. type: object @@ -606,7 +591,8 @@ spec: type: integer format: int32 periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. type: integer format: int32 successThreshold: @@ -645,33 +631,6 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - type: array - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - type: object - required: - - name - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: description: |- Limits describes the maximum amount of compute resources allowed. @@ -736,10 +695,7 @@ spec: x-kubernetes-list-type: atomic privileged: description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. + Run container in privileged mode. This can only be set to explicitly to 'false' type: boolean readOnlyRootFilesystem: description: |- @@ -796,7 +752,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -836,8 +791,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. type: object - required: - - port properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -848,9 +801,9 @@ spec: Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string + default: "" httpGet: description: HTTPGet specifies the http request to perform. type: object @@ -903,7 +856,8 @@ spec: type: integer format: int32 periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. type: integer format: int32 successThreshold: @@ -996,34 +950,39 @@ spec: Cannot be updated. type: string dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig type: object x-kubernetes-preserve-unknown-fields: true dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. type: boolean hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases type: array items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases type: object x-kubernetes-preserve-unknown-fields: true hostIPC: - description: This is accessible behind a feature flag - kubernetes.podspec-hostipc + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc type: boolean - x-kubernetes-preserve-unknown-fields: true hostNetwork: - description: This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork type: boolean - x-kubernetes-preserve-unknown-fields: true hostPID: - description: This is accessible behind a feature flag - kubernetes.podspec-hostpid + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid type: boolean - x-kubernetes-preserve-unknown-fields: true idleTimeoutSeconds: description: |- IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed @@ -1049,9 +1008,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" x-kubernetes-map-type: atomic @@ -1060,33 +1017,23 @@ spec: x-kubernetes-list-type: map initContainers: description: |- - List of initialization containers belonging to the pod. - Init containers are executed in order prior to containers being started. If any - init container fails, the pod is considered to have failed and is handled according - to its restartPolicy. The name for an init container or normal container must be - unique among all containers. - Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. - The resourceRequirements of an init container are taken into account during scheduling - by finding the highest request/limit for each resource type, and then using the max of - of that value or the sum of the normal containers. Limits are applied to init containers - in a similar fashion. - Init containers cannot currently be added or removed. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + This is accessible behind a feature flag - kubernetes.podspec-init-containers type: array items: description: This is accessible behind a feature flag - kubernetes.podspec-init-containers type: object x-kubernetes-preserve-unknown-fields: true nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector type: object - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string x-kubernetes-map-type: atomic priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname type: string - x-kubernetes-preserve-unknown-fields: true responseStartTimeoutSeconds: description: |- ResponseStartTimeoutSeconds is the maximum duration in seconds that the request @@ -1095,15 +1042,16 @@ spec: type: integer format: int64 runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname type: string - x-kubernetes-preserve-unknown-fields: true schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername type: string - x-kubernetes-preserve-unknown-fields: true securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext type: object x-kubernetes-preserve-unknown-fields: true serviceAccountName: @@ -1112,9 +1060,9 @@ spec: More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ type: string shareProcessNamespace: - description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace type: boolean - x-kubernetes-preserve-unknown-fields: true timeoutSeconds: description: |- TimeoutSeconds is the maximum duration in seconds that the request instance @@ -1126,12 +1074,13 @@ spec: description: This is accessible behind a feature flag - kubernetes.podspec-tolerations type: array items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations type: object x-kubernetes-preserve-unknown-fields: true - x-kubernetes-list-type: atomic topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints type: array items: description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints @@ -1207,9 +1156,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -1217,11 +1164,13 @@ spec: type: boolean x-kubernetes-map-type: atomic emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir type: object x-kubernetes-preserve-unknown-fields: true hostPath: - description: This is accessible behind a feature flag - kubernetes.podspec-hostpath + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath type: object x-kubernetes-preserve-unknown-fields: true name: @@ -1231,7 +1180,8 @@ spec: More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim type: object x-kubernetes-preserve-unknown-fields: true projected: @@ -1303,9 +1253,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -1422,9 +1370,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: diff --git a/config/core/300-resources/domain-mapping.yaml b/config/core/300-resources/domain-mapping.yaml index 8c6f7df0ed18..47c5f5705b5a 100644 --- a/config/core/300-resources/domain-mapping.yaml +++ b/config/core/300-resources/domain-mapping.yaml @@ -72,13 +72,11 @@ spec: description: |- Ref specifies the target of the Domain Mapping. - The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. - This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services. type: object diff --git a/config/core/300-resources/revision.yaml b/config/core/300-resources/revision.yaml index ec86072eba2b..0c022c92a6ac 100644 --- a/config/core/300-resources/revision.yaml +++ b/config/core/300-resources/revision.yaml @@ -67,7 +67,6 @@ spec: references a container image. Revisions are created by updates to a Configuration. - See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision type: object properties: @@ -193,9 +192,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -203,15 +200,17 @@ spec: type: boolean x-kubernetes-map-type: atomic fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref type: object - x-kubernetes-preserve-unknown-fields: true x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref type: object - x-kubernetes-preserve-unknown-fields: true x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true secretKeyRef: description: Selects a key of a secret in the pod's namespace type: object @@ -227,9 +226,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -262,9 +259,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -284,9 +279,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -341,8 +334,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. type: object - required: - - port properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -353,9 +344,9 @@ spec: Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string + default: "" httpGet: description: HTTPGet specifies the http request to perform. type: object @@ -408,7 +399,8 @@ spec: type: integer format: int32 periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. type: integer format: int32 successThreshold: @@ -459,8 +451,6 @@ spec: items: description: ContainerPort represents a network port in a single container. type: object - required: - - containerPort properties: containerPort: description: |- @@ -480,10 +470,6 @@ spec: Defaults to "TCP". type: string default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map readinessProbe: description: |- Periodic probe of container service readiness. @@ -516,8 +502,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. type: object - required: - - port properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -528,9 +512,9 @@ spec: Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string + default: "" httpGet: description: HTTPGet specifies the http request to perform. type: object @@ -583,7 +567,8 @@ spec: type: integer format: int32 periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. type: integer format: int32 successThreshold: @@ -622,33 +607,6 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - type: array - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - type: object - required: - - name - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: description: |- Limits describes the maximum amount of compute resources allowed. @@ -713,10 +671,7 @@ spec: x-kubernetes-list-type: atomic privileged: description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. + Run container in privileged mode. This can only be set to explicitly to 'false' type: boolean readOnlyRootFilesystem: description: |- @@ -773,7 +728,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -813,8 +767,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. type: object - required: - - port properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -825,9 +777,9 @@ spec: Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string + default: "" httpGet: description: HTTPGet specifies the http request to perform. type: object @@ -880,7 +832,8 @@ spec: type: integer format: int32 periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. type: integer format: int32 successThreshold: @@ -973,34 +926,39 @@ spec: Cannot be updated. type: string dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig type: object x-kubernetes-preserve-unknown-fields: true dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. type: boolean hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases type: array items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases type: object x-kubernetes-preserve-unknown-fields: true hostIPC: - description: This is accessible behind a feature flag - kubernetes.podspec-hostipc + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc type: boolean - x-kubernetes-preserve-unknown-fields: true hostNetwork: - description: This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork type: boolean - x-kubernetes-preserve-unknown-fields: true hostPID: - description: This is accessible behind a feature flag - kubernetes.podspec-hostpid + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid type: boolean - x-kubernetes-preserve-unknown-fields: true idleTimeoutSeconds: description: |- IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed @@ -1026,9 +984,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" x-kubernetes-map-type: atomic @@ -1037,33 +993,23 @@ spec: x-kubernetes-list-type: map initContainers: description: |- - List of initialization containers belonging to the pod. - Init containers are executed in order prior to containers being started. If any - init container fails, the pod is considered to have failed and is handled according - to its restartPolicy. The name for an init container or normal container must be - unique among all containers. - Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. - The resourceRequirements of an init container are taken into account during scheduling - by finding the highest request/limit for each resource type, and then using the max of - of that value or the sum of the normal containers. Limits are applied to init containers - in a similar fashion. - Init containers cannot currently be added or removed. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + This is accessible behind a feature flag - kubernetes.podspec-init-containers type: array items: description: This is accessible behind a feature flag - kubernetes.podspec-init-containers type: object x-kubernetes-preserve-unknown-fields: true nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector type: object - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string x-kubernetes-map-type: atomic priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname type: string - x-kubernetes-preserve-unknown-fields: true responseStartTimeoutSeconds: description: |- ResponseStartTimeoutSeconds is the maximum duration in seconds that the request @@ -1072,15 +1018,16 @@ spec: type: integer format: int64 runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname type: string - x-kubernetes-preserve-unknown-fields: true schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername type: string - x-kubernetes-preserve-unknown-fields: true securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext type: object x-kubernetes-preserve-unknown-fields: true serviceAccountName: @@ -1089,9 +1036,9 @@ spec: More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ type: string shareProcessNamespace: - description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace type: boolean - x-kubernetes-preserve-unknown-fields: true timeoutSeconds: description: |- TimeoutSeconds is the maximum duration in seconds that the request instance @@ -1103,12 +1050,13 @@ spec: description: This is accessible behind a feature flag - kubernetes.podspec-tolerations type: array items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations type: object x-kubernetes-preserve-unknown-fields: true - x-kubernetes-list-type: atomic topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints type: array items: description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints @@ -1184,9 +1132,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -1194,11 +1140,13 @@ spec: type: boolean x-kubernetes-map-type: atomic emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir type: object x-kubernetes-preserve-unknown-fields: true hostPath: - description: This is accessible behind a feature flag - kubernetes.podspec-hostpath + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath type: object x-kubernetes-preserve-unknown-fields: true name: @@ -1208,7 +1156,8 @@ spec: More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim type: object x-kubernetes-preserve-unknown-fields: true projected: @@ -1280,9 +1229,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -1399,9 +1346,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: diff --git a/config/core/300-resources/service.yaml b/config/core/300-resources/service.yaml index 4d9765a4d97a..ca2b54727895 100644 --- a/config/core/300-resources/service.yaml +++ b/config/core/300-resources/service.yaml @@ -71,11 +71,9 @@ spec: underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. - The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. - See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service type: object properties: @@ -236,9 +234,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -246,15 +242,17 @@ spec: type: boolean x-kubernetes-map-type: atomic fieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref type: object - x-kubernetes-preserve-unknown-fields: true x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true resourceFieldRef: - description: This is accessible behind a feature flag - kubernetes.podspec-fieldref + description: |- + This is accessible behind a feature flag - kubernetes.podspec-fieldref type: object - x-kubernetes-preserve-unknown-fields: true x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true secretKeyRef: description: Selects a key of a secret in the pod's namespace type: object @@ -270,9 +268,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -305,9 +301,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -327,9 +321,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -384,8 +376,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. type: object - required: - - port properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -396,9 +386,9 @@ spec: Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string + default: "" httpGet: description: HTTPGet specifies the http request to perform. type: object @@ -451,7 +441,8 @@ spec: type: integer format: int32 periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. type: integer format: int32 successThreshold: @@ -502,8 +493,6 @@ spec: items: description: ContainerPort represents a network port in a single container. type: object - required: - - containerPort properties: containerPort: description: |- @@ -523,10 +512,6 @@ spec: Defaults to "TCP". type: string default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map readinessProbe: description: |- Periodic probe of container service readiness. @@ -559,8 +544,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. type: object - required: - - port properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -571,9 +554,9 @@ spec: Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string + default: "" httpGet: description: HTTPGet specifies the http request to perform. type: object @@ -626,7 +609,8 @@ spec: type: integer format: int32 periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. type: integer format: int32 successThreshold: @@ -665,33 +649,6 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - type: array - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - type: object - required: - - name - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: description: |- Limits describes the maximum amount of compute resources allowed. @@ -756,10 +713,7 @@ spec: x-kubernetes-list-type: atomic privileged: description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. + Run container in privileged mode. This can only be set to explicitly to 'false' type: boolean readOnlyRootFilesystem: description: |- @@ -816,7 +770,6 @@ spec: type indicates which kind of seccomp profile will be applied. Valid options are: - Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. @@ -856,8 +809,6 @@ spec: grpc: description: GRPC specifies an action involving a GRPC port. type: object - required: - - port properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -868,9 +819,9 @@ spec: Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. type: string + default: "" httpGet: description: HTTPGet specifies the http request to perform. type: object @@ -923,7 +874,8 @@ spec: type: integer format: int32 periodSeconds: - description: How often (in seconds) to perform the probe. + description: |- + How often (in seconds) to perform the probe. type: integer format: int32 successThreshold: @@ -1016,34 +968,39 @@ spec: Cannot be updated. type: string dnsConfig: - description: This is accessible behind a feature flag - kubernetes.podspec-dnsconfig + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnsconfig type: object x-kubernetes-preserve-unknown-fields: true dnsPolicy: - description: This is accessible behind a feature flag - kubernetes.podspec-dnspolicy + description: |- + This is accessible behind a feature flag - kubernetes.podspec-dnspolicy type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' + description: |- + EnableServiceLinks indicates whether information aboutservices should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false. type: boolean hostAliases: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases type: array items: - description: This is accessible behind a feature flag - kubernetes.podspec-hostaliases + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostaliases type: object x-kubernetes-preserve-unknown-fields: true hostIPC: - description: This is accessible behind a feature flag - kubernetes.podspec-hostipc + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostipc type: boolean - x-kubernetes-preserve-unknown-fields: true hostNetwork: - description: This is accessible behind a feature flag - kubernetes.podspec-hostnetwork + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostnetwork type: boolean - x-kubernetes-preserve-unknown-fields: true hostPID: - description: This is accessible behind a feature flag - kubernetes.podspec-hostpid + description: |- + This is accessible behind a feature flag - kubernetes.podspec-hostpid type: boolean - x-kubernetes-preserve-unknown-fields: true idleTimeoutSeconds: description: |- IdleTimeoutSeconds is the maximum duration in seconds a request will be allowed @@ -1069,9 +1026,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" x-kubernetes-map-type: atomic @@ -1080,33 +1035,23 @@ spec: x-kubernetes-list-type: map initContainers: description: |- - List of initialization containers belonging to the pod. - Init containers are executed in order prior to containers being started. If any - init container fails, the pod is considered to have failed and is handled according - to its restartPolicy. The name for an init container or normal container must be - unique among all containers. - Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. - The resourceRequirements of an init container are taken into account during scheduling - by finding the highest request/limit for each resource type, and then using the max of - of that value or the sum of the normal containers. Limits are applied to init containers - in a similar fashion. - Init containers cannot currently be added or removed. