diff --git a/VERSION b/VERSION
index 6085e94..f0bb29e 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.2.1
+1.3.0
diff --git a/build.gradle.kts b/build.gradle.kts
index bb39c52..4d3e090 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -33,7 +33,9 @@ val k8sVersions = listOf(
"v1.29.0",
"v1.30.0",
"v1.31.7",
- "v1.32.3"
+ "v1.32.3",
+ "v1.33.6",
+ "v1.34.2",
)
configurations {
@@ -47,8 +49,9 @@ configurations {
dependencies {
implementation(libs.moshiKotlin)
- // used to quote identifiers
+ implementation(libs.pklParser)
implementation(libs.pklCore)
+ implementation(libs.pklFormatter)
// used for lexing
implementation(libs.antlr)
}
@@ -69,9 +72,8 @@ tasks.idea {
}
tasks.compileKotlin {
- kotlinOptions {
- freeCompilerArgs = freeCompilerArgs +
- listOf("-Xjsr305=strict", "-Xjvm-default=all", "-opt-in=kotlin.RequiresOptIn")
+ compilerOptions {
+ freeCompilerArgs.addAll(listOf("-Xjsr305=strict", "-Xjvm-default=all", "-opt-in=kotlin.RequiresOptIn"))
}
}
@@ -164,7 +166,7 @@ val originalRemoteName = System.getenv("PKL_ORIGINAL_REMOTE_NAME") ?: "origin"
spotless {
ratchetFrom = "$originalRemoteName/main"
kotlin {
- licenseHeader(
+ (
"""
/**
* Copyright © ${'$'}YEAR Apple Inc. and the Pkl project authors. All rights reserved.
diff --git a/generated-package/api/admissionregistration/v1/MatchCondition.pkl b/generated-package/api/admissionregistration/v1/MatchCondition.pkl
index a36b300..08a2054 100644
--- a/generated-package/api/admissionregistration/v1/MatchCondition.pkl
+++ b/generated-package/api/admissionregistration/v1/MatchCondition.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@ extends ".../K8sObject.pkl"
///
/// Must evaluate to bool.
/// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
-///
+///
/// 'object' - The object from the incoming request.
/// The value is null for DELETE requests.
/// 'oldObject' - The existing object.
@@ -37,7 +37,7 @@ extends ".../K8sObject.pkl"
/// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
/// request resource.
/// Documentation on CEL:
-///
+///
/// Required.
expression: String
@@ -45,7 +45,6 @@ expression: String
///
/// A good name should be descriptive of the associated expression.
/// Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
-///
+///
/// Required.
name: String
-
diff --git a/generated-package/api/admissionregistration/v1/MatchResources.pkl b/generated-package/api/admissionregistration/v1/MatchResources.pkl
index ceb71c5..bab75f5 100644
--- a/generated-package/api/admissionregistration/v1/MatchResources.pkl
+++ b/generated-package/api/admissionregistration/v1/MatchResources.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -28,13 +28,13 @@ import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
/// matchPolicy defines how the "MatchResources" list is used to match incoming requests.
///
/// Allowed values are "Exact" or "Equivalent".
-///
+///
/// - Exact: match a request only if it exactly matches a specified rule.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
-///
+///
/// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
-///
+///
/// Defaults to "Equivalent"
matchPolicy: String?
@@ -52,7 +52,7 @@ excludeResourceRules: Listing?
///
/// If the object itself is a namespace, the matching is performed on object.metadata.labels.
/// If the object is another cluster scoped resource, it never skips the policy.
-///
+///
/// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -65,7 +65,7 @@ excludeResourceRules: Listing?
/// }
/// ]
/// }
-///
+///
/// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -78,9 +78,9 @@ excludeResourceRules: Listing?
/// }
/// ]
/// }
-///
+///
/// See for more examples of label selectors.
-///
+///
/// Default to the empty LabelSelector, which matches everything.
namespaceSelector: LabelSelector?
@@ -124,16 +124,16 @@ class NamedRuleWithOperations {
/// Resources is a list of resources this rule applies to.
///
- ///
+ ///
/// For example: 'pods' means pods.
/// 'pods/log' means the log subresource of pods.
/// '*' means all resources, but not subresources.
/// 'pods/*' means all subresources of pods.
/// '*/scale' means all scale subresources.
/// '*/*' means all resources and their subresources.
- ///
+ ///
/// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
- ///
+ ///
/// Depending on the enclosing object, subresources might not be allowed.
/// Required.
resources: Listing
@@ -145,4 +145,3 @@ class NamedRuleWithOperations {
/// Required.
apiGroups: Listing
}
-
diff --git a/generated-package/api/admissionregistration/v1/MutatingWebhookConfiguration.pkl b/generated-package/api/admissionregistration/v1/MutatingWebhookConfiguration.pkl
index 315c9aa..6bf9ac8 100644
--- a/generated-package/api/admissionregistration/v1/MutatingWebhookConfiguration.pkl
+++ b/generated-package/api/admissionregistration/v1/MutatingWebhookConfiguration.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,11 +20,11 @@ open module k8s.api.admissionregistration.v1.MutatingWebhookConfiguration
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../api/admissionregistration/v1/MatchCondition.pkl"
import ".../api/admissionregistration/v1/RuleWithOperations.pkl"
import ".../api/admissionregistration/v1/WebhookClientConfig.pkl"
-import ".../api/admissionregistration/v1/MatchCondition.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1"
@@ -48,22 +48,22 @@ class MutatingWebhook {
/// matchPolicy defines how the "rules" list is used to match incoming requests.
///
/// Allowed values are "Exact" or "Equivalent".
- ///
+ ///
/// - Exact: match a request only if it exactly matches a specified rule.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
- ///
+ ///
/// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
- ///
+ ///
/// Defaults to "Equivalent"
- matchPolicy: ("Exact"|"Equivalent")?
+ matchPolicy: ("Exact" | "Equivalent")?
/// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation.
///
/// Allowed values are "Never" and "IfNeeded".
- ///
+ ///
/// Never: the webhook will not be called more than once in a single admission evaluation.
- ///
+ ///
/// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call.
/// Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted.
/// Note:
@@ -71,9 +71,9 @@ class MutatingWebhook {
/// * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again.
/// * webhooks that use this option may be reordered to minimize the number of additional invocations.
/// * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
- ///
+ ///
/// Defaults to "Never".
- reinvocationPolicy: ("Never"|"IfNeeded")?
+ reinvocationPolicy: ("Never" | "IfNeeded")?
/// The name of the admission webhook.
///
@@ -85,7 +85,7 @@ class MutatingWebhook {
///
/// If the object itself is a namespace, the matching is performed on object.metadata.labels.
/// If the object is another cluster scoped resource, it never skips the webhook.
- ///
+ ///
/// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -98,7 +98,7 @@ class MutatingWebhook {
/// }
/// ]
/// }
- ///
+ ///
/// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -111,9 +111,9 @@ class MutatingWebhook {
/// }
/// ]
/// }
- ///
+ ///
/// See for more examples of label selectors.
- ///
+ ///
/// Default to the empty LabelSelector, which matches everything.
namespaceSelector: LabelSelector?
@@ -140,7 +140,7 @@ class MutatingWebhook {
/// Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector.
/// An empty list of matchConditions matches all requests.
/// There are a maximum of 64 match conditions allowed.
- ///
+ ///
/// The exact matching logic is (in order):
/// 1.
/// If ANY matchCondition evaluates to FALSE, the webhook is skipped.
@@ -164,13 +164,12 @@ class MutatingWebhook {
/// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail.
///
/// Defaults to Fail.
- failurePolicy: ("Ignore"|"Fail")?
+ failurePolicy: ("Ignore" | "Fail")?
/// SideEffects states whether this webhook has side effects.
///
/// Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).
/// Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone.
/// Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
- sideEffects: "None"|"NoneOnDryRun"
+ sideEffects: "None" | "NoneOnDryRun"
}
-
diff --git a/generated-package/api/admissionregistration/v1/MutatingWebhookConfigurationList.pkl b/generated-package/api/admissionregistration/v1/MutatingWebhookConfigurationList.pkl
index 6842461..b903509 100644
--- a/generated-package/api/admissionregistration/v1/MutatingWebhookConfigurationList.pkl
+++ b/generated-package/api/admissionregistration/v1/MutatingWebhookConfigurationList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1/MutatingWebhookConfiguration.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1"
@@ -34,4 +34,3 @@ metadata: ListMeta?
/// List of MutatingWebhookConfiguration.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1/RuleWithOperations.pkl b/generated-package/api/admissionregistration/v1/RuleWithOperations.pkl
index 8a9225a..74f4114 100644
--- a/generated-package/api/admissionregistration/v1/RuleWithOperations.pkl
+++ b/generated-package/api/admissionregistration/v1/RuleWithOperations.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -26,14 +26,14 @@ extends ".../K8sObject.pkl"
///
/// If '*' is present, the length of the slice must be one.
/// Required.
-operations: Listing<"CREATE"|"UPDATE"|"DELETE"|"CONNECT"|"*">?
+operations: Listing<"CREATE" | "UPDATE" | "DELETE" | "CONNECT" | "*">?
/// APIVersions is the API versions the resources belong to.
///
/// '*' is all versions.
/// If '*' is present, the length of the slice must be one.
/// Required.
-apiVersions: Listing<"*"|String>?
+apiVersions: Listing<"*" | String>?
/// scope specifies the scope of this rule.
///
@@ -43,20 +43,20 @@ apiVersions: Listing<"*"|String>?
/// "*" means that there are no scope restrictions.
/// Subresources match the scope of their parent resource.
/// Default is "*".
-scope: ("Cluster"|"Namespaced"|"*")?
+scope: ("Cluster" | "Namespaced" | "*")?
/// Resources is a list of resources this rule applies to.
///
-///
+///
/// For example: 'pods' means pods.
/// 'pods/log' means the log subresource of pods.
/// '*' means all resources, but not subresources.
/// 'pods/*' means all subresources of pods.
/// '*/scale' means all scale subresources.
/// '*/*' means all resources and their subresources.
-///
+///
/// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
-///
+///
/// Depending on the enclosing object, subresources might not be allowed.
/// Required.
resources: Listing
@@ -66,5 +66,4 @@ resources: Listing
/// '*' is all groups.
/// If '*' is present, the length of the slice must be one.
/// Required.
-apiGroups: Listing<"*"|String>?
-
+apiGroups: Listing<"*" | String>?
diff --git a/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicy.pkl b/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicy.pkl
index d7ee325..44e9081 100644
--- a/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicy.pkl
+++ b/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicy.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,10 +21,10 @@ open module k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/admissionregistration/v1/MatchCondition.pkl"
import ".../api/admissionregistration/v1/MatchResources.pkl"
import ".../apimachinery/pkg/apis/meta/v1/Condition.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1"
@@ -48,7 +48,7 @@ class ValidatingAdmissionPolicySpec {
///
/// Each variable is defined as a named CEL expression.
/// The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
- ///
+ ///
/// The expression of a variable can refer to other variables defined earlier in the list but not those after.
/// Thus, Variables must be sorted by the order of first appearance and acyclic.
variables: Listing?
@@ -70,9 +70,9 @@ class ValidatingAdmissionPolicySpec {
/// Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector.
/// An empty list of matchConditions matches all requests.
/// There are a maximum of 64 match conditions allowed.
- ///
+ ///
/// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
- ///
+ ///
/// The exact matching logic is (in order):
/// 1.
/// If ANY matchCondition evaluates to FALSE, the policy is skipped.
@@ -99,14 +99,14 @@ class ValidatingAdmissionPolicySpec {
/// failurePolicy defines how to handle failures for the admission policy.
///
/// Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
- ///
+ ///
/// A policy is invalid if spec.paramKind refers to a non-existent Kind.
/// A binding is invalid if spec.paramRef.name refers to a non-existent resource.
- ///
+ ///
/// failurePolicy does not define how validations that evaluate to false are handled.
- ///
+ ///
/// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
- ///
+ ///
/// Allowed values are Ignore or Fail.
/// Defaults to Fail.
failurePolicy: String?
@@ -151,10 +151,10 @@ class AuditAnnotation {
/// If the expression evaluates to null or empty string the audit annotation will be omitted.
/// The valueExpression may be no longer than 5kb in length.
/// If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
- ///
+ ///
/// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding.
/// All unique values produced by the valueExpressions will be joined together in a comma-separated list.
- ///
+ ///
/// Required.
valueExpression: String
@@ -162,12 +162,12 @@ class AuditAnnotation {
///
/// The audit annotation keys of a ValidatingAdmissionPolicy must be unique.
/// The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
- ///
+ ///
/// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
- ///
+ ///
/// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical.
/// In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
- ///
+ ///
/// Required.
key: String
}
@@ -184,7 +184,7 @@ class Validation {
/// Expression represents the expression which will be evaluated by CEL.
///
/// ref: CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
- ///
+ ///
/// - 'object' - The object from the incoming request.
/// The value is null for DELETE requests.
/// - 'oldObject' - The existing object.
@@ -201,10 +201,10 @@ class Validation {
/// See
/// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
/// request resource.
- ///
+ ///
/// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object.
/// No other metadata properties are accessible.
- ///
+ ///
/// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
/// Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'.
/// The keywords are:
@@ -214,7 +214,7 @@ class Validation {
/// - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
/// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
/// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
- ///
+ ///
/// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
/// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
/// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
@@ -280,4 +280,3 @@ class ExpressionWarning {
/// Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
warning: String
}
-
diff --git a/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyBinding.pkl b/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyBinding.pkl
index 5bc8471..4c86746 100644
--- a/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyBinding.pkl
+++ b/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyBinding.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -17,9 +17,9 @@
/// ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
///
/// ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
-///
+///
/// For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.
-///
+///
/// The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget.
/// Each evaluation of the policy is given an independent CEL cost budget.
/// Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.
@@ -29,9 +29,9 @@ open module k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
import ".../api/admissionregistration/v1/MatchResources.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1"
@@ -68,28 +68,28 @@ class ValidatingAdmissionPolicyBindingSpec {
/// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced.
///
/// If a validation evaluates to false it is always enforced according to these actions.
- ///
+ ///
/// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored.
/// This includes compilation errors, runtime errors and misconfigurations of the policy.
- ///
+ ///
/// validationActions is declared as a set of action values.
/// Order does not matter.
/// validationActions may not contain duplicates of the same action.
- ///
+ ///
/// The supported actions values are:
- ///
+ ///
/// "Deny" specifies that a validation failure results in a denied request.
- ///
+ ///
/// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299.
/// Warnings can be sent both for allowed or denied admission responses.
- ///
+ ///
/// "Audit" specifies that a validation failure is included in the published audit event for the request.
/// The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]"`
- ///
+ ///
/// Clients should expect to handle additional values by ignoring any values not recognized.
- ///
+ ///
/// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
- ///
+ ///
/// Required.
validationActions: Listing
}
@@ -98,10 +98,10 @@ class ValidatingAdmissionPolicyBindingSpec {
class ParamRef {
/// name is the name of the resource being referenced.
///
- ///
+ ///
/// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties.
/// If one is set, the other must be unset.
- ///
+ ///
/// A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.
name: String?
@@ -109,12 +109,12 @@ class ParamRef {
///
/// Allows limiting the search for params to a specific namespace.
/// Applies to both `name` and `selector` fields.
- ///
+ ///
/// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
- ///
+ ///
/// - If `paramKind` is cluster-scoped, this field MUST be unset.
/// Setting this field results in a configuration error.
- ///
+ ///
/// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset.
/// Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
namespace: String?
@@ -122,9 +122,9 @@ class ParamRef {
/// selector can be used to match multiple param objects based on their labels.
///
/// Supply selector: {} to match all resources of the ParamKind.
- ///
+ ///
/// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
- ///
+ ///
/// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties.
/// If one is set, the other must be unset.
selector: LabelSelector?
@@ -133,10 +133,9 @@ class ParamRef {
///
/// If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding.
/// If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
- ///
+ ///
/// Allowed values are `Allow` or `Deny`
- ///
+ ///
/// Required
parameterNotFoundAction: String?
}
-
diff --git a/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyBindingList.pkl b/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyBindingList.pkl
index 100ca51..c2d33ec 100644
--- a/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyBindingList.pkl
+++ b/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyBindingList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingLis
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1/ValidatingAdmissionPolicyBinding.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of PolicyBinding.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyList.pkl b/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyList.pkl
index bc995bd..fc9c7cc 100644
--- a/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyList.pkl
+++ b/generated-package/api/admissionregistration/v1/ValidatingAdmissionPolicyList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1/ValidatingAdmissionPolicy.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of ValidatingAdmissionPolicy.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1/ValidatingWebhookConfiguration.pkl b/generated-package/api/admissionregistration/v1/ValidatingWebhookConfiguration.pkl
index daa9672..e6efb8c 100644
--- a/generated-package/api/admissionregistration/v1/ValidatingWebhookConfiguration.pkl
+++ b/generated-package/api/admissionregistration/v1/ValidatingWebhookConfiguration.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,11 +20,11 @@ open module k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../api/admissionregistration/v1/MatchCondition.pkl"
import ".../api/admissionregistration/v1/RuleWithOperations.pkl"
import ".../api/admissionregistration/v1/WebhookClientConfig.pkl"
-import ".../api/admissionregistration/v1/MatchCondition.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1"
@@ -48,15 +48,15 @@ class ValidatingWebhook {
/// matchPolicy defines how the "rules" list is used to match incoming requests.
///
/// Allowed values are "Exact" or "Equivalent".
- ///
+ ///
/// - Exact: match a request only if it exactly matches a specified rule.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
- ///
+ ///
/// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
- ///
+ ///
/// Defaults to "Equivalent"
- matchPolicy: ("Exact"|"Equivalent")?
+ matchPolicy: ("Exact" | "Equivalent")?
/// The name of the admission webhook.
///
@@ -68,7 +68,7 @@ class ValidatingWebhook {
///
/// If the object itself is a namespace, the matching is performed on object.metadata.labels.
/// If the object is another cluster scoped resource, it never skips the webhook.
- ///
+ ///
/// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -81,7 +81,7 @@ class ValidatingWebhook {
/// }
/// ]
/// }
- ///
+ ///
/// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -94,9 +94,9 @@ class ValidatingWebhook {
/// }
/// ]
/// }
- ///
+ ///
/// See for more examples of label selectors.
- ///
+ ///
/// Default to the empty LabelSelector, which matches everything.
namespaceSelector: LabelSelector?
@@ -123,7 +123,7 @@ class ValidatingWebhook {
/// Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector.
/// An empty list of matchConditions matches all requests.
/// There are a maximum of 64 match conditions allowed.
- ///
+ ///
/// The exact matching logic is (in order):
/// 1.
/// If ANY matchCondition evaluates to FALSE, the webhook is skipped.
@@ -147,13 +147,12 @@ class ValidatingWebhook {
/// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail.
///
/// Defaults to Fail.
- failurePolicy: ("Ignore"|"Fail")?
+ failurePolicy: ("Ignore" | "Fail")?
/// SideEffects states whether this webhook has side effects.
///
/// Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).
/// Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone.
/// Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
- sideEffects: "None"|"NoneOnDryRun"
+ sideEffects: "None" | "NoneOnDryRun"
}
-
diff --git a/generated-package/api/admissionregistration/v1/ValidatingWebhookConfigurationList.pkl b/generated-package/api/admissionregistration/v1/ValidatingWebhookConfigurationList.pkl
index 0ff4711..10a7f90 100644
--- a/generated-package/api/admissionregistration/v1/ValidatingWebhookConfigurationList.pkl
+++ b/generated-package/api/admissionregistration/v1/ValidatingWebhookConfigurationList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1/ValidatingWebhookConfiguration.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1"
@@ -34,4 +34,3 @@ metadata: ListMeta?
/// List of ValidatingWebhookConfiguration.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1/WebhookClientConfig.pkl b/generated-package/api/admissionregistration/v1/WebhookClientConfig.pkl
index b221870..630c3ec 100644
--- a/generated-package/api/admissionregistration/v1/WebhookClientConfig.pkl
+++ b/generated-package/api/admissionregistration/v1/WebhookClientConfig.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -28,26 +28,26 @@ caBundle: String?
/// `service` is a reference to the service for this webhook.
///
/// Either `service` or `url` must be specified.
-///
+///
/// If the webhook is running within the cluster, then you should use `service`.
service: ServiceReference?((this != null).xor(url != null))
/// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`).
///
/// Exactly one of `url` or `service` must be specified.
-///
+///
/// The `host` should not refer to a service running in the cluster; use the `service` field instead.
/// The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation).
/// `host` may also be an IP address.
-///
+///
/// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook.
/// Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
-///
+///
/// The scheme must be "https"; the URL must begin with "
-///
+///
/// A path is optional, and if present may be any string permissible in a URL.
/// You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
-///
+///
/// Attempting to use a user or basic auth e.g. "user:password@" is not allowed.
/// Fragments ("#...") and query parameters ("?...") are not allowed, either.
url: String(matches(Regex("https://[^@#?]*")))?
@@ -73,4 +73,3 @@ class ServiceReference {
/// Required
namespace: String
}
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/MatchCondition.pkl b/generated-package/api/admissionregistration/v1alpha1/MatchCondition.pkl
index ce28631..d669e45 100644
--- a/generated-package/api/admissionregistration/v1alpha1/MatchCondition.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/MatchCondition.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -24,7 +24,7 @@ extends ".../K8sObject.pkl"
///
/// Must evaluate to bool.
/// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
-///
+///
/// 'object' - The object from the incoming request.
/// The value is null for DELETE requests.
/// 'oldObject' - The existing object.
@@ -36,7 +36,7 @@ extends ".../K8sObject.pkl"
/// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
/// request resource.
/// Documentation on CEL:
-///
+///
/// Required.
expression: String
@@ -44,7 +44,6 @@ expression: String
///
/// A good name should be descriptive of the associated expression.
/// Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
-///
+///
/// Required.
name: String
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/MatchResources.pkl b/generated-package/api/admissionregistration/v1alpha1/MatchResources.pkl
index 2393bf2..7b0b242 100644
--- a/generated-package/api/admissionregistration/v1alpha1/MatchResources.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/MatchResources.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -28,22 +28,23 @@ import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
/// matchPolicy defines how the "MatchResources" list is used to match incoming requests.
///
/// Allowed values are "Exact" or "Equivalent".
-///
+///
/// - Exact: match a request only if it exactly matches a specified rule.
-/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
-///
+/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, the admission policy does not consider requests to apps/v1beta1 or extensions/v1beta1 API groups.
+///
/// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
-/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
-///
+/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, the admission policy **does** consider requests made to apps/v1beta1 or extensions/v1beta1 API groups.
+/// The API server translates the request to a matched resource API if necessary.
+///
/// Defaults to "Equivalent"
matchPolicy: String?
-/// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
+/// ResourceRules describes what operations on what resources/subresources the admission policy matches.
///
/// The policy cares about an operation if it matches _any_ Rule.
resourceRules: Listing?
-/// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
+/// ExcludeResourceRules describes what operations on what resources/subresources the policy should not care about.
///
/// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
excludeResourceRules: Listing?
@@ -52,7 +53,7 @@ excludeResourceRules: Listing?
///
/// If the object itself is a namespace, the matching is performed on object.metadata.labels.
/// If the object is another cluster scoped resource, it never skips the policy.
-///
+///
/// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -65,7 +66,7 @@ excludeResourceRules: Listing?
/// }
/// ]
/// }
-///
+///
/// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -78,15 +79,15 @@ excludeResourceRules: Listing?
/// }
/// ]
/// }
-///
+///
/// See for more examples of label selectors.
-///
+///
/// Default to the empty LabelSelector, which matches everything.
namespaceSelector: LabelSelector?
-/// ObjectSelector decides whether to run the validation based on if the object has matching labels.
+/// ObjectSelector decides whether to run the policy based on if the object has matching labels.
///
-/// objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector.
+/// objectSelector is evaluated against both the oldObject and newObject that would be sent to the policy's expression (CEL), and is considered to match if either object matches the selector.
/// A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match.
/// Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels.
/// Default to the empty LabelSelector, which matches everything.
@@ -124,16 +125,16 @@ class NamedRuleWithOperations {
/// Resources is a list of resources this rule applies to.
///
- ///
+ ///
/// For example: 'pods' means pods.
/// 'pods/log' means the log subresource of pods.
/// '*' means all resources, but not subresources.
/// 'pods/*' means all subresources of pods.
/// '*/scale' means all scale subresources.
/// '*/*' means all resources and their subresources.
- ///
+ ///
/// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
- ///
+ ///
/// Depending on the enclosing object, subresources might not be allowed.
/// Required.
resources: Listing
@@ -145,4 +146,3 @@ class NamedRuleWithOperations {
/// Required.
apiGroups: Listing
}
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicy.pkl b/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicy.pkl
index 87a6925..7c2a9f3 100644
--- a/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicy.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicy.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,11 +21,11 @@ open module k8s.api.admissionregistration.v1alpha1.MutatingAdmissionPolicy
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../api/admissionregistration/v1alpha1/Variable.pkl"
-import ".../api/admissionregistration/v1alpha1/ParamKind.pkl"
import ".../api/admissionregistration/v1alpha1/MatchCondition.pkl"
import ".../api/admissionregistration/v1alpha1/MatchResources.pkl"
+import ".../api/admissionregistration/v1alpha1/ParamKind.pkl"
+import ".../api/admissionregistration/v1alpha1/Variable.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1alpha1"
@@ -42,9 +42,9 @@ class MutatingAdmissionPolicySpec {
/// reinvocationPolicy indicates whether mutations may be called multiple times per MutatingAdmissionPolicyBinding as part of a single admission evaluation.
///
/// Allowed values are "Never" and "IfNeeded".
- ///
+ ///
/// Never: These mutations will not be called more than once per binding in a single admission evaluation.
- ///
+ ///
/// IfNeeded: These mutations may be invoked more than once per binding for a single admission request and there is no guarantee of order with respect to other admission plugins, admission webhooks, bindings of this policy and admission policies.
/// Mutations are only reinvoked when mutations change the object after this mutation is invoked.
/// Required.
@@ -54,7 +54,7 @@ class MutatingAdmissionPolicySpec {
///
/// Each variable is defined as a named CEL expression.
/// The variables defined here will be available under `variables` in other expressions of the policy except matchConditions because matchConditions are evaluated before the rest of the policy.
- ///
+ ///
/// The expression of a variable can refer to other variables defined earlier in the list but not those after.
/// Thus, variables must be sorted by the order of first appearance and acyclic.
variables: Listing?
@@ -78,9 +78,9 @@ class MutatingAdmissionPolicySpec {
/// Match conditions filter requests that have already been matched by the matchConstraints.
/// An empty list of matchConditions matches all requests.
/// There are a maximum of 64 match conditions allowed.
- ///
+ ///
/// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
- ///
+ ///
/// The exact matching logic is (in order):
/// 1.
/// If ANY matchCondition evaluates to FALSE, the policy is skipped.
@@ -105,12 +105,12 @@ class MutatingAdmissionPolicySpec {
/// failurePolicy defines how to handle failures for the admission policy.
///
/// Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
- ///
+ ///
/// A policy is invalid if paramKind refers to a non-existent Kind.
/// A binding is invalid if paramRef.name refers to a non-existent resource.
- ///
+ ///
/// failurePolicy does not define how validations that evaluate to false are handled.
- ///
+ ///
/// Allowed values are Ignore or Fail.
/// Defaults to Fail.
failurePolicy: String?
@@ -141,25 +141,25 @@ class ApplyConfiguration {
/// expression will be evaluated by CEL to create an apply configuration.
///
/// ref:
- ///
+ ///
/// Apply configurations are declared in CEL using object initialization.
/// For example, this CEL expression returns an apply configuration to set a single field:
- ///
+ ///
/// Object{
/// spec: Object.spec{
/// serviceAccountName: "example"
/// }
/// }
- ///
+ ///
/// Apply configurations may not modify atomic structs, maps or arrays due to the risk of accidental deletion of values not included in the apply configuration.
- ///
+ ///
/// CEL expressions have access to the object types needed to create apply configurations:
- ///
+ ///
/// - 'Object' - CEL type of the resource object.
/// - 'Object.' - CEL type of object field (such as 'Object.spec') - 'Object.....` - CEL type of nested field (such as 'Object.spec.containers')
- ///
+ ///
/// CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables:
- ///
+ ///
/// - 'object' - The object from the incoming request.
/// The value is null for DELETE requests.
/// - 'oldObject' - The existing object.
@@ -176,10 +176,10 @@ class ApplyConfiguration {
/// See
/// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
/// request resource.
- ///
+ ///
/// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object.
/// No other metadata properties are accessible.
- ///
+ ///
/// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
/// Required.
expression: String
@@ -190,19 +190,19 @@ class JSONPatch {
/// expression will be evaluated by CEL to create a [JSON patch](
///
/// ref:
- ///
+ ///
/// expression must return an array of JSONPatch values.
- ///
+ ///
/// For example, this CEL expression returns a JSON patch to conditionally modify a value:
- ///
+ ///
/// [
/// JSONPatch{op: "test", path: "/spec/example", value: "Red"},
/// JSONPatch{op: "replace", path: "/spec/example", value: "Green"}
/// ]
- ///
+ ///
/// To define an object for the patch value, use Object types.
/// For example:
- ///
+ ///
/// [
/// JSONPatch{
/// op: "add",
@@ -210,10 +210,10 @@ class JSONPatch {
/// value: Object.spec.selector{matchLabels: {"environment": "test"}}
/// }
/// ]
- ///
+ ///
/// To use strings containing '/' and '~' as JSONPatch path keys, use "jsonpatch.escapeKey".
/// For example:
- ///
+ ///
/// [
/// JSONPatch{
/// op: "add",
@@ -221,9 +221,9 @@ class JSONPatch {
/// value: "test"
/// },
/// ]
- ///
+ ///
/// CEL expressions have access to the types needed to create JSON patches and objects:
- ///
+ ///
/// - 'JSONPatch' - CEL type of JSON Patch operations.
/// JSONPatch has the fields 'op', 'from', 'path' and 'value'.
/// See [JSON patch]( for more details.
@@ -234,9 +234,9 @@ class JSONPatch {
/// function may be used to escape path keys containing '/' and '~'.
/// - 'Object' - CEL type of the resource object.
/// - 'Object.' - CEL type of object field (such as 'Object.spec') - 'Object.....` - CEL type of nested field (such as 'Object.spec.containers')
- ///
+ ///
/// CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables:
- ///
+ ///
/// - 'object' - The object from the incoming request.
/// The value is null for DELETE requests.
/// - 'oldObject' - The existing object.
@@ -253,14 +253,13 @@ class JSONPatch {
/// See
/// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
/// request resource.
- ///
+ ///
/// CEL expressions have access to [Kubernetes CEL function libraries]( as well as:
- ///
+ ///
/// - 'jsonpatch.escapeKey' - Performs JSONPatch key escaping.
/// '~' and '/' are escaped as '~0' and `~1' respectively).