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + This is accessible behind a feature flag - kubernetes.podspec-init-containers type: array items: description: This is accessible behind a feature flag - kubernetes.podspec-init-containers type: object x-kubernetes-preserve-unknown-fields: true nodeSelector: - description: This is accessible behind a feature flag - kubernetes.podspec-nodeselector + description: |- + This is accessible behind a feature flag - kubernetes.podspec-nodeselector type: object - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string x-kubernetes-map-type: atomic priorityClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-priorityclassname + description: |- + This is accessible behind a feature flag - kubernetes.podspec-priorityclassname type: string - x-kubernetes-preserve-unknown-fields: true responseStartTimeoutSeconds: description: |- ResponseStartTimeoutSeconds is the maximum duration in seconds that the request @@ -1115,15 +1060,16 @@ spec: type: integer format: int64 runtimeClassName: - description: This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname + description: |- + This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname type: string - x-kubernetes-preserve-unknown-fields: true schedulerName: - description: This is accessible behind a feature flag - kubernetes.podspec-schedulername + description: |- + This is accessible behind a feature flag - kubernetes.podspec-schedulername type: string - x-kubernetes-preserve-unknown-fields: true securityContext: - description: This is accessible behind a feature flag - kubernetes.podspec-securitycontext + description: |- + This is accessible behind a feature flag - kubernetes.podspec-securitycontext type: object x-kubernetes-preserve-unknown-fields: true serviceAccountName: @@ -1132,9 +1078,9 @@ spec: More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ type: string shareProcessNamespace: - description: This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace + description: |- + This is accessible behind a feature flag - kubernetes.podspec-shareprocessnamespace type: boolean - x-kubernetes-preserve-unknown-fields: true timeoutSeconds: description: |- TimeoutSeconds is the maximum duration in seconds that the request instance @@ -1146,12 +1092,13 @@ spec: description: This is accessible behind a feature flag - kubernetes.podspec-tolerations type: array items: - description: This is accessible behind a feature flag - kubernetes.podspec-tolerations + description: |- + This is accessible behind a feature flag - kubernetes.podspec-tolerations type: object x-kubernetes-preserve-unknown-fields: true - x-kubernetes-list-type: atomic topologySpreadConstraints: - description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints + description: |- + This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints type: array items: description: This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints @@ -1227,9 +1174,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -1237,11 +1182,13 @@ spec: type: boolean x-kubernetes-map-type: atomic emptyDir: - description: This is accessible behind a feature flag - kubernetes.podspec-emptydir + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-emptydir type: object x-kubernetes-preserve-unknown-fields: true hostPath: - description: This is accessible behind a feature flag - kubernetes.podspec-hostpath + description: |- + This is accessible behind a feature flag - kubernetes.podspec-volumes-hostpath type: object x-kubernetes-preserve-unknown-fields: true name: @@ -1251,7 +1198,8 @@ spec: More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string persistentVolumeClaim: - description: This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim + description: |- + This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim type: object x-kubernetes-preserve-unknown-fields: true projected: @@ -1323,9 +1271,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: @@ -1442,9 +1388,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string default: "" optional: diff --git a/go.mod b/go.mod index f88a138ce50b..9884e4ae69d6 100644 --- a/go.mod +++ b/go.mod @@ -27,6 +27,7 @@ require ( golang.org/x/time v0.6.0 google.golang.org/api v0.183.0 google.golang.org/grpc v1.68.0 + gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.30.3 k8s.io/apiextensions-apiserver v0.30.3 k8s.io/apimachinery v0.30.3 @@ -152,7 +153,6 @@ require ( google.golang.org/protobuf v1.35.