- ///
+ ///
/// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
/// Required.
expression: String
}
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyBinding.pkl b/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyBinding.pkl
index b84ef99..5251be6 100644
--- a/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyBinding.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyBinding.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -17,10 +17,10 @@
/// MutatingAdmissionPolicyBinding binds the MutatingAdmissionPolicy with parametrized resources.
///
/// MutatingAdmissionPolicyBinding and the optional parameter resource together define how cluster administrators configure policies for clusters.
-///
+///
/// For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.
/// Each evaluation is constrained by a [runtime cost budget](
-///
+///
/// Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.
@K8sVersion { introducedIn = "1.32" }
@ModuleInfo { minPklVersion = "0.25.0" }
@@ -28,9 +28,9 @@ open module k8s.api.admissionregistration.v1alpha1.MutatingAdmissionPolicyBindin
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../api/admissionregistration/v1alpha1/ParamRef.pkl"
import ".../api/admissionregistration/v1alpha1/MatchResources.pkl"
+import ".../api/admissionregistration/v1alpha1/ParamRef.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1alpha1"
@@ -67,4 +67,3 @@ class MutatingAdmissionPolicyBindingSpec {
/// '*' matches CREATE, UPDATE and CONNECT.
matchResources: MatchResources?
}
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyBindingList.pkl b/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyBindingList.pkl
index be98907..dfd1361 100644
--- a/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyBindingList.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyBindingList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.admissionregistration.v1alpha1.MutatingAdmissionPolicyBindin
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1alpha1/MutatingAdmissionPolicyBinding.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1alpha1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of PolicyBinding.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyList.pkl b/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyList.pkl
index 0cc3ab3..2d30aab 100644
--- a/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyList.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/MutatingAdmissionPolicyList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.admissionregistration.v1alpha1.MutatingAdmissionPolicyList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1alpha1/MutatingAdmissionPolicy.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1alpha1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of ValidatingAdmissionPolicy.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/ParamKind.pkl b/generated-package/api/admissionregistration/v1alpha1/ParamKind.pkl
index 7f67b61..458a30e 100644
--- a/generated-package/api/admissionregistration/v1alpha1/ParamKind.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/ParamKind.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -31,4 +31,3 @@ apiVersion: String
///
/// Required.
kind: String
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/ParamRef.pkl b/generated-package/api/admissionregistration/v1alpha1/ParamRef.pkl
index d76e7cc..21c4bd7 100644
--- a/generated-package/api/admissionregistration/v1alpha1/ParamRef.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/ParamRef.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@ import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
/// `name` is the name of the resource being referenced.
///
-///
+///
/// `name` and `selector` are mutually exclusive properties.
/// If one is set, the other must be unset.
name: String?
@@ -34,12 +34,12 @@ name: String?
///
/// Allows limiting the search for params to a specific namespace.
/// Applies to both `name` and `selector` fields.
-///
+///
/// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
-///
+///
/// - If `paramKind` is cluster-scoped, this field MUST be unset.
/// Setting this field results in a configuration error.
-///
+///
/// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset.
/// Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
namespace: String?
@@ -47,9 +47,9 @@ namespace: String?
/// selector can be used to match multiple param objects based on their labels.
///
/// Supply selector: {} to match all resources of the ParamKind.
-///
+///
/// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
-///
+///
/// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties.
/// If one is set, the other must be unset.
@K8sVersion { introducedIn = "1.28" }
@@ -59,8 +59,7 @@ selector: LabelSelector?
///
/// If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding.
/// If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
-///
+///
/// Allowed values are `Allow` or `Deny` Default to `Deny`
@K8sVersion { introducedIn = "1.28" }
parameterNotFoundAction: String?
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicy.pkl b/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicy.pkl
index 26129b0..0aa3572 100644
--- a/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicy.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicy.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,9 +21,9 @@ open module k8s.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicy
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/admissionregistration/v1alpha1/MatchResources.pkl"
import ".../apimachinery/pkg/apis/meta/v1/Condition.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1alpha1"
@@ -48,7 +48,7 @@ class ValidatingAdmissionPolicySpec {
///
/// Each variable is defined as a named CEL expression.
/// The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
- ///
+ ///
/// The expression of a variable can refer to other variables defined earlier in the list but not those after.
/// Thus, Variables must be sorted by the order of first appearance and acyclic.
@K8sVersion { introducedIn = "1.28" }
@@ -72,9 +72,9 @@ class ValidatingAdmissionPolicySpec {
/// Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector.
/// An empty list of matchConditions matches all requests.
/// There are a maximum of 64 match conditions allowed.
- ///
+ ///
/// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
- ///
+ ///
/// The exact matching logic is (in order):
/// 1.
/// If ANY matchCondition evaluates to FALSE, the policy is skipped.
@@ -102,14 +102,14 @@ class ValidatingAdmissionPolicySpec {
/// failurePolicy defines how to handle failures for the admission policy.
///
/// Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
- ///
+ ///
/// A policy is invalid if spec.paramKind refers to a non-existent Kind.
/// A binding is invalid if spec.paramRef.name refers to a non-existent resource.
- ///
+ ///
/// failurePolicy does not define how validations that evaluate to false are handled.
- ///
+ ///
/// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
- ///
+ ///
/// Allowed values are Ignore or Fail.
/// Defaults to Fail.
failurePolicy: String?
@@ -152,10 +152,10 @@ class AuditAnnotation {
/// If the expression evaluates to null or empty string the audit annotation will be omitted.
/// The valueExpression may be no longer than 5kb in length.
/// If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
- ///
+ ///
/// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding.
/// All unique values produced by the valueExpressions will be joined together in a comma-separated list.
- ///
+ ///
/// Required.
valueExpression: String
@@ -163,12 +163,12 @@ class AuditAnnotation {
///
/// The audit annotation keys of a ValidatingAdmissionPolicy must be unique.
/// The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
- ///
+ ///
/// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
- ///
+ ///
/// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical.
/// In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
- ///
+ ///
/// Required.
key: String
}
@@ -178,7 +178,7 @@ class MatchCondition {
///
/// Must evaluate to bool.
/// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
- ///
+ ///
/// 'object' - The object from the incoming request.
/// The value is null for DELETE requests.
/// 'oldObject' - The existing object.
@@ -190,7 +190,7 @@ class MatchCondition {
/// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
/// request resource.
/// Documentation on CEL:
- ///
+ ///
/// Required.
expression: String
@@ -198,7 +198,7 @@ class MatchCondition {
///
/// A good name should be descriptive of the associated expression.
/// Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
- ///
+ ///
/// Required.
name: String
}
@@ -215,7 +215,7 @@ class Validation {
/// Expression represents the expression which will be evaluated by CEL.
///
/// ref: CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
- ///
+ ///
/// - 'object' - The object from the incoming request.
/// The value is null for DELETE requests.
/// - 'oldObject' - The existing object.
@@ -232,10 +232,10 @@ class Validation {
/// See
/// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
/// request resource.
- ///
+ ///
/// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object.
/// No other metadata properties are accessible.
- ///
+ ///
/// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
/// Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'.
/// The keywords are:
@@ -245,7 +245,7 @@ class Validation {
/// - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
/// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
/// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
- ///
+ ///
/// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
/// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
/// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
@@ -312,4 +312,3 @@ class ExpressionWarning {
/// Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
warning: String
}
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyBinding.pkl b/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyBinding.pkl
index 8975a5d..2cd702f 100644
--- a/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyBinding.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyBinding.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -17,9 +17,9 @@
/// ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
///
/// ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
-///
+///
/// For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.
-///
+///
/// The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget.
/// Each evaluation of the policy is given an independent CEL cost budget.
/// Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.
@@ -29,9 +29,9 @@ open module k8s.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicyBind
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
import ".../api/admissionregistration/v1alpha1/MatchResources.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1alpha1"
@@ -68,28 +68,28 @@ class ValidatingAdmissionPolicyBindingSpec {
/// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced.
///
/// If a validation evaluates to false it is always enforced according to these actions.
- ///
+ ///
/// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored.
/// This includes compilation errors, runtime errors and misconfigurations of the policy.
- ///
+ ///
/// validationActions is declared as a set of action values.
/// Order does not matter.
/// validationActions may not contain duplicates of the same action.
- ///
+ ///
/// The supported actions values are:
- ///
+ ///
/// "Deny" specifies that a validation failure results in a denied request.
- ///
+ ///
/// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299.
/// Warnings can be sent both for allowed or denied admission responses.
- ///
+ ///
/// "Audit" specifies that a validation failure is included in the published audit event for the request.
/// The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
- ///
+ ///
/// Clients should expect to handle additional values by ignoring any values not recognized.
- ///
+ ///
/// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
- ///
+ ///
/// Required.
@K8sVersion { introducedIn = "1.27" }
validationActions: Listing
@@ -99,7 +99,7 @@ class ValidatingAdmissionPolicyBindingSpec {
class ParamRef {
/// `name` is the name of the resource being referenced.
///
- ///
+ ///
/// `name` and `selector` are mutually exclusive properties.
/// If one is set, the other must be unset.
name: String?
@@ -108,12 +108,12 @@ class ParamRef {
///
/// Allows limiting the search for params to a specific namespace.
/// Applies to both `name` and `selector` fields.
- ///
+ ///
/// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
- ///
+ ///
/// - If `paramKind` is cluster-scoped, this field MUST be unset.
/// Setting this field results in a configuration error.
- ///
+ ///
/// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset.
/// Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
namespace: String?
@@ -121,9 +121,9 @@ class ParamRef {
/// selector can be used to match multiple param objects based on their labels.
///
/// Supply selector: {} to match all resources of the ParamKind.
- ///
+ ///
/// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
- ///
+ ///
/// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties.
/// If one is set, the other must be unset.
@K8sVersion { introducedIn = "1.28" }
@@ -133,9 +133,8 @@ class ParamRef {
///
/// If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding.
/// If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
- ///
+ ///
/// Allowed values are `Allow` or `Deny` Default to `Deny`
@K8sVersion { introducedIn = "1.28" }
parameterNotFoundAction: String?
}
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyBindingList.pkl b/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyBindingList.pkl
index dac65bb..09e13ac 100644
--- a/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyBindingList.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyBindingList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicyBind
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyBinding.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1alpha1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of PolicyBinding.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyList.pkl b/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyList.pkl
index 4369007..6a4217f 100644
--- a/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyList.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/ValidatingAdmissionPolicyList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicyList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1alpha1/ValidatingAdmissionPolicy.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1alpha1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of ValidatingAdmissionPolicy.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1alpha1/Variable.pkl b/generated-package/api/admissionregistration/v1alpha1/Variable.pkl
index e834f38..a6ee7c6 100644
--- a/generated-package/api/admissionregistration/v1alpha1/Variable.pkl
+++ b/generated-package/api/admissionregistration/v1alpha1/Variable.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -31,4 +31,3 @@ expression: String
/// The name must be a valid CEL identifier and unique among all variables.
/// The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
name: String
-
diff --git a/generated-package/api/admissionregistration/v1beta1/MatchCondition.pkl b/generated-package/api/admissionregistration/v1beta1/MatchCondition.pkl
new file mode 100644
index 0000000..2ae2acd
--- /dev/null
+++ b/generated-package/api/admissionregistration/v1beta1/MatchCondition.pkl
@@ -0,0 +1,50 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook.
+@K8sVersion { introducedIn = "1.28" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+module k8s.api.admissionregistration.v1beta1.MatchCondition
+
+extends ".../K8sObject.pkl"
+
+/// Expression represents the expression which will be evaluated by CEL.
+///
+/// Must evaluate to bool.
+/// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
+///
+/// 'object' - The object from the incoming request.
+/// The value is null for DELETE requests.
+/// 'oldObject' - The existing object.
+/// The value is null for CREATE requests.
+/// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).
+/// 'authorizer' - A CEL Authorizer.
+/// May be used to perform authorization checks for the principal (user or service account) of the request.
+/// See
+/// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+/// request resource.
+/// Documentation on CEL:
+///
+/// Required.
+expression: String
+
+/// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes.
+///
+/// A good name should be descriptive of the associated expression.
+/// Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
+///
+/// Required.
+name: String
diff --git a/generated-package/api/admissionregistration/v1beta1/MatchResources.pkl b/generated-package/api/admissionregistration/v1beta1/MatchResources.pkl
index f77d7d9..ad2e611 100644
--- a/generated-package/api/admissionregistration/v1beta1/MatchResources.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/MatchResources.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -28,13 +28,13 @@ import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
/// matchPolicy defines how the "MatchResources" list is used to match incoming requests.
///
/// Allowed values are "Exact" or "Equivalent".
-///
+///
/// - Exact: match a request only if it exactly matches a specified rule.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
-///
+///
/// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
-///
+///
/// Defaults to "Equivalent"
matchPolicy: String?
@@ -52,7 +52,7 @@ excludeResourceRules: Listing?
///
/// If the object itself is a namespace, the matching is performed on object.metadata.labels.
/// If the object is another cluster scoped resource, it never skips the policy.
-///
+///
/// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -65,7 +65,7 @@ excludeResourceRules: Listing?
/// }
/// ]
/// }
-///
+///
/// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -78,9 +78,9 @@ excludeResourceRules: Listing?
/// }
/// ]
/// }
-///
+///
/// See for more examples of label selectors.
-///
+///
/// Default to the empty LabelSelector, which matches everything.
namespaceSelector: LabelSelector?
@@ -124,16 +124,16 @@ class NamedRuleWithOperations {
/// Resources is a list of resources this rule applies to.
///
- ///
+ ///
/// For example: 'pods' means pods.
/// 'pods/log' means the log subresource of pods.
/// '*' means all resources, but not subresources.
/// 'pods/*' means all subresources of pods.
/// '*/scale' means all scale subresources.
/// '*/*' means all resources and their subresources.
- ///
+ ///
/// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
- ///
+ ///
/// Depending on the enclosing object, subresources might not be allowed.
/// Required.
resources: Listing
@@ -145,4 +145,3 @@ class NamedRuleWithOperations {
/// Required.
apiGroups: Listing
}
-
diff --git a/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicy.pkl b/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicy.pkl
new file mode 100644
index 0000000..03904e8
--- /dev/null
+++ b/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicy.pkl
@@ -0,0 +1,265 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// MutatingAdmissionPolicy describes the definition of an admission mutation policy that mutates the object coming into admission chain.
+@K8sVersion { introducedIn = "1.34" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.admissionregistration.v1beta1.MutatingAdmissionPolicy
+
+extends ".../K8sResource.pkl"
+
+import ".../api/admissionregistration/v1beta1/MatchCondition.pkl"
+import ".../api/admissionregistration/v1beta1/MatchResources.pkl"
+import ".../api/admissionregistration/v1beta1/ParamKind.pkl"
+import ".../api/admissionregistration/v1beta1/Variable.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
+
+fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
+
+fixed kind: "MutatingAdmissionPolicy"
+
+/// Standard object metadata; More info:
+metadata: ObjectMeta?
+
+/// Specification of the desired behavior of the MutatingAdmissionPolicy.
+spec: MutatingAdmissionPolicySpec?
+
+/// MutatingAdmissionPolicySpec is the specification of the desired behavior of the admission policy.
+class MutatingAdmissionPolicySpec {
+ /// reinvocationPolicy indicates whether mutations may be called multiple times per MutatingAdmissionPolicyBinding as part of a single admission evaluation.
+ ///
+ /// Allowed values are "Never" and "IfNeeded".
+ ///
+ /// Never: These mutations will not be called more than once per binding in a single admission evaluation.
+ ///
+ /// IfNeeded: These mutations may be invoked more than once per binding for a single admission request and there is no guarantee of order with respect to other admission plugins, admission webhooks, bindings of this policy and admission policies.
+ /// Mutations are only reinvoked when mutations change the object after this mutation is invoked.
+ /// Required.
+ reinvocationPolicy: String
+
+ /// variables contain definitions of variables that can be used in composition of other expressions.
+ ///
+ /// Each variable is defined as a named CEL expression.
+ /// The variables defined here will be available under `variables` in other expressions of the policy except matchConditions because matchConditions are evaluated before the rest of the policy.
+ ///
+ /// The expression of a variable can refer to other variables defined earlier in the list but not those after.
+ /// Thus, variables must be sorted by the order of first appearance and acyclic.
+ variables: Listing?
+
+ /// mutations contain operations to perform on matching objects.
+ ///
+ /// mutations may not be empty; a minimum of one mutation is required.
+ /// mutations are evaluated in order, and are reinvoked according to the reinvocationPolicy.
+ /// The mutations of a policy are invoked for each binding of this policy and reinvocation of mutations occurs on a per binding basis.
+ mutations: Listing?
+
+ /// paramKind specifies the kind of resources used to parameterize this policy.
+ ///
+ /// If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.
+ /// If paramKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.
+ /// If paramKind is specified but paramRef is unset in MutatingAdmissionPolicyBinding, the params variable will be null.
+ paramKind: ParamKind?
+
+ /// matchConditions is a list of conditions that must be met for a request to be validated.
+ ///
+ /// Match conditions filter requests that have already been matched by the matchConstraints.
+ /// An empty list of matchConditions matches all requests.
+ /// There are a maximum of 64 match conditions allowed.
+ ///
+ /// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
+ ///
+ /// The exact matching logic is (in order):
+ /// 1.
+ /// If ANY matchCondition evaluates to FALSE, the policy is skipped.
+ /// 2.
+ /// If ALL matchConditions evaluate to TRUE, the policy is evaluated.
+ /// 3.
+ /// If any matchCondition evaluates to an error (but none are FALSE):
+ /// - If failurePolicy=Fail, reject the request
+ /// - If failurePolicy=Ignore, the policy is skipped
+ matchConditions: Listing?
+
+ /// matchConstraints specifies what resources this policy is designed to validate.
+ ///
+ /// The MutatingAdmissionPolicy cares about a request if it matches _all_ Constraints.
+ /// However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API MutatingAdmissionPolicy cannot match MutatingAdmissionPolicy and MutatingAdmissionPolicyBinding.
+ /// The CREATE, UPDATE and CONNECT operations are allowed.
+ /// The DELETE operation may not be matched.
+ /// '*' matches CREATE, UPDATE and CONNECT.
+ /// Required.
+ matchConstraints: MatchResources
+
+ /// failurePolicy defines how to handle failures for the admission policy.
+ ///
+ /// Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
+ ///
+ /// A policy is invalid if paramKind refers to a non-existent Kind.
+ /// A binding is invalid if paramRef.name refers to a non-existent resource.
+ ///
+ /// failurePolicy does not define how validations that evaluate to false are handled.
+ ///
+ /// Allowed values are Ignore or Fail.
+ /// Defaults to Fail.
+ failurePolicy: String?
+}
+
+/// Mutation specifies the CEL expression which is used to apply the Mutation.
+class Mutation {
+ /// patchType indicates the patch strategy used.
+ ///
+ /// Allowed values are "ApplyConfiguration" and "JSONPatch".
+ /// Required.
+ patchType: String
+
+ /// applyConfiguration defines the desired configuration values of an object.
+ ///
+ /// The configuration is applied to the admission object using [structured merge diff](
+ /// A CEL expression is used to create apply configuration.
+ applyConfiguration: ApplyConfiguration?
+
+ /// jsonPatch defines a [JSON patch]( operation to perform a mutation to the object.
+ ///
+ /// A CEL expression is used to create the JSON patch.
+ jsonPatch: JSONPatch?
+}
+
+/// ApplyConfiguration defines the desired configuration values of an object.
+class ApplyConfiguration {
+ /// expression will be evaluated by CEL to create an apply configuration.
+ ///
+ /// ref:
+ ///
+ /// Apply configurations are declared in CEL using object initialization.
+ /// For example, this CEL expression returns an apply configuration to set a single field:
+ ///
+ /// Object{
+ /// spec: Object.spec{
+ /// serviceAccountName: "example"
+ /// }
+ /// }
+ ///
+ /// Apply configurations may not modify atomic structs, maps or arrays due to the risk of accidental deletion of values not included in the apply configuration.
+ ///
+ /// CEL expressions have access to the object types needed to create apply configurations:
+ ///
+ /// - 'Object' - CEL type of the resource object.
+ /// - 'Object.' - CEL type of object field (such as 'Object.spec') - 'Object.....` - CEL type of nested field (such as 'Object.spec.containers')
+ ///
+ /// CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables:
+ ///
+ /// - 'object' - The object from the incoming request.
+ /// The value is null for DELETE requests.
+ /// - 'oldObject' - The existing object.
+ /// The value is null for CREATE requests.
+ /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
+ /// - 'params' - Parameter resource referred to by the policy binding being evaluated.
+ /// Only populated if the policy has a ParamKind.
+ /// - 'namespaceObject' - The namespace object that the incoming object belongs to.
+ /// The value is null for cluster-scoped resources.
+ /// - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+ /// For example, a variable named 'foo' can be accessed as 'variables.foo'.
+ /// - 'authorizer' - A CEL Authorizer.
+ /// May be used to perform authorization checks for the principal (user or service account) of the request.
+ /// See
+ /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+ /// request resource.
+ ///
+ /// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object.
+ /// No other metadata properties are accessible.
+ ///
+ /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
+ /// Required.
+ expression: String
+}
+
+/// JSONPatch defines a JSON Patch.
+class JSONPatch {
+ /// expression will be evaluated by CEL to create a [JSON patch](
+ ///
+ /// ref:
+ ///
+ /// expression must return an array of JSONPatch values.
+ ///
+ /// For example, this CEL expression returns a JSON patch to conditionally modify a value:
+ ///
+ /// [
+ /// JSONPatch{op: "test", path: "/spec/example", value: "Red"},
+ /// JSONPatch{op: "replace", path: "/spec/example", value: "Green"}
+ /// ]
+ ///
+ /// To define an object for the patch value, use Object types.
+ /// For example:
+ ///
+ /// [
+ /// JSONPatch{
+ /// op: "add",
+ /// path: "/spec/selector",
+ /// value: Object.spec.selector{matchLabels: {"environment": "test"}}
+ /// }
+ /// ]
+ ///
+ /// To use strings containing '/' and '~' as JSONPatch path keys, use "jsonpatch.escapeKey".
+ /// For example:
+ ///
+ /// [
+ /// JSONPatch{
+ /// op: "add",
+ /// path: "/metadata/labels/" + jsonpatch.escapeKey("example.com/environment"),
+ /// value: "test"
+ /// },
+ /// ]
+ ///
+ /// CEL expressions have access to the types needed to create JSON patches and objects:
+ ///
+ /// - 'JSONPatch' - CEL type of JSON Patch operations.
+ /// JSONPatch has the fields 'op', 'from', 'path' and 'value'.
+ /// See [JSON patch]( for more details.
+ /// The 'value' field may be set to any of: string,
+ /// integer, array, map or object.
+ /// If set, the 'path' and 'from' fields must be set to a
+ /// [JSON pointer]( string, where the 'jsonpatch.escapeKey()' CEL
+ /// function may be used to escape path keys containing '/' and '~'.
+ /// - 'Object' - CEL type of the resource object.
+ /// - 'Object.' - CEL type of object field (such as 'Object.spec') - 'Object.....` - CEL type of nested field (such as 'Object.spec.containers')
+ ///
+ /// CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables:
+ ///
+ /// - 'object' - The object from the incoming request.
+ /// The value is null for DELETE requests.
+ /// - 'oldObject' - The existing object.
+ /// The value is null for CREATE requests.
+ /// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
+ /// - 'params' - Parameter resource referred to by the policy binding being evaluated.
+ /// Only populated if the policy has a ParamKind.
+ /// - 'namespaceObject' - The namespace object that the incoming object belongs to.
+ /// The value is null for cluster-scoped resources.
+ /// - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+ /// For example, a variable named 'foo' can be accessed as 'variables.foo'.
+ /// - 'authorizer' - A CEL Authorizer.
+ /// May be used to perform authorization checks for the principal (user or service account) of the request.
+ /// See
+ /// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+ /// request resource.
+ ///
+ /// CEL expressions have access to [Kubernetes CEL function libraries]( as well as:
+ ///
+ /// - 'jsonpatch.escapeKey' - Performs JSONPatch key escaping.
+ /// '~' and '/' are escaped as '~0' and `~1' respectively).
+ ///
+ /// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
+ /// Required.
+ expression: String
+}
diff --git a/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicyBinding.pkl b/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicyBinding.pkl
new file mode 100644
index 0000000..e9c53dc
--- /dev/null
+++ b/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicyBinding.pkl
@@ -0,0 +1,69 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// MutatingAdmissionPolicyBinding binds the MutatingAdmissionPolicy with parametrized resources.
+///
+/// MutatingAdmissionPolicyBinding and the optional parameter resource together define how cluster administrators configure policies for clusters.
+///
+/// For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.
+/// Each evaluation is constrained by a [runtime cost budget](
+///
+/// Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.
+@K8sVersion { introducedIn = "1.34" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.admissionregistration.v1beta1.MutatingAdmissionPolicyBinding
+
+extends ".../K8sResource.pkl"
+
+import ".../api/admissionregistration/v1beta1/MatchResources.pkl"
+import ".../api/admissionregistration/v1beta1/ParamRef.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
+
+fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
+
+fixed kind: "MutatingAdmissionPolicyBinding"
+
+/// Standard object metadata; More info:
+metadata: ObjectMeta?
+
+/// Specification of the desired behavior of the MutatingAdmissionPolicyBinding.
+spec: MutatingAdmissionPolicyBindingSpec?
+
+/// MutatingAdmissionPolicyBindingSpec is the specification of the MutatingAdmissionPolicyBinding.
+class MutatingAdmissionPolicyBindingSpec {
+ /// paramRef specifies the parameter resource used to configure the admission control policy.
+ ///
+ /// It should point to a resource of the type specified in spec.ParamKind of the bound MutatingAdmissionPolicy.
+ /// If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the MutatingAdmissionPolicy applied.
+ /// If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
+ paramRef: ParamRef?
+
+ /// policyName references a MutatingAdmissionPolicy name which the MutatingAdmissionPolicyBinding binds to.
+ ///
+ /// If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
+ policyName: String
+
+ /// matchResources limits what resources match this binding and may be mutated by it.
+ ///
+ /// Note that if matchResources matches a resource, the resource must also match a policy's matchConstraints and matchConditions before the resource may be mutated.
+ /// When matchResources is unset, it does not constrain resource matching, and only the policy's matchConstraints and matchConditions must match for the resource to be mutated.
+ /// Additionally, matchResources.resourceRules are optional and do not constraint matching when unset.
+ /// Note that this is differs from MutatingAdmissionPolicy matchConstraints, where resourceRules are required.
+ /// The CREATE, UPDATE and CONNECT operations are allowed.
+ /// The DELETE operation may not be matched.
+ /// '*' matches CREATE, UPDATE and CONNECT.
+ matchResources: MatchResources?
+}
diff --git a/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicyBindingList.pkl b/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicyBindingList.pkl
new file mode 100644
index 0000000..f8a2e12
--- /dev/null
+++ b/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicyBindingList.pkl
@@ -0,0 +1,37 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// MutatingAdmissionPolicyBindingList is a list of MutatingAdmissionPolicyBinding.
+@K8sVersion { introducedIn = "1.34" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.admissionregistration.v1beta1.MutatingAdmissionPolicyBindingList
+
+extends ".../K8sResource.pkl"
+
+import ".../api/admissionregistration/v1beta1/MutatingAdmissionPolicyBinding.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
+
+fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
+
+fixed kind: "MutatingAdmissionPolicyBindingList"
+
+/// Standard list metadata.
+///
+/// More info:
+metadata: ListMeta?
+
+/// List of PolicyBinding.
+items: Listing
diff --git a/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicyList.pkl b/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicyList.pkl
new file mode 100644
index 0000000..3934121
--- /dev/null
+++ b/generated-package/api/admissionregistration/v1beta1/MutatingAdmissionPolicyList.pkl
@@ -0,0 +1,37 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// MutatingAdmissionPolicyList is a list of MutatingAdmissionPolicy.
+@K8sVersion { introducedIn = "1.34" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.admissionregistration.v1beta1.MutatingAdmissionPolicyList
+
+extends ".../K8sResource.pkl"
+
+import ".../api/admissionregistration/v1beta1/MutatingAdmissionPolicy.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
+
+fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
+
+fixed kind: "MutatingAdmissionPolicyList"
+
+/// Standard list metadata.
+///
+/// More info:
+metadata: ListMeta?
+
+/// List of ValidatingAdmissionPolicy.
+items: Listing
diff --git a/generated-package/api/admissionregistration/v1beta1/MutatingWebhookConfiguration.pkl b/generated-package/api/admissionregistration/v1beta1/MutatingWebhookConfiguration.pkl
index 284892d..dba6939 100644
--- a/generated-package/api/admissionregistration/v1beta1/MutatingWebhookConfiguration.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/MutatingWebhookConfiguration.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -25,10 +25,10 @@ open module k8s.api.admissionregistration.v1beta1.MutatingWebhookConfiguration
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
import ".../api/admissionregistration/v1beta1/RuleWithOperations.pkl"
import ".../api/admissionregistration/v1beta1/WebhookClientConfig.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
@@ -53,22 +53,22 @@ class MutatingWebhook {
/// matchPolicy defines how the "rules" list is used to match incoming requests.
///
/// Allowed values are "Exact" or "Equivalent".
- ///
+ ///
/// - Exact: match a request only if it exactly matches a specified rule.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
- ///
+ ///
/// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
- ///
+ ///
/// Defaults to "Exact"
- matchPolicy: ("Exact"|"Equivalent")?
+ matchPolicy: ("Exact" | "Equivalent")?
/// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation.
///
/// Allowed values are "Never" and "IfNeeded".
- ///
+ ///
/// Never: the webhook will not be called more than once in a single admission evaluation.
- ///
+ ///
/// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call.
/// Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted.
/// Note:
@@ -76,9 +76,9 @@ class MutatingWebhook {
/// * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again.
/// * webhooks that use this option may be reordered to minimize the number of additional invocations.
/// * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
- ///
+ ///
/// Defaults to "Never".
- reinvocationPolicy: ("Never"|"IfNeeded")?
+ reinvocationPolicy: ("Never" | "IfNeeded")?
/// The name of the admission webhook.
///
@@ -90,7 +90,7 @@ class MutatingWebhook {
///
/// If the object itself is a namespace, the matching is performed on object.metadata.labels.
/// If the object is another cluster scoped resource, it never skips the webhook.
- ///
+ ///
/// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -103,7 +103,7 @@ class MutatingWebhook {
/// }
/// ]
/// }
- ///
+ ///
/// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -116,9 +116,9 @@ class MutatingWebhook {
/// }
/// ]
/// }
- ///
+ ///
/// See for more examples of label selectors.
- ///
+ ///
/// Default to the empty LabelSelector, which matches everything.
namespaceSelector: LabelSelector?
@@ -151,13 +151,12 @@ class MutatingWebhook {
/// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail.