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 // indirect k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect k8s.io/klog v1.0.0 // indirect diff --git a/hack/schemapatch-config.yaml b/hack/schemapatch-config.yaml deleted file mode 100644 index 23109fa79738..000000000000 --- a/hack/schemapatch-config.yaml +++ /dev/null @@ -1,351 +0,0 @@ -# This is the config file for schema generation via controller-tool's schemapatch -# command. It's used by update-schemas.sh. -k8s.io/api/core/v1.Volume: - fieldMask: - - Name - - VolumeSource -k8s.io/api/core/v1.VolumeSource: - fieldMask: - - Secret - - ConfigMap - - Projected - # Following are behind feature flags - - EmptyDir - - PersistentVolumeClaim - - HostPath -k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource: - description: "This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields -k8s.io/api/core/v1.EmptyDirVolumeSource: - description: "This is accessible behind a feature flag - kubernetes.podspec-emptydir" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields -k8s.io/api/core/v1.HostPathVolumeSource: - description: "This is accessible behind a feature flag - kubernetes.podspec-hostpath" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields -k8s.io/api/core/v1.VolumeProjection: - fieldMask: - - Secret - - ConfigMap - - ServiceAccountToken - - DownwardAPI -k8s.io/api/core/v1.ConfigMapProjection: - fieldMask: - - LocalObjectReference - - Items - - Optional -k8s.io/api/core/v1.SecretProjection: - fieldMask: - - LocalObjectReference - - Items - - Optional -k8s.io/api/core/v1.ServiceAccountTokenProjection: - fieldMask: - - Audience - - ExpirationSeconds - - Path -k8s.io/api/core/v1.KeyToPath: - fieldMask: - - Key - - Path - - Mode -k8s.io/api/core/v1.PodSpec: - fieldMask: - - ServiceAccountName - - Containers - - Volumes - - ImagePullSecrets - - EnableServiceLinks - - AutomountServiceAccountToken - # Properties behind feature flags - - Affinity - - DNSConfig - - DNSPolicy - - HostAliases - - InitContainers - - NodeSelector - - PriorityClassName - - HostIPC - - HostPID - - HostNetwork - - RuntimeClassName - - SchedulerName - - SecurityContext - - ShareProcessNamespace - - Tolerations - - TopologySpreadConstraints - fieldOverrides: - Affinity: - description: "This is accessible behind a feature flag - kubernetes.podspec-affinity" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - DNSPolicy: - description: "This is accessible behind a feature flag - kubernetes.podspec-dnspolicy" - DNSConfig: - description: "This is accessible behind a feature flag - kubernetes.podspec-dnsconfig" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - EnableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Knative defaults this to false.' - HostAliases: - description: "This is accessible behind a feature flag - kubernetes.podspec-hostaliases" - additionalMarkers: - - kubebuilder:validation:DropListMapMarkers - itemOverride: - description: "This is accessible behind a feature flag - kubernetes.podspec-hostaliases" - additionalMarkers: - # # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - Containers: - additionalMarkers: - - kubebuilder:validation:DropListMapMarkers - InitContainers: - additionalMarkers: - - kubebuilder:validation:DropListMapMarkers - itemOverride: - description: "This is accessible behind a feature flag - kubernetes.podspec-init-containers" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - NodeSelector: - description: "This is accessible behind a feature flag - kubernetes.podspec-nodeselector" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - PriorityClassName: - description: "This is accessible behind a feature flag - kubernetes.podspec-priorityclassname" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - RuntimeClassName: - description: "This is accessible behind a feature flag - kubernetes.podspec-runtimeclassname" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - SchedulerName: - description: "This is accessible behind a feature flag - kubernetes.podspec-schedulername" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - SecurityContext: - description: "This is accessible behind a feature flag - kubernetes.podspec-securitycontext" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - ShareProcessNamespace: - description: "This is accessible behind a feature flag - kubernetes.podspec-shareproccessnamespace" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - HostIPC: - description: "This is accessible behind a feature flag - kubernetes.podspec-hostipc" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - HostPID: - description: "This is accessible behind a feature flag - kubernetes.podspec-hostpid" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - HostNetwork: - description: "This is accessible behind a feature flag - kubernetes.podspec-hostnetwork" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - Tolerations: - description: "This is accessible behind a feature flag - kubernetes.podspec-tolerations" - itemOverride: - description: "This is accessible behind a feature flag - kubernetes.podspec-tolerations" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - TopologySpreadConstraints: - description: "This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints" - additionalMarkers: - - kubebuilder:validation:DropListMapMarkers - itemOverride: - description: "This is accessible behind a feature flag - kubernetes.podspec-topologyspreadconstraints" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields -k8s.io/api/core/v1.Container: - fieldMask: - - Name - - Args - - Command - - Env - - WorkingDir - - EnvFrom - - Image - - ImagePullPolicy - - LivenessProbe - - Ports - - ReadinessProbe - - Resources - - SecurityContext - - StartupProbe - - TerminationMessagePath - - TerminationMessagePolicy - - VolumeMounts - fieldOverrides: - Name: - additionalMarkers: - - optional - Ports: - additionalMarkers: - - optional -k8s.io/api/core/v1.VolumeMount: - fieldMask: - - Name - - ReadOnly - - MountPath - - SubPath -k8s.io/api/core/v1.Probe: - fieldMask: - - ProbeHandler - - InitialDelaySeconds - - TimeoutSeconds - - PeriodSeconds - - SuccessThreshold - - FailureThreshold - fieldOverrides: - PeriodSeconds: - description: "How often (in seconds) to perform the probe." -k8s.io/api/core/v1.ProbeHandler: - fieldMask: - - Exec - - HTTPGet - - TCPSocket - - GRPC -k8s.io/api/core/v1.GRPCAction: - fieldMask: - - Port - - Service -k8s.io/api/core/v1.ExecAction: - fieldMask: - - Command -k8s.io/api/core/v1.HTTPGetAction: - fieldMask: - - Host - - Path - - Scheme - - HTTPHeaders - - Port - fieldOverrides: - Port: - additionalMarkers: - - optional -k8s.io/api/core/v1.TCPSocketAction: - fieldMask: - - Host - - Port - fieldOverrides: - Port: - additionalMarkers: - - optional -k8s.io/api/core/v1.ContainerPort: - fieldMask: - - ContainerPort - - Name - - Protocol -k8s.io/api/core/v1.EnvVar: - fieldMask: - - Name - - Value - - ValueFrom -k8s.io/api/core/v1.EnvVarSource: - fieldMask: - - ConfigMapKeyRef - - SecretKeyRef - - FieldRef - - ResourceFieldRef - fieldOverrides: - FieldRef: - description: "This is accessible behind a feature flag - kubernetes.podspec-fieldref" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields - ResourceFieldRef: - description: "This is accessible behind a feature flag - kubernetes.podspec-fieldref" - additionalMarkers: - # Part of a feature flag - so we want to omit the schema and preserve unknown fields - - kubebuilder:validation:DropProperties - - kubebuilder:pruning:PreserveUnknownFields -k8s.io/api/core/v1.LocalObjectReference: - fieldMask: - - Name -k8s.io/api/core/v1.ConfigMapKeySelectorMask: - fieldMask: - - Key - - Optional - - LocalObjectReference -k8s.io/api/core/v1.SecretKeySelectorMask: - fieldMask: - - Key - - Optional - - LocalObjectReference -k8s.io/api/core/v1.ConfigMapEnvSource: - fieldMask: - - Optional - - LocalObjectReference -k8s.io/api/core/v1.SecretEnvSource: - fieldMask: - - Optional - - LocalObjectReference -k8s.io/api/core/v1.EnvFromSource: - fieldMask: - - Prefix - - ConfigMapRef - - SecretRef -k8s.io/api/core/v1.ResourceRequirementsMask: - fieldMask: - - Limits - - Requests -k8s.io/api/core/v1.SecurityContext: - fieldMask: - - AllowPrivilegeEscalation - - Capabilities - - ReadOnlyRootFilesystem - - RunAsGroup - - RunAsNonRoot - - RunAsUser - - SeccompProfile - - Privileged -k8s.io/api/core/v1.Capabilities: - fieldMask: - - Add - - Drop - fieldOverrides: - Add: - description: "This is accessible behind a feature flag - kubernetes.containerspec-addcapabilities" -k8s.io/api/core/v1.ObjectReference: - fieldMask: - - APIVersion - - Kind - - Name diff --git a/hack/update-schemas.sh b/hack/update-schemas.sh index 6db62dd45c0e..dbaf1f458d42 100755 --- a/hack/update-schemas.sh +++ b/hack/update-schemas.sh @@ -18,27 +18,7 @@ set -o errexit set -o nounset set -o pipefail -# Install patched schemagen into a temporary directory. -# -# We need a patched version because -# 1. There's a bug that makes our URL types unusable -# see https://github.com/kubernetes-sigs/controller-tools/issues/560 -# 2. We need specialized logic to filter down the surface of PodSpec we allow in Knative. -# The respective config for this is in `schemapatch-config.yaml` -export GOBIN -GOBIN=$(mktemp -d) -export PATH="$GOBIN:$PATH" - -( - cd "$GOBIN" - mkdir controller-tools - cd controller-tools - go mod init tools - # Pinned for reproducible builds. - go mod edit -replace=sigs.k8s.io/controller-tools@v0.9.0=github.com/dprotaso/controller-tools@knative - go get -d sigs.k8s.io/controller-tools/cmd/controller-gen@v0.9.0 - go install sigs.k8s.io/controller-tools/cmd/controller-gen -) + # Create a backup for every linked CRD. links=$(find "$(dirname "$0")/../config/core/300-resources" -type l) @@ -46,12 +26,13 @@ for link in $links; do cp "$link" "$link.bkp" done -controller-gen \ +go run sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.5 \ schemapatch:manifests=config/core/300-resources,generateEmbeddedObjectMeta=true \ - typeOverrides="$(dirname $0)/schemapatch-config.yaml" \ output:dir=config/core/300-resources \ paths=./pkg/apis/... +go run ./cmd/schema-tweak + # Restore linked CRDs. for link in $links; do cat "$link.bkp" > "$link" diff --git a/pkg/apis/config/features.go b/pkg/apis/config/features.go index 79f381d451c8..56db93419c74 100644 --- a/pkg/apis/config/features.go +++ b/pkg/apis/config/features.go @@ -51,6 +51,32 @@ const ( AllowHTTPFullDuplexFeatureKey = "features.knative.dev/http-full-duplex" ) +// Feature config map keys that are used in schema-tweak +const ( + FeatureContainerSpecAddCapabilities = "kubernetes.containerspec-addcapabilities" + FeaturePodSpecAffinity = "kubernetes.podspec-affinity" + FeaturePodSpecDNSConfig = "kubernetes.podspec-dnsconfig" + FeaturePodSpecDNSPolicy = "kubernetes.podspec-dnspolicy" + FeaturePodSpecDryRun = "kubernetes.podspec-dryrun" + FeaturePodSpecEmptyDir = "kubernetes.podspec-volumes-emptydir" + FeaturePodSpecFieldRef = "kubernetes.podspec-fieldref" + FeaturePodSpecHostAliases = "kubernetes.podspec-hostaliases" + FeaturePodSpecHostIPC = "kubernetes.podspec-hostipc" + FeaturePodSpecHostNetwork = "kubernetes.podspec-hostnetwork" + FeaturePodSpecHostPID = "kubernetes.podspec-hostpid" + FeaturePodSpecHostPath = "kubernetes.podspec-volumes-hostpath" + FeaturePodSpecInitContainers = "kubernetes.podspec-init-containers" + FeaturePodSpecNodeSelector = "kubernetes.podspec-nodeselector" + FeaturePodSpecPVClaim = "kubernetes.podspec-persistent-volume-claim" + FeaturePodSpecPriorityClassName = "kubernetes.podspec-priorityclassname" + FeaturePodSpecRuntimeClassName = "kubernetes.podspec-runtimeclassname" + FeaturePodSpecSchedulerName = "kubernetes.podspec-schedulername" + FeaturePodSpecSecurityContext = "kubernetes.podspec-securitycontext" + FeaturePodSpecShareProcessNamespace = "kubernetes.podspec-shareprocessnamespace" + FeaturePodSpecTolerations = "kubernetes.podspec-tolerations" + FeaturePodSpecTopologySpreadConstraints = "kubernetes.podspec-topologyspreadconstraints" +) + func defaultFeaturesConfig() *Features { return &Features{ MultiContainer: Enabled, @@ -91,37 +117,38 @@ func NewFeaturesConfigFromMap(data map[string]string) (*Features, error) { nc := defaultFeaturesConfig() if err := cm.Parse(data, - asFlag("multi-container", &nc.MultiContainer), - asFlag("multi-container-probing", &nc.MultiContainerProbing), - asFlag("kubernetes.podspec-affinity", &nc.PodSpecAffinity), - asFlag("kubernetes.podspec-topologyspreadconstraints", &nc.PodSpecTopologySpreadConstraints), + asFlag("autodetect-http2", &nc.AutoDetectHTTP2), asFlag("kubernetes.podspec-dryrun", &nc.PodSpecDryRun), - asFlag("kubernetes.podspec-hostaliases", &nc.PodSpecHostAliases), - asFlag("kubernetes.podspec-fieldref", &nc.PodSpecFieldRef), - asFlag("kubernetes.podspec-nodeselector", &nc.PodSpecNodeSelector), - asFlag("kubernetes.podspec-runtimeclassname", &nc.PodSpecRuntimeClassName), - asFlag("kubernetes.podspec-securitycontext", &nc.PodSpecSecurityContext), - asFlag("kubernetes.podspec-shareprocessnamespace", &nc.PodSpecShareProcessNamespace), - asFlag("kubernetes.podspec-hostipc", &nc.PodSpecHostIPC), - asFlag("kubernetes.podspec-priorityclassname", &nc.PodSpecPriorityClassName), - asFlag("kubernetes.podspec-schedulername", &nc.PodSpecSchedulerName), - asFlag("kubernetes.containerspec-addcapabilities", &nc.ContainerSpecAddCapabilities), - asFlag("kubernetes.podspec-tolerations", &nc.PodSpecTolerations), - asFlag("kubernetes.podspec-volumes-emptydir", &nc.PodSpecVolumesEmptyDir), - asFlag("kubernetes.podspec-volumes-hostpath", &nc.PodSpecVolumesHostPath), - asFlag("kubernetes.podspec-hostipc", &nc.PodSpecHostIPC), - asFlag("kubernetes.podspec-hostpid", &nc.PodSpecHostPID), - asFlag("kubernetes.podspec-hostnetwork", &nc.PodSpecHostNetwork), - asFlag("kubernetes.podspec-init-containers", &nc.PodSpecInitContainers), - asFlag("kubernetes.podspec-persistent-volume-claim", &nc.PodSpecPersistentVolumeClaim), asFlag("kubernetes.podspec-persistent-volume-write", &nc.PodSpecPersistentVolumeWrite), - asFlag("kubernetes.podspec-dnspolicy", &nc.PodSpecDNSPolicy), - asFlag("kubernetes.podspec-dnsconfig", &nc.PodSpecDNSConfig), + asFlag("multi-container", &nc.MultiContainer), + asFlag("multi-container-probing", &nc.MultiContainerProbing), + asFlag("queueproxy.mount-podinfo", &nc.QueueProxyMountPodInfo), + asFlag("queueproxy.resource-defaults", &nc.QueueProxyResourceDefaults), asFlag("secure-pod-defaults", &nc.SecurePodDefaults), asFlag("tag-header-based-routing", &nc.TagHeaderBasedRouting), - asFlag("queueproxy.resource-defaults", &nc.QueueProxyResourceDefaults), - asFlag("queueproxy.mount-podinfo", &nc.QueueProxyMountPodInfo), - asFlag("autodetect-http2", &nc.AutoDetectHTTP2)); err != nil { + asFlag(FeatureContainerSpecAddCapabilities, &nc.ContainerSpecAddCapabilities), + asFlag(FeaturePodSpecAffinity, &nc.PodSpecAffinity), + asFlag(FeaturePodSpecDNSConfig, &nc.PodSpecDNSConfig), + asFlag(FeaturePodSpecDNSPolicy, &nc.PodSpecDNSPolicy), + asFlag(FeaturePodSpecEmptyDir, &nc.PodSpecVolumesEmptyDir), + asFlag(FeaturePodSpecFieldRef, &nc.PodSpecFieldRef), + asFlag(FeaturePodSpecHostAliases, &nc.PodSpecHostAliases), + asFlag(FeaturePodSpecHostIPC, &nc.PodSpecHostIPC), + asFlag(FeaturePodSpecHostIPC, &nc.PodSpecHostIPC), + asFlag(FeaturePodSpecHostNetwork, &nc.PodSpecHostNetwork), + asFlag(FeaturePodSpecHostPID, &nc.PodSpecHostPID), + asFlag(FeaturePodSpecHostPath, &nc.PodSpecVolumesHostPath), + asFlag(FeaturePodSpecInitContainers, &nc.PodSpecInitContainers), + asFlag(FeaturePodSpecNodeSelector, &nc.PodSpecNodeSelector), + asFlag(FeaturePodSpecPVClaim, &nc.PodSpecPersistentVolumeClaim), + asFlag(FeaturePodSpecPriorityClassName, &nc.PodSpecPriorityClassName), + asFlag(FeaturePodSpecRuntimeClassName, &nc.PodSpecRuntimeClassName), + asFlag(FeaturePodSpecSchedulerName, &nc.PodSpecSchedulerName), + asFlag(FeaturePodSpecSecurityContext, &nc.PodSpecSecurityContext), + asFlag(FeaturePodSpecShareProcessNamespace, &nc.PodSpecShareProcessNamespace), + asFlag(FeaturePodSpecTolerations, &nc.PodSpecTolerations), + asFlag(FeaturePodSpecTopologySpreadConstraints, &nc.PodSpecTopologySpreadConstraints), + ); err != nil { return nil, err } return nc, nil