///
/// Defaults to Ignore.
- failurePolicy: ("Ignore"|"Fail")?
+ failurePolicy: ("Ignore" | "Fail")?
/// SideEffects states whether this webhook has side effects.
///
/// Acceptable values are: Unknown, None, Some, NoneOnDryRun Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone.
/// Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
/// Defaults to Unknown.
- sideEffects: ("Unknown"|"None"|"Some"|"NoneOnDryRun")?
+ sideEffects: ("Unknown" | "None" | "Some" | "NoneOnDryRun")?
}
-
diff --git a/generated-package/api/admissionregistration/v1beta1/MutatingWebhookConfigurationList.pkl b/generated-package/api/admissionregistration/v1beta1/MutatingWebhookConfigurationList.pkl
index 235d22e..9b6149f 100644
--- a/generated-package/api/admissionregistration/v1beta1/MutatingWebhookConfigurationList.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/MutatingWebhookConfigurationList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.admissionregistration.v1beta1.MutatingWebhookConfigurationLi
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1beta1/MutatingWebhookConfiguration.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of MutatingWebhookConfiguration.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1beta1/ParamKind.pkl b/generated-package/api/admissionregistration/v1beta1/ParamKind.pkl
new file mode 100644
index 0000000..1e69455
--- /dev/null
+++ b/generated-package/api/admissionregistration/v1beta1/ParamKind.pkl
@@ -0,0 +1,33 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// ParamKind is a tuple of Group Kind and Version.
+@K8sVersion { introducedIn = "1.28" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+module k8s.api.admissionregistration.v1beta1.ParamKind
+
+extends ".../K8sObject.pkl"
+
+/// APIVersion is the API group version the resources belong to.
+///
+/// In format of "group/version".
+/// Required.
+apiVersion: String
+
+/// Kind is the API kind the resources belong to.
+///
+/// Required.
+kind: String
diff --git a/generated-package/api/admissionregistration/v1beta1/ParamRef.pkl b/generated-package/api/admissionregistration/v1beta1/ParamRef.pkl
new file mode 100644
index 0000000..a9b6bb9
--- /dev/null
+++ b/generated-package/api/admissionregistration/v1beta1/ParamRef.pkl
@@ -0,0 +1,67 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.
+@K8sVersion { introducedIn = "1.28" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+module k8s.api.admissionregistration.v1beta1.ParamRef
+
+extends ".../K8sObject.pkl"
+
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+
+/// name is the name of the resource being referenced.
+///
+///
+/// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties.
+/// If one is set, the other must be unset.
+///
+/// A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.
+name: String?
+
+/// namespace is the namespace of the referenced resource.
+///
+/// Allows limiting the search for params to a specific namespace.
+/// Applies to both `name` and `selector` fields.
+///
+/// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
+///
+/// - If `paramKind` is cluster-scoped, this field MUST be unset.
+/// Setting this field results in a configuration error.
+///
+/// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset.
+/// Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
+namespace: String?
+
+/// selector can be used to match multiple param objects based on their labels.
+///
+/// Supply selector: {} to match all resources of the ParamKind.
+///
+/// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
+///
+/// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties.
+/// If one is set, the other must be unset.
+selector: LabelSelector?
+
+/// `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding.
+///
+/// If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding.
+/// If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
+///
+/// Allowed values are `Allow` or `Deny`
+///
+/// Required
+parameterNotFoundAction: String?
diff --git a/generated-package/api/admissionregistration/v1beta1/RuleWithOperations.pkl b/generated-package/api/admissionregistration/v1beta1/RuleWithOperations.pkl
index e212375..f8f5775 100644
--- a/generated-package/api/admissionregistration/v1beta1/RuleWithOperations.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/RuleWithOperations.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -27,14 +27,14 @@ extends ".../K8sObject.pkl"
///
/// If '*' is present, the length of the slice must be one.
/// Required.
-operations: Listing<"CREATE"|"UPDATE"|"DELETE"|"CONNECT"|"*">?
+operations: Listing<"CREATE" | "UPDATE" | "DELETE" | "CONNECT" | "*">?
/// APIVersions is the API versions the resources belong to.
///
/// '*' is all versions.
/// If '*' is present, the length of the slice must be one.
/// Required.
-apiVersions: Listing<"*"|String>?
+apiVersions: Listing<"*" | String>?
/// scope specifies the scope of this rule.
///
@@ -44,20 +44,20 @@ apiVersions: Listing<"*"|String>?
/// "*" means that there are no scope restrictions.
/// Subresources match the scope of their parent resource.
/// Default is "*".
-scope: ("Cluster"|"Namespaced"|"*")?
+scope: ("Cluster" | "Namespaced" | "*")?
/// Resources is a list of resources this rule applies to.
///
-///
+///
/// For example: 'pods' means pods.
/// 'pods/log' means the log subresource of pods.
/// '*' means all resources, but not subresources.
/// 'pods/*' means all subresources of pods.
/// '*/scale' means all scale subresources.
/// '*/*' means all resources and their subresources.
-///
+///
/// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
-///
+///
/// Depending on the enclosing object, subresources might not be allowed.
/// Required.
resources: Listing
@@ -67,5 +67,4 @@ resources: Listing
/// '*' is all groups.
/// If '*' is present, the length of the slice must be one.
/// Required.
-apiGroups: Listing<"*"|String>?
-
+apiGroups: Listing<"*" | String>?
diff --git a/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicy.pkl b/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicy.pkl
index cf136a7..a730dbf 100644
--- a/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicy.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicy.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -15,15 +15,15 @@
//===----------------------------------------------------------------------===//
/// ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.
-@K8sVersion { introducedIn = "1.28" }
+@K8sVersion { introducedIn = "1.28"; removedIn = "1.34" }
@ModuleInfo { minPklVersion = "0.25.0" }
open module k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicy
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/admissionregistration/v1beta1/MatchResources.pkl"
import ".../apimachinery/pkg/apis/meta/v1/Condition.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
@@ -47,7 +47,7 @@ class ValidatingAdmissionPolicySpec {
///
/// Each variable is defined as a named CEL expression.
/// The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
- ///
+ ///
/// The expression of a variable can refer to other variables defined earlier in the list but not those after.
/// Thus, Variables must be sorted by the order of first appearance and acyclic.
variables: Listing?
@@ -69,9 +69,9 @@ class ValidatingAdmissionPolicySpec {
/// Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector.
/// An empty list of matchConditions matches all requests.
/// There are a maximum of 64 match conditions allowed.
- ///
+ ///
/// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
- ///
+ ///
/// The exact matching logic is (in order):
/// 1.
/// If ANY matchCondition evaluates to FALSE, the policy is skipped.
@@ -98,14 +98,14 @@ class ValidatingAdmissionPolicySpec {
/// failurePolicy defines how to handle failures for the admission policy.
///
/// Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
- ///
+ ///
/// A policy is invalid if spec.paramKind refers to a non-existent Kind.
/// A binding is invalid if spec.paramRef.name refers to a non-existent resource.
- ///
+ ///
/// failurePolicy does not define how validations that evaluate to false are handled.
- ///
+ ///
/// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
- ///
+ ///
/// Allowed values are Ignore or Fail.
/// Defaults to Fail.
failurePolicy: String?
@@ -150,10 +150,10 @@ class AuditAnnotation {
/// If the expression evaluates to null or empty string the audit annotation will be omitted.
/// The valueExpression may be no longer than 5kb in length.
/// If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
- ///
+ ///
/// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding.
/// All unique values produced by the valueExpressions will be joined together in a comma-separated list.
- ///
+ ///
/// Required.
valueExpression: String
@@ -161,12 +161,12 @@ class AuditAnnotation {
///
/// The audit annotation keys of a ValidatingAdmissionPolicy must be unique.
/// The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
- ///
+ ///
/// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
- ///
+ ///
/// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical.
/// In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
- ///
+ ///
/// Required.
key: String
}
@@ -177,7 +177,7 @@ class MatchCondition {
///
/// Must evaluate to bool.
/// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
- ///
+ ///
/// 'object' - The object from the incoming request.
/// The value is null for DELETE requests.
/// 'oldObject' - The existing object.
@@ -189,7 +189,7 @@ class MatchCondition {
/// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
/// request resource.
/// Documentation on CEL:
- ///
+ ///
/// Required.
expression: String
@@ -197,7 +197,7 @@ class MatchCondition {
///
/// A good name should be descriptive of the associated expression.
/// Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
- ///
+ ///
/// Required.
name: String
}
@@ -214,7 +214,7 @@ class Validation {
/// Expression represents the expression which will be evaluated by CEL.
///
/// ref: CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
- ///
+ ///
/// - 'object' - The object from the incoming request.
/// The value is null for DELETE requests.
/// - 'oldObject' - The existing object.
@@ -231,10 +231,10 @@ class Validation {
/// See
/// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
/// request resource.
- ///
+ ///
/// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object.
/// No other metadata properties are accessible.
- ///
+ ///
/// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
/// Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'.
/// The keywords are:
@@ -244,7 +244,7 @@ class Validation {
/// - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
/// - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
/// - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
- ///
+ ///
/// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
/// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
/// - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
@@ -310,4 +310,3 @@ class ExpressionWarning {
/// Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
warning: String
}
-
diff --git a/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyBinding.pkl b/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyBinding.pkl
index 223e024..9be555b 100644
--- a/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyBinding.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyBinding.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -17,21 +17,21 @@
/// ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
///
/// ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
-///
+///
/// For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.
-///
+///
/// The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget.
/// Each evaluation of the policy is given an independent CEL cost budget.
/// Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.
-@K8sVersion { introducedIn = "1.28" }
+@K8sVersion { introducedIn = "1.28"; removedIn = "1.34" }
@ModuleInfo { minPklVersion = "0.25.0" }
open module k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
import ".../api/admissionregistration/v1beta1/MatchResources.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
@@ -68,28 +68,28 @@ class ValidatingAdmissionPolicyBindingSpec {
/// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced.
///
/// If a validation evaluates to false it is always enforced according to these actions.
- ///
+ ///
/// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored.
/// This includes compilation errors, runtime errors and misconfigurations of the policy.
- ///
+ ///
/// validationActions is declared as a set of action values.
/// Order does not matter.
/// validationActions may not contain duplicates of the same action.
- ///
+ ///
/// The supported actions values are:
- ///
+ ///
/// "Deny" specifies that a validation failure results in a denied request.
- ///
+ ///
/// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299.
/// Warnings can be sent both for allowed or denied admission responses.
- ///
+ ///
/// "Audit" specifies that a validation failure is included in the published audit event for the request.
/// The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]"`
- ///
+ ///
/// Clients should expect to handle additional values by ignoring any values not recognized.
- ///
+ ///
/// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
- ///
+ ///
/// Required.
validationActions: Listing
}
@@ -98,10 +98,10 @@ class ValidatingAdmissionPolicyBindingSpec {
class ParamRef {
/// name is the name of the resource being referenced.
///
- ///
+ ///
/// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties.
/// If one is set, the other must be unset.
- ///
+ ///
/// A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.
name: String?
@@ -109,12 +109,12 @@ class ParamRef {
///
/// Allows limiting the search for params to a specific namespace.
/// Applies to both `name` and `selector` fields.
- ///
+ ///
/// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
- ///
+ ///
/// - If `paramKind` is cluster-scoped, this field MUST be unset.
/// Setting this field results in a configuration error.
- ///
+ ///
/// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset.
/// Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
namespace: String?
@@ -122,9 +122,9 @@ class ParamRef {
/// selector can be used to match multiple param objects based on their labels.
///
/// Supply selector: {} to match all resources of the ParamKind.
- ///
+ ///
/// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
- ///
+ ///
/// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties.
/// If one is set, the other must be unset.
selector: LabelSelector?
@@ -133,10 +133,9 @@ class ParamRef {
///
/// If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding.
/// If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
- ///
+ ///
/// Allowed values are `Allow` or `Deny`
- ///
+ ///
/// Required
parameterNotFoundAction: String?
}
-
diff --git a/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyBindingList.pkl b/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyBindingList.pkl
index 9b99007..2340ddc 100644
--- a/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyBindingList.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyBindingList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -15,14 +15,14 @@
//===----------------------------------------------------------------------===//
/// ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.
-@K8sVersion { introducedIn = "1.28" }
+@K8sVersion { introducedIn = "1.28"; removedIn = "1.34" }
@ModuleInfo { minPklVersion = "0.25.0" }
open module k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1beta1/ValidatingAdmissionPolicyBinding.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of PolicyBinding.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyList.pkl b/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyList.pkl
index bac8db3..3e239b4 100644
--- a/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyList.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/ValidatingAdmissionPolicyList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -15,14 +15,14 @@
//===----------------------------------------------------------------------===//
/// ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.
-@K8sVersion { introducedIn = "1.28" }
+@K8sVersion { introducedIn = "1.28"; removedIn = "1.34" }
@ModuleInfo { minPklVersion = "0.25.0" }
open module k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1beta1/ValidatingAdmissionPolicy.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of ValidatingAdmissionPolicy.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1beta1/ValidatingWebhookConfiguration.pkl b/generated-package/api/admissionregistration/v1beta1/ValidatingWebhookConfiguration.pkl
index 51f277b..ba0c8ba 100644
--- a/generated-package/api/admissionregistration/v1beta1/ValidatingWebhookConfiguration.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/ValidatingWebhookConfiguration.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -25,10 +25,10 @@ open module k8s.api.admissionregistration.v1beta1.ValidatingWebhookConfiguration
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
import ".../api/admissionregistration/v1beta1/RuleWithOperations.pkl"
import ".../api/admissionregistration/v1beta1/WebhookClientConfig.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
@@ -53,15 +53,15 @@ class ValidatingWebhook {
/// matchPolicy defines how the "rules" list is used to match incoming requests.
///
/// Allowed values are "Exact" or "Equivalent".
- ///
+ ///
/// - Exact: match a request only if it exactly matches a specified rule.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
- ///
+ ///
/// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
/// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
- ///
+ ///
/// Defaults to "Exact"
- matchPolicy: ("Exact"|"Equivalent")?
+ matchPolicy: ("Exact" | "Equivalent")?
/// The name of the admission webhook.
///
@@ -73,7 +73,7 @@ class ValidatingWebhook {
///
/// If the object itself is a namespace, the matching is performed on object.metadata.labels.
/// If the object is another cluster scoped resource, it never skips the webhook.
- ///
+ ///
/// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -86,7 +86,7 @@ class ValidatingWebhook {
/// }
/// ]
/// }
- ///
+ ///
/// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
/// "matchExpressions": [
/// {
@@ -99,9 +99,9 @@ class ValidatingWebhook {
/// }
/// ]
/// }
- ///
+ ///
/// See for more examples of label selectors.
- ///
+ ///
/// Default to the empty LabelSelector, which matches everything.
namespaceSelector: LabelSelector?
@@ -134,13 +134,12 @@ class ValidatingWebhook {
/// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail.
///
/// Defaults to Ignore.
- failurePolicy: ("Ignore"|"Fail")?
+ failurePolicy: ("Ignore" | "Fail")?
/// SideEffects states whether this webhook has side effects.
///
/// Acceptable values are: Unknown, None, Some, NoneOnDryRun Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone.
/// Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
/// Defaults to Unknown.
- sideEffects: ("Unknown"|"None"|"Some"|"NoneOnDryRun")?
+ sideEffects: ("Unknown" | "None" | "Some" | "NoneOnDryRun")?
}
-
diff --git a/generated-package/api/admissionregistration/v1beta1/ValidatingWebhookConfigurationList.pkl b/generated-package/api/admissionregistration/v1beta1/ValidatingWebhookConfigurationList.pkl
index 3fe0d55..e91819d 100644
--- a/generated-package/api/admissionregistration/v1beta1/ValidatingWebhookConfigurationList.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/ValidatingWebhookConfigurationList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.admissionregistration.v1beta1.ValidatingWebhookConfiguration
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/admissionregistration/v1beta1/ValidatingWebhookConfiguration.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "admissionregistration.k8s.io/v1beta1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// List of ValidatingWebhookConfiguration.
items: Listing
-
diff --git a/generated-package/api/admissionregistration/v1beta1/Variable.pkl b/generated-package/api/admissionregistration/v1beta1/Variable.pkl
new file mode 100644
index 0000000..a617e78
--- /dev/null
+++ b/generated-package/api/admissionregistration/v1beta1/Variable.pkl
@@ -0,0 +1,35 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// Variable is the definition of a variable that is used for composition.
+///
+/// A variable is defined as a named expression.
+@K8sVersion { introducedIn = "1.28" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+module k8s.api.admissionregistration.v1beta1.Variable
+
+extends ".../K8sObject.pkl"
+
+/// Expression is the expression that will be evaluated as the value of the variable.
+///
+/// The CEL expression has access to the same identifiers as the CEL expressions in Validation.
+expression: String
+
+/// Name is the name of the variable.
+///
+/// The name must be a valid CEL identifier and unique among all variables.
+/// The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
+name: String
diff --git a/generated-package/api/admissionregistration/v1beta1/WebhookClientConfig.pkl b/generated-package/api/admissionregistration/v1beta1/WebhookClientConfig.pkl
index 34915bd..72871ca 100644
--- a/generated-package/api/admissionregistration/v1beta1/WebhookClientConfig.pkl
+++ b/generated-package/api/admissionregistration/v1beta1/WebhookClientConfig.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -29,26 +29,26 @@ caBundle: String?
/// `service` is a reference to the service for this webhook.
///
/// Either `service` or `url` must be specified.
-///
+///
/// If the webhook is running within the cluster, then you should use `service`.
service: ServiceReference?((this != null).xor(url != null))
/// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`).
///
/// Exactly one of `url` or `service` must be specified.
-///
+///
/// The `host` should not refer to a service running in the cluster; use the `service` field instead.
/// The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation).
/// `host` may also be an IP address.
-///
+///
/// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook.
/// Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
-///
+///
/// The scheme must be "https"; the URL must begin with "
-///
+///
/// A path is optional, and if present may be any string permissible in a URL.
/// You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
-///
+///
/// Attempting to use a user or basic auth e.g. "user:password@" is not allowed.
/// Fragments ("#...") and query parameters ("?...") are not allowed, either.
url: String(matches(Regex("https://[^@#?]*")))?
@@ -74,4 +74,3 @@ class ServiceReference {
/// Required
namespace: String
}
-
diff --git a/generated-package/api/apiserverinternal/v1alpha1/StorageVersion.pkl b/generated-package/api/apiserverinternal/v1alpha1/StorageVersion.pkl
index 9d608db..50b19a0 100644
--- a/generated-package/api/apiserverinternal/v1alpha1/StorageVersion.pkl
+++ b/generated-package/api/apiserverinternal/v1alpha1/StorageVersion.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -39,8 +39,7 @@ spec: StorageVersionSpec
status: StorageVersionStatus
/// StorageVersionSpec is an empty spec.
-class StorageVersionSpec {
-}
+class StorageVersionSpec {}
/// API server instances report the versions they can decode and the version they encode objects to when persisting objects in the backend.
class StorageVersionStatus {
@@ -97,4 +96,3 @@ class ServerStorageVersion {
@K8sVersion { introducedIn = "1.28" }
servedVersions: Listing?
}
-
diff --git a/generated-package/api/apiserverinternal/v1alpha1/StorageVersionList.pkl b/generated-package/api/apiserverinternal/v1alpha1/StorageVersionList.pkl
index ccdbbfd..a1ec76b 100644
--- a/generated-package/api/apiserverinternal/v1alpha1/StorageVersionList.pkl
+++ b/generated-package/api/apiserverinternal/v1alpha1/StorageVersionList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.apiserverinternal.v1alpha1.StorageVersionList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/apiserverinternal/v1alpha1/StorageVersion.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "internal.apiserver.k8s.io/v1alpha1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// Items holds a list of StorageVersion
items: Listing
-
diff --git a/generated-package/api/apps/v1/ControllerRevision.pkl b/generated-package/api/apps/v1/ControllerRevision.pkl
index 1141ef5..53ba203 100644
--- a/generated-package/api/apps/v1/ControllerRevision.pkl
+++ b/generated-package/api/apps/v1/ControllerRevision.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -44,4 +44,3 @@ data: RawExtension?
/// Revision indicates the revision of the state represented by Data.
revision: Int
-
diff --git a/generated-package/api/apps/v1/ControllerRevisionList.pkl b/generated-package/api/apps/v1/ControllerRevisionList.pkl
index 3057a58..f23cfcc 100644
--- a/generated-package/api/apps/v1/ControllerRevisionList.pkl
+++ b/generated-package/api/apps/v1/ControllerRevisionList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.apps.v1.ControllerRevisionList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/apps/v1/ControllerRevision.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "apps/v1"
@@ -32,4 +32,3 @@ metadata: ListMeta?
/// Items is the list of ControllerRevisions
items: Listing
-
diff --git a/generated-package/api/apps/v1/DaemonSet.pkl b/generated-package/api/apps/v1/DaemonSet.pkl
index 1d4cd0b..eb46f2c 100644
--- a/generated-package/api/apps/v1/DaemonSet.pkl
+++ b/generated-package/api/apps/v1/DaemonSet.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,9 +20,9 @@ open module k8s.api.apps.v1.DaemonSet
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/PodTemplateSpec.pkl"
import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "apps/v1"
@@ -102,10 +102,10 @@ class RollingUpdateDaemonSet {
/// Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted.
/// The update starts by launching new pods on 30% of nodes.
/// Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted.
- /// If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits.
+ /// If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediately created on that node without considering surge limits.
/// Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption.
@K8sVersion { introducedIn = "1.21" }
- maxSurge: (Int|String)?
+ maxSurge: (Int | String)?
/// The maximum number of DaemonSet pods that can be unavailable during the update.
///
@@ -115,7 +115,7 @@ class RollingUpdateDaemonSet {
/// Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time.
/// The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place.
/// Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
- maxUnavailable: (Int|String)?
+ maxUnavailable: (Int | String)?
}
/// DaemonSetStatus represents the current status of a daemon set.
@@ -174,6 +174,5 @@ class DaemonSetCondition {
type: String
/// Status of the condition, one of True, False, Unknown.
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
-
diff --git a/generated-package/api/apps/v1/DaemonSetList.pkl b/generated-package/api/apps/v1/DaemonSetList.pkl
index 9dac922..72f83cf 100644
--- a/generated-package/api/apps/v1/DaemonSetList.pkl
+++ b/generated-package/api/apps/v1/DaemonSetList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.apps.v1.DaemonSetList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/apps/v1/DaemonSet.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "apps/v1"
@@ -34,4 +34,3 @@ metadata: ListMeta?
/// A list of daemon sets.
items: Listing
-
diff --git a/generated-package/api/apps/v1/Deployment.pkl b/generated-package/api/apps/v1/Deployment.pkl
index 3ef094f..187de3b 100644
--- a/generated-package/api/apps/v1/Deployment.pkl
+++ b/generated-package/api/apps/v1/Deployment.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,9 +20,9 @@ open module k8s.api.apps.v1.Deployment
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/PodTemplateSpec.pkl"
import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "apps/v1"
@@ -107,7 +107,7 @@ class RollingUpdateDeployment {
/// Defaults to 25%.
/// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods.
/// Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.
- maxSurge: (Int|String)?
+ maxSurge: (Int | String)?
/// The maximum number of pods that can be unavailable during the update.
///
@@ -117,7 +117,7 @@ class RollingUpdateDeployment {
/// Defaults to 25%.
/// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts.
/// Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.
- maxUnavailable: (Int|String)?
+ maxUnavailable: (Int | String)?
}
/// DeploymentStatus is the most recently observed status of the Deployment.
@@ -128,10 +128,19 @@ class DeploymentStatus {
/// They may either be pods that are running but not yet available or pods that still have not been created.
unavailableReplicas: Int32?
- /// Total number of non-terminated pods targeted by this deployment (their labels match the selector).
+ /// Total number of non-terminating pods targeted by this deployment (their labels match the selector).
replicas: Int32?
- /// readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.
+ /// Total number of terminating pods targeted by this deployment.
+ ///
+ /// Terminating pods have a non-null .metadata.deletionTimestamp and have not yet reached the Failed or Succeeded .status.phase.
+ ///
+ /// This is an alpha field.
+ /// Enable DeploymentReplicaSetTerminatingReplicas to be able to use this field.
+ @K8sVersion { introducedIn = "1.33" }
+ terminatingReplicas: Int32?
+
+ /// Total number of non-terminating pods targeted by this Deployment with a Ready Condition.
readyReplicas: Int32?
/// Count of hash collisions for the Deployment.
@@ -142,10 +151,10 @@ class DeploymentStatus {
/// Represents the latest available observations of a deployment's current state.
conditions: Listing?
- /// Total number of non-terminated pods targeted by this deployment that have the desired template spec.
+ /// Total number of non-terminating pods targeted by this deployment that have the desired template spec.
updatedReplicas: Int32?
- /// Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
+ /// Total number of available non-terminating pods (ready for at least minReadySeconds) targeted by this deployment.
availableReplicas: Int32?
/// The generation observed by the deployment controller.
@@ -170,6 +179,5 @@ class DeploymentCondition {
lastUpdateTime: Time?
/// Status of the condition, one of True, False, Unknown.
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
-
diff --git a/generated-package/api/apps/v1/DeploymentList.pkl b/generated-package/api/apps/v1/DeploymentList.pkl
index 1a9c07c..66c0335 100644
--- a/generated-package/api/apps/v1/DeploymentList.pkl
+++ b/generated-package/api/apps/v1/DeploymentList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.apps.v1.DeploymentList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/apps/v1/Deployment.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "apps/v1"
@@ -32,4 +32,3 @@ metadata: ListMeta?
/// Items is the list of Deployments.
items: Listing
-
diff --git a/generated-package/api/apps/v1/ReplicaSet.pkl b/generated-package/api/apps/v1/ReplicaSet.pkl
index 5fa82ed..1f448f3 100644
--- a/generated-package/api/apps/v1/ReplicaSet.pkl
+++ b/generated-package/api/apps/v1/ReplicaSet.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,9 +20,9 @@ open module k8s.api.apps.v1.ReplicaSet
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/PodTemplateSpec.pkl"
import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "apps/v1"
@@ -51,14 +51,14 @@ status: ReplicaSetStatus?
class ReplicaSetSpec {
/// Template is the object that describes the pod that will be created if insufficient replicas are detected.
///
- /// More info:
+ /// More info:
template: PodTemplateSpec?
- /// Replicas is the number of desired replicas.
+ /// Replicas is the number of desired pods.
///
/// This is a pointer to distinguish between explicit zero and unspecified.
/// Defaults to 1.
- /// More info:
+ /// More info:
replicas: Int32?
/// Selector is a label query over pods that should match the replica count.
@@ -76,21 +76,30 @@ class ReplicaSetSpec {
/// ReplicaSetStatus represents the current status of a ReplicaSet.
class ReplicaSetStatus {
- /// The number of pods that have labels matching the labels of the pod template of the replicaset.
+ /// The number of non-terminating pods that have labels matching the labels of the pod template of the replicaset.
fullyLabeledReplicas: Int32?
- /// Replicas is the most recently observed number of replicas.
+ /// Replicas is the most recently observed number of non-terminating pods.
///
- /// More info:
+ /// More info:
replicas: Int32
- /// readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition.
+ /// The number of terminating pods for this replica set.
+ ///
+ /// Terminating pods have a non-null .metadata.deletionTimestamp and have not yet reached the Failed or Succeeded .status.phase.
+ ///
+ /// This is an alpha field.
+ /// Enable DeploymentReplicaSetTerminatingReplicas to be able to use this field.
+ @K8sVersion { introducedIn = "1.33" }
+ terminatingReplicas: Int32?
+
+ /// The number of non-terminating pods targeted by this ReplicaSet with a Ready Condition.
readyReplicas: Int32?
/// Represents the latest available observations of a replica set's current state.
conditions: Listing?
- /// The number of available replicas (ready for at least minReadySeconds) for this replica set.
+ /// The number of available non-terminating pods (ready for at least minReadySeconds) for this replica set.
availableReplicas: Int32?
/// ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
@@ -112,6 +121,5 @@ class ReplicaSetCondition {
type: String
/// Status of the condition, one of True, False, Unknown.
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
-
diff --git a/generated-package/api/apps/v1/ReplicaSetList.pkl b/generated-package/api/apps/v1/ReplicaSetList.pkl
index 3ced2f5..4330393 100644
--- a/generated-package/api/apps/v1/ReplicaSetList.pkl
+++ b/generated-package/api/apps/v1/ReplicaSetList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.apps.v1.ReplicaSetList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/apps/v1/ReplicaSet.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "apps/v1"
@@ -34,6 +34,5 @@ metadata: ListMeta?
/// List of ReplicaSets.
///
-/// More info:
+/// More info:
items: Listing
-
diff --git a/generated-package/api/apps/v1/StatefulSet.pkl b/generated-package/api/apps/v1/StatefulSet.pkl
index 4ef391b..8d4fed3 100644
--- a/generated-package/api/apps/v1/StatefulSet.pkl
+++ b/generated-package/api/apps/v1/StatefulSet.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -19,17 +19,17 @@
/// Identities are defined as:
/// - Network: A single stable DNS and hostname.
/// - Storage: As many VolumeClaims as requested.
-///
+///
/// The StatefulSet guarantees that a given network identity will always map to the same storage identity.
@ModuleInfo { minPklVersion = "0.25.0" }
open module k8s.api.apps.v1.StatefulSet
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
+import ".../api/core/v1/PersistentVolumeClaim.pkl"
import ".../api/core/v1/PodTemplateSpec.pkl"
import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
-import ".../api/core/v1/PersistentVolumeClaim.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "apps/v1"
@@ -109,7 +109,7 @@ class StatefulSetSpec {
///
/// This service must exist before the StatefulSet, and is responsible for the network identity of the set.
/// Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.
- serviceName: String
+ serviceName: String?
/// volumeClaimTemplates is a list of claims that pods are allowed to reference.
///
@@ -152,7 +152,7 @@ class RollingUpdateStatefulSetStrategy {
/// The field applies to all pods in the range 0 to Replicas-1.
/// That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
@K8sVersion { introducedIn = "1.24" }
- maxUnavailable: (Int|String)?
+ maxUnavailable: (Int | String)?
}
/// StatefulSetOrdinals describes the policy used for replica ordinal assignment in this StatefulSet.
@@ -236,6 +236,5 @@ class StatefulSetCondition {
type: String
/// Status of the condition, one of True, False, Unknown.
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
-
diff --git a/generated-package/api/apps/v1/StatefulSetList.pkl b/generated-package/api/apps/v1/StatefulSetList.pkl
index 155ad82..5e5639b 100644
--- a/generated-package/api/apps/v1/StatefulSetList.pkl
+++ b/generated-package/api/apps/v1/StatefulSetList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.apps.v1.StatefulSetList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/apps/v1/StatefulSet.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "apps/v1"
@@ -34,4 +34,3 @@ metadata: ListMeta?
/// Items is the list of stateful sets.
items: Listing
-
diff --git a/generated-package/api/authentication/v1/SelfSubjectReview.pkl b/generated-package/api/authentication/v1/SelfSubjectReview.pkl
index 961e9fe..eecedd4 100644
--- a/generated-package/api/authentication/v1/SelfSubjectReview.pkl
+++ b/generated-package/api/authentication/v1/SelfSubjectReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -24,8 +24,8 @@ open module k8s.api.authentication.v1.SelfSubjectReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authentication/v1/UserInfo.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authentication.k8s.io/v1"
@@ -44,4 +44,3 @@ class SelfSubjectReviewStatus {
/// User attributes of the user making this request.
userInfo: UserInfo?
}
-
diff --git a/generated-package/api/authentication/v1/TokenRequest.pkl b/generated-package/api/authentication/v1/TokenRequest.pkl
index 8948280..6e42cdd 100644
--- a/generated-package/api/authentication/v1/TokenRequest.pkl
+++ b/generated-package/api/authentication/v1/TokenRequest.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -69,7 +69,7 @@ class BoundObjectReference {
/// Kind of the referent.
///
/// Valid kinds are 'Pod' and 'Secret'.
- kind: ("Pod"|"Secret")?
+ kind: ("Pod" | "Secret")?
/// Name of the referent.
name: String?
@@ -83,4 +83,3 @@ class TokenRequestStatus {
/// Token is the opaque bearer token.
token: String
}
-
diff --git a/generated-package/api/authentication/v1/TokenReview.pkl b/generated-package/api/authentication/v1/TokenReview.pkl
index 050754a..4db2a1b 100644
--- a/generated-package/api/authentication/v1/TokenReview.pkl
+++ b/generated-package/api/authentication/v1/TokenReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -22,8 +22,8 @@ open module k8s.api.authentication.v1.TokenReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authentication/v1/UserInfo.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authentication.k8s.io/v1"
@@ -70,4 +70,3 @@ class TokenReviewStatus {
/// User is the UserInfo associated with the provided token.
user: UserInfo?
}
-
diff --git a/generated-package/api/authentication/v1/UserInfo.pkl b/generated-package/api/authentication/v1/UserInfo.pkl
index f7b8095..40fa7a3 100644
--- a/generated-package/api/authentication/v1/UserInfo.pkl
+++ b/generated-package/api/authentication/v1/UserInfo.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -33,4 +33,3 @@ groups: Listing?
/// The name that uniquely identifies this user among all active users.
username: String?
-
diff --git a/generated-package/api/authentication/v1alpha1/SelfSubjectReview.pkl b/generated-package/api/authentication/v1alpha1/SelfSubjectReview.pkl
index d3815fc..ce148b7 100644
--- a/generated-package/api/authentication/v1alpha1/SelfSubjectReview.pkl
+++ b/generated-package/api/authentication/v1alpha1/SelfSubjectReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -24,8 +24,8 @@ open module k8s.api.authentication.v1alpha1.SelfSubjectReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authentication/v1/UserInfo.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authentication.k8s.io/v1alpha1"
@@ -44,4 +44,3 @@ class SelfSubjectReviewStatus {
/// User attributes of the user making this request.
userInfo: UserInfo?
}
-
diff --git a/generated-package/api/authentication/v1beta1/SelfSubjectReview.pkl b/generated-package/api/authentication/v1beta1/SelfSubjectReview.pkl
index e95f074..4802929 100644
--- a/generated-package/api/authentication/v1beta1/SelfSubjectReview.pkl
+++ b/generated-package/api/authentication/v1beta1/SelfSubjectReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -18,14 +18,14 @@
///
/// When using impersonation, users will receive the user info of the user being impersonated.
/// If impersonation or request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
-@K8sVersion { introducedIn = "1.27" }
+@K8sVersion { introducedIn = "1.27"; removedIn = "1.33" }
@ModuleInfo { minPklVersion = "0.25.0" }
open module k8s.api.authentication.v1beta1.SelfSubjectReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authentication/v1/UserInfo.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authentication.k8s.io/v1beta1"
@@ -44,4 +44,3 @@ class SelfSubjectReviewStatus {
/// User attributes of the user making this request.
userInfo: UserInfo?
}
-
diff --git a/generated-package/api/authentication/v1beta1/TokenReview.pkl b/generated-package/api/authentication/v1beta1/TokenReview.pkl
index 9a06a86..e6f46a4 100644
--- a/generated-package/api/authentication/v1beta1/TokenReview.pkl
+++ b/generated-package/api/authentication/v1beta1/TokenReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -84,4 +84,3 @@ class UserInfo {
/// The name that uniquely identifies this user among all active users.
username: String?
}
-
diff --git a/generated-package/api/authorization/v1/LocalSubjectAccessReview.pkl b/generated-package/api/authorization/v1/LocalSubjectAccessReview.pkl
index d1669b4..b1402e3 100644
--- a/generated-package/api/authorization/v1/LocalSubjectAccessReview.pkl
+++ b/generated-package/api/authorization/v1/LocalSubjectAccessReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -22,9 +22,9 @@ open module k8s.api.authorization.v1.LocalSubjectAccessReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authorization/v1/SubjectAccessReviewSpec.pkl"
import ".../api/authorization/v1/SubjectAccessReviewStatus.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authorization.k8s.io/v1"
@@ -43,4 +43,3 @@ spec: SubjectAccessReviewSpec
/// Status is filled in by the server and indicates whether the request is allowed or not
status: SubjectAccessReviewStatus?
-
diff --git a/generated-package/api/authorization/v1/NonResourceAttributes.pkl b/generated-package/api/authorization/v1/NonResourceAttributes.pkl
index acdd466..704199e 100644
--- a/generated-package/api/authorization/v1/NonResourceAttributes.pkl
+++ b/generated-package/api/authorization/v1/NonResourceAttributes.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -25,4 +25,3 @@ path: String?
/// Verb is the standard HTTP verb
verb: String?
-
diff --git a/generated-package/api/authorization/v1/ResourceAttributes.pkl b/generated-package/api/authorization/v1/ResourceAttributes.pkl
index b79476d..e2a0672 100644
--- a/generated-package/api/authorization/v1/ResourceAttributes.pkl
+++ b/generated-package/api/authorization/v1/ResourceAttributes.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ module k8s.api.authorization.v1.ResourceAttributes
extends ".../K8sObject.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelectorRequirement.pkl"
import ".../apimachinery/pkg/apis/meta/v1/FieldSelectorRequirement.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelectorRequirement.pkl"
/// Resource is one of the existing resource types.
///
@@ -36,9 +36,6 @@ subresource: String?
/// labelSelector describes the limitation on access based on labels.
///
/// It can only limit access, not broaden it.
-///
-/// This field is alpha-level.
-/// To use this field, you must enable the `AuthorizeWithSelectors` feature gate (disabled by default).
@K8sVersion { introducedIn = "1.31" }
labelSelector: LabelSelectorAttributes?
@@ -60,9 +57,6 @@ verb: String?
/// fieldSelector describes the limitation on access based on field.
///
/// It can only limit access, not broaden it.
-///
-/// This field is alpha-level.
-/// To use this field, you must enable the `AuthorizeWithSelectors` feature gate (disabled by default).
@K8sVersion { introducedIn = "1.31" }
fieldSelector: FieldSelectorAttributes?
@@ -129,4 +123,3 @@ class FieldSelectorAttributes {
/// The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
rawSelector: String?
}
-
diff --git a/generated-package/api/authorization/v1/SelfSubjectAccessReview.pkl b/generated-package/api/authorization/v1/SelfSubjectAccessReview.pkl
index a66b3ed..c1fe671 100644
--- a/generated-package/api/authorization/v1/SelfSubjectAccessReview.pkl
+++ b/generated-package/api/authorization/v1/SelfSubjectAccessReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -23,10 +23,10 @@ open module k8s.api.authorization.v1.SelfSubjectAccessReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authorization/v1/NonResourceAttributes.pkl"
import ".../api/authorization/v1/ResourceAttributes.pkl"
import ".../api/authorization/v1/SubjectAccessReviewStatus.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authorization.k8s.io/v1"
@@ -55,4 +55,3 @@ class SelfSubjectAccessReviewSpec {
/// ResourceAuthorizationAttributes describes information for a resource access request
resourceAttributes: ResourceAttributes?
}
-
diff --git a/generated-package/api/authorization/v1/SelfSubjectRulesReview.pkl b/generated-package/api/authorization/v1/SelfSubjectRulesReview.pkl
index bcae441..4ac9bd3 100644
--- a/generated-package/api/authorization/v1/SelfSubjectRulesReview.pkl
+++ b/generated-package/api/authorization/v1/SelfSubjectRulesReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -117,4 +117,3 @@ class ResourceRule {
/// "*" means all.
apiGroups: Listing?
}
-
diff --git a/generated-package/api/authorization/v1/SubjectAccessReview.pkl b/generated-package/api/authorization/v1/SubjectAccessReview.pkl
index 881eef7..770b1c5 100644
--- a/generated-package/api/authorization/v1/SubjectAccessReview.pkl
+++ b/generated-package/api/authorization/v1/SubjectAccessReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,9 +20,9 @@ open module k8s.api.authorization.v1.SubjectAccessReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authorization/v1/SubjectAccessReviewSpec.pkl"
import ".../api/authorization/v1/SubjectAccessReviewStatus.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authorization.k8s.io/v1"
@@ -38,4 +38,3 @@ spec: SubjectAccessReviewSpec
/// Status is filled in by the server and indicates whether the request is allowed or not
status: SubjectAccessReviewStatus?
-
diff --git a/generated-package/api/authorization/v1/SubjectAccessReviewSpec.pkl b/generated-package/api/authorization/v1/SubjectAccessReviewSpec.pkl
index 4f1b9c8..32409ed 100644
--- a/generated-package/api/authorization/v1/SubjectAccessReviewSpec.pkl
+++ b/generated-package/api/authorization/v1/SubjectAccessReviewSpec.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -46,4 +46,3 @@ resourceAttributes: ResourceAttributes?
///
/// If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups
user: String?
-
diff --git a/generated-package/api/authorization/v1/SubjectAccessReviewStatus.pkl b/generated-package/api/authorization/v1/SubjectAccessReviewStatus.pkl
index 94c6e6e..9e3d6d4 100644
--- a/generated-package/api/authorization/v1/SubjectAccessReviewStatus.pkl
+++ b/generated-package/api/authorization/v1/SubjectAccessReviewStatus.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -42,4 +42,3 @@ evaluationError: String?
/// If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action.
/// Denied may not be true if Allowed is true.
denied: Boolean?(allowed.implies(this == false))
-
diff --git a/generated-package/api/authorization/v1beta1/LocalSubjectAccessReview.pkl b/generated-package/api/authorization/v1beta1/LocalSubjectAccessReview.pkl
index bd6cfc0..7845627 100644
--- a/generated-package/api/authorization/v1beta1/LocalSubjectAccessReview.pkl
+++ b/generated-package/api/authorization/v1beta1/LocalSubjectAccessReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -23,9 +23,9 @@ open module k8s.api.authorization.v1beta1.LocalSubjectAccessReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authorization/v1beta1/SubjectAccessReviewSpec.pkl"
import ".../api/authorization/v1beta1/SubjectAccessReviewStatus.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authorization.k8s.io/v1beta1"
@@ -41,4 +41,3 @@ spec: SubjectAccessReviewSpec
/// Status is filled in by the server and indicates whether the request is allowed or not
status: SubjectAccessReviewStatus?
-
diff --git a/generated-package/api/authorization/v1beta1/NonResourceAttributes.pkl b/generated-package/api/authorization/v1beta1/NonResourceAttributes.pkl
index 8c8954c..eaf95c1 100644
--- a/generated-package/api/authorization/v1beta1/NonResourceAttributes.pkl
+++ b/generated-package/api/authorization/v1beta1/NonResourceAttributes.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -26,4 +26,3 @@ path: String?
/// Verb is the standard HTTP verb
verb: String?
-
diff --git a/generated-package/api/authorization/v1beta1/ResourceAttributes.pkl b/generated-package/api/authorization/v1beta1/ResourceAttributes.pkl
index 82bc407..1c1df1f 100644
--- a/generated-package/api/authorization/v1beta1/ResourceAttributes.pkl
+++ b/generated-package/api/authorization/v1beta1/ResourceAttributes.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -55,4 +55,3 @@ version: String?
///
/// "*" means all.
group: String?
-
diff --git a/generated-package/api/authorization/v1beta1/SelfSubjectAccessReview.pkl b/generated-package/api/authorization/v1beta1/SelfSubjectAccessReview.pkl
index 6136b59..f281c19 100644
--- a/generated-package/api/authorization/v1beta1/SelfSubjectAccessReview.pkl
+++ b/generated-package/api/authorization/v1beta1/SelfSubjectAccessReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -24,10 +24,10 @@ open module k8s.api.authorization.v1beta1.SelfSubjectAccessReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authorization/v1beta1/NonResourceAttributes.pkl"
import ".../api/authorization/v1beta1/ResourceAttributes.pkl"
import ".../api/authorization/v1beta1/SubjectAccessReviewStatus.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authorization.k8s.io/v1beta1"
@@ -53,4 +53,3 @@ class SelfSubjectAccessReviewSpec {
/// ResourceAuthorizationAttributes describes information for a resource access request
resourceAttributes: ResourceAttributes?
}
-
diff --git a/generated-package/api/authorization/v1beta1/SelfSubjectRulesReview.pkl b/generated-package/api/authorization/v1beta1/SelfSubjectRulesReview.pkl
index 33eb74a..58ad0aa 100644
--- a/generated-package/api/authorization/v1beta1/SelfSubjectRulesReview.pkl
+++ b/generated-package/api/authorization/v1beta1/SelfSubjectRulesReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -114,4 +114,3 @@ class ResourceRule {
/// "*" means all.
apiGroups: Listing?
}
-
diff --git a/generated-package/api/authorization/v1beta1/SubjectAccessReview.pkl b/generated-package/api/authorization/v1beta1/SubjectAccessReview.pkl
index 56a15d7..cedbb33 100644
--- a/generated-package/api/authorization/v1beta1/SubjectAccessReview.pkl
+++ b/generated-package/api/authorization/v1beta1/SubjectAccessReview.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,9 +21,9 @@ open module k8s.api.authorization.v1beta1.SubjectAccessReview
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/authorization/v1beta1/SubjectAccessReviewSpec.pkl"
import ".../api/authorization/v1beta1/SubjectAccessReviewStatus.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "authorization.k8s.io/v1beta1"
@@ -36,4 +36,3 @@ spec: SubjectAccessReviewSpec
/// Status is filled in by the server and indicates whether the request is allowed or not
status: SubjectAccessReviewStatus?
-
diff --git a/generated-package/api/authorization/v1beta1/SubjectAccessReviewSpec.pkl b/generated-package/api/authorization/v1beta1/SubjectAccessReviewSpec.pkl
index 2d270e6..2ad3b24 100644
--- a/generated-package/api/authorization/v1beta1/SubjectAccessReviewSpec.pkl
+++ b/generated-package/api/authorization/v1beta1/SubjectAccessReviewSpec.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -47,4 +47,3 @@ user: String?
/// Groups is the groups you're testing for.
group: Listing?
-
diff --git a/generated-package/api/authorization/v1beta1/SubjectAccessReviewStatus.pkl b/generated-package/api/authorization/v1beta1/SubjectAccessReviewStatus.pkl
index ca4ada4..87e4fab 100644
--- a/generated-package/api/authorization/v1beta1/SubjectAccessReviewStatus.pkl
+++ b/generated-package/api/authorization/v1beta1/SubjectAccessReviewStatus.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -43,4 +43,3 @@ evaluationError: String?
/// If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action.
/// Denied may not be true if Allowed is true.
denied: Boolean?(allowed.implies(this == false))
-
diff --git a/generated-package/api/autoscaling/v1/HorizontalPodAutoscaler.pkl b/generated-package/api/autoscaling/v1/HorizontalPodAutoscaler.pkl
index 7d705be..6c5bdc4 100644
--- a/generated-package/api/autoscaling/v1/HorizontalPodAutoscaler.pkl
+++ b/generated-package/api/autoscaling/v1/HorizontalPodAutoscaler.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -87,4 +87,3 @@ class HorizontalPodAutoscalerStatus {
/// observedGeneration is the most recent generation observed by this autoscaler.
observedGeneration: Int?
}
-
diff --git a/generated-package/api/autoscaling/v1/HorizontalPodAutoscalerList.pkl b/generated-package/api/autoscaling/v1/HorizontalPodAutoscalerList.pkl
index c6c3970..6cc7db6 100644
--- a/generated-package/api/autoscaling/v1/HorizontalPodAutoscalerList.pkl
+++ b/generated-package/api/autoscaling/v1/HorizontalPodAutoscalerList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.autoscaling.v1.HorizontalPodAutoscalerList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/autoscaling/v1/HorizontalPodAutoscaler.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "autoscaling/v1"
@@ -32,4 +32,3 @@ metadata: ListMeta?
/// items is the list of horizontal pod autoscaler objects.
items: Listing
-
diff --git a/generated-package/api/autoscaling/v1/Scale.pkl b/generated-package/api/autoscaling/v1/Scale.pkl
index f061f0b..44b6fc0 100644
--- a/generated-package/api/autoscaling/v1/Scale.pkl
+++ b/generated-package/api/autoscaling/v1/Scale.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -58,4 +58,3 @@ class ScaleStatus {
/// More info about label selectors:
selector: String?
}
-
diff --git a/generated-package/api/autoscaling/v2/HorizontalPodAutoscaler.pkl b/generated-package/api/autoscaling/v2/HorizontalPodAutoscaler.pkl
index 35f5c53..b6a2041 100644
--- a/generated-package/api/autoscaling/v2/HorizontalPodAutoscaler.pkl
+++ b/generated-package/api/autoscaling/v2/HorizontalPodAutoscaler.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.autoscaling.v2.HorizontalPodAutoscaler
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "autoscaling/v2"
@@ -97,7 +97,7 @@ class MetricSpec {
/// type is the type of metric source.
///
/// It should be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object.
- type: "ContainerResource"|"External"|"Object"|"Pods"|"Resource"
+ type: "ContainerResource" | "External" | "Object" | "Pods" | "Resource"
/// object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).
object: ObjectMetricSource?
@@ -220,11 +220,15 @@ class HorizontalPodAutoscalerBehavior {
scaleDown: HPAScalingRules?
}
-/// HPAScalingRules configures the scaling behavior for one direction.
+/// HPAScalingRules configures the scaling behavior for one direction via scaling Policy Rules and a configurable metric tolerance.
+///
///
-/// These Rules are applied after calculating DesiredReplicas from metrics for the HPA.
+/// Scaling Policy Rules are applied after calculating DesiredReplicas from metrics for the HPA.
/// They can limit the scaling velocity by specifying scaling policies.
/// They can prevent flapping by specifying the stabilization window, so that the number of replicas is not set instantly, instead, the safest value from the stabilization window is chosen.
+///
+/// The tolerance is applied to the metric values and prevents scaling too eagerly for small metric variations.
+/// (Note that setting a tolerance requires enabling the alpha HPAConfigurableTolerance feature gate.)
class HPAScalingRules {
/// selectPolicy is used to specify which policy should be used.
///
@@ -240,8 +244,20 @@ class HPAScalingRules {
/// policies is a list of potential scaling polices which can be used during scaling.
///
- /// At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+ /// If not set, use the default values: - For scale up: allow doubling the number of pods, or an absolute change of 4 pods in a 15s window.
+ /// - For scale down: allow all pods to be removed in a 15s window.
policies: Listing?
+
+ /// tolerance is the tolerance on the ratio between the current and desired metric value under which no updates are made to the desired number of replicas (e.g. 0.01 for 1%).
+ ///
+ /// Must be greater than or equal to zero.
+ /// If not set, the default cluster-wide tolerance is applied (by default 10%).
+ ///
+ /// For example, if autoscaling is configured with a memory consumption target of 100Mi, and scale-down and scale-up tolerances of 5% and 1% respectively, scaling will be triggered when the actual consumption falls below 95Mi or exceeds 101Mi.
+ ///
+ /// This is an alpha field and requires enabling the HPAConfigurableTolerance feature gate.
+ @K8sVersion { introducedIn = "1.33" }
+ tolerance: Quantity?
}
/// HPAScalingPolicy is a single policy which must hold true for a specified past interval.
@@ -296,7 +312,7 @@ class HorizontalPodAutoscalerCondition {
type: String
/// status is the status of the condition (True, False, Unknown)
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
/// MetricStatus describes the last-read state of a single metric.
@@ -324,7 +340,7 @@ class MetricStatus {
/// type is the type of metric source.
///
/// It will be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object.
- type: "ContainerResource"|"External"|"Object"|"Pods"|"Resource"
+ type: "ContainerResource" | "External" | "Object" | "Pods" | "Resource"
/// object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).
object: ObjectMetricStatus?
@@ -396,4 +412,3 @@ class ObjectMetricStatus {
/// metric identifies the target metric by name and selector
metric: MetricIdentifier
}
-
diff --git a/generated-package/api/autoscaling/v2/HorizontalPodAutoscalerList.pkl b/generated-package/api/autoscaling/v2/HorizontalPodAutoscalerList.pkl
index ebcb9ee..e34b185 100644
--- a/generated-package/api/autoscaling/v2/HorizontalPodAutoscalerList.pkl
+++ b/generated-package/api/autoscaling/v2/HorizontalPodAutoscalerList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.autoscaling.v2.HorizontalPodAutoscalerList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/autoscaling/v2/HorizontalPodAutoscaler.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "autoscaling/v2"
@@ -33,4 +33,3 @@ metadata: ListMeta?
/// items is the list of horizontal pod autoscaler objects.
items: Listing
-
diff --git a/generated-package/api/autoscaling/v2beta1/HorizontalPodAutoscaler.pkl b/generated-package/api/autoscaling/v2beta1/HorizontalPodAutoscaler.pkl
index 4d45d83..5157a0e 100644
--- a/generated-package/api/autoscaling/v2beta1/HorizontalPodAutoscaler.pkl
+++ b/generated-package/api/autoscaling/v2beta1/HorizontalPodAutoscaler.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.autoscaling.v2beta1.HorizontalPodAutoscaler
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "autoscaling/v2beta1"
@@ -94,7 +94,7 @@ class MetricSpec {
///
/// It should be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object.
/// Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
- type: "ContainerResource"|"External"|"Object"|"Pods"|"Resource"
+ type: "ContainerResource" | "External" | "Object" | "Pods" | "Resource"
/// object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).
object: ObjectMetricSource?
@@ -266,7 +266,7 @@ class MetricStatus {
///
/// It will be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object.
/// Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
- type: "ContainerResource"|"External"|"Object"|"Pods"|"Resource"
+ type: "ContainerResource" | "External" | "Object" | "Pods" | "Resource"
/// object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).
object: ObjectMetricStatus?
@@ -359,4 +359,3 @@ class ObjectMetricStatus {
/// target is the described Kubernetes object.
target: CrossVersionObjectReference
}
-
diff --git a/generated-package/api/autoscaling/v2beta1/HorizontalPodAutoscalerList.pkl b/generated-package/api/autoscaling/v2beta1/HorizontalPodAutoscalerList.pkl
index 4c512e8..1b57023 100644
--- a/generated-package/api/autoscaling/v2beta1/HorizontalPodAutoscalerList.pkl
+++ b/generated-package/api/autoscaling/v2beta1/HorizontalPodAutoscalerList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.autoscaling.v2beta1.HorizontalPodAutoscalerList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/autoscaling/v2beta1/HorizontalPodAutoscaler.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "autoscaling/v2beta1"
@@ -33,4 +33,3 @@ metadata: ListMeta?
/// items is the list of horizontal pod autoscaler objects.
items: Listing
-
diff --git a/generated-package/api/autoscaling/v2beta2/HorizontalPodAutoscaler.pkl b/generated-package/api/autoscaling/v2beta2/HorizontalPodAutoscaler.pkl
index 0fdb4cc..9d0f9ba 100644
--- a/generated-package/api/autoscaling/v2beta2/HorizontalPodAutoscaler.pkl
+++ b/generated-package/api/autoscaling/v2beta2/HorizontalPodAutoscaler.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.autoscaling.v2beta2.HorizontalPodAutoscaler
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "autoscaling/v2beta2"
@@ -100,7 +100,7 @@ class MetricSpec {
///
/// It should be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object.
/// Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
- type: "ContainerResource"|"External"|"Object"|"Pods"|"Resource"
+ type: "ContainerResource" | "External" | "Object" | "Pods" | "Resource"
/// object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).
object: ObjectMetricSource?
@@ -137,7 +137,7 @@ class MetricTarget {
averageUtilization: Int32?
/// type represents whether the metric type is Utilization, Value, or AverageValue
- type: "Utilization"|"Value"|"AverageValue"
+ type: "Utilization" | "Value" | "AverageValue"
/// value is the target value of the metric (as a quantity).
value: Quantity?
@@ -328,7 +328,7 @@ class MetricStatus {
///
/// It will be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object.
/// Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
- type: "ContainerResource"|"External"|"Object"|"Pods"|"Resource"
+ type: "ContainerResource" | "External" | "Object" | "Pods" | "Resource"
/// object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).
object: ObjectMetricStatus?
@@ -399,4 +399,3 @@ class ObjectMetricStatus {
/// metric identifies the target metric by name and selector
metric: MetricIdentifier
}
-
diff --git a/generated-package/api/autoscaling/v2beta2/HorizontalPodAutoscalerList.pkl b/generated-package/api/autoscaling/v2beta2/HorizontalPodAutoscalerList.pkl
index 6dc024e..2d53bde 100644
--- a/generated-package/api/autoscaling/v2beta2/HorizontalPodAutoscalerList.pkl
+++ b/generated-package/api/autoscaling/v2beta2/HorizontalPodAutoscalerList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.autoscaling.v2beta2.HorizontalPodAutoscalerList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/autoscaling/v2beta2/HorizontalPodAutoscaler.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "autoscaling/v2beta2"
@@ -33,4 +33,3 @@ metadata: ListMeta?
/// items is the list of horizontal pod autoscaler objects.
items: Listing
-
diff --git a/generated-package/api/batch/v1/CronJob.pkl b/generated-package/api/batch/v1/CronJob.pkl
index 9e3e613..67fe2aa 100644
--- a/generated-package/api/batch/v1/CronJob.pkl
+++ b/generated-package/api/batch/v1/CronJob.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,9 +21,9 @@ open module k8s.api.batch.v1.CronJob
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/batch/v1/JobSpec.pkl"
import ".../api/core/v1/ObjectReference.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "batch/v1"
@@ -65,7 +65,7 @@ class CronJobSpec {
/// Specifies how to treat concurrent executions of a Job.
///
/// Valid values are:
- ///
+ ///
/// - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
concurrencyPolicy: String?
@@ -116,4 +116,3 @@ class CronJobStatus {
/// Information when was the last time the job successfully completed.
lastSuccessfulTime: Time?
}
-
diff --git a/generated-package/api/batch/v1/CronJobList.pkl b/generated-package/api/batch/v1/CronJobList.pkl
index 46f3154..21d2980 100644
--- a/generated-package/api/batch/v1/CronJobList.pkl
+++ b/generated-package/api/batch/v1/CronJobList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.batch.v1.CronJobList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/batch/v1/CronJob.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "batch/v1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// items is the list of CronJobs.
items: Listing
-
diff --git a/generated-package/api/batch/v1/Job.pkl b/generated-package/api/batch/v1/Job.pkl
index abe8d55..2700d33 100644
--- a/generated-package/api/batch/v1/Job.pkl
+++ b/generated-package/api/batch/v1/Job.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.batch.v1.Job
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/batch/v1/JobSpec.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "batch/v1"
@@ -76,14 +76,14 @@ class JobStatus {
/// When a Job is created in the suspended state, this field is not set until the first time it is resumed.
/// This field is reset every time a Job is resumed from suspension.
/// It is represented in RFC3339 form and is in UTC.
- ///
+ ///
/// Once set, the field can only be removed when the job is suspended.
/// The field cannot be modified while the job is unsuspended or finished.
startTime: Time?
/// The number of pods which are terminating (in phase Pending or Running and have a deletionTimestamp).
///
- ///
+ ///
/// This field is beta-level.
/// The job controller populates the field when the feature gate JobPodReplacementPolicy is enabled (enabled by default).
@K8sVersion { introducedIn = "1.28" }
@@ -91,10 +91,10 @@ class JobStatus {
/// uncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters.
///
- ///
+ ///
/// The job controller creates pods with a finalizer.
/// When a pod terminates (succeeded or failed), the controller does three steps to account for it in the job status:
- ///
+ ///
/// 1.
/// Add the pod UID to the arrays in this field.
/// 2.
@@ -102,7 +102,7 @@ class JobStatus {
/// 3.
/// Remove the pod UID from the arrays while increasing the corresponding
/// counter.
- ///
+ ///
/// Old jobs might not be tracked using this field, in which case the field remains null.
/// The structure is empty for finished jobs.
@K8sVersion { introducedIn = "1.22" }
@@ -118,12 +118,12 @@ class JobStatus {
/// When a Job fails, one of the conditions will have type "Failed" and status true.
/// When a Job is suspended, one of the conditions will have type "Suspended" and status true; when the Job is resumed, the status of this condition will become false.
/// When a Job is completed, one of the conditions will have type "Complete" and status true.
- ///
+ ///
/// A job is considered finished when it is in a terminal condition, either "Complete" or "Failed".
/// A Job cannot have both the "Complete" and "Failed" conditions.
/// Additionally, it cannot be in the "Complete" and "FailureTarget" conditions.
/// The "Complete", "Failed" and "FailureTarget" conditions cannot be disabled.
- ///
+ ///
/// More info:
conditions: Listing?
@@ -135,9 +135,6 @@ class JobStatus {
/// Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen.
/// For example, if the failed indexes are 1, 3, 4, 5 and 7, they are represented as "1,3-5,7".
/// The set of failed indexes cannot overlap with the set of completed indexes.
- ///
- /// This field is beta-level.
- /// It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (enabled by default).
@K8sVersion { introducedIn = "1.28" }
failedIndexes: String?
@@ -175,6 +172,5 @@ class JobCondition {
lastProbeTime: Time?
/// Status of the condition, one of True, False, Unknown.
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
-
diff --git a/generated-package/api/batch/v1/JobList.pkl b/generated-package/api/batch/v1/JobList.pkl
index 0f98fbb..0c4af1a 100644
--- a/generated-package/api/batch/v1/JobList.pkl
+++ b/generated-package/api/batch/v1/JobList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.batch.v1.JobList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/batch/v1/Job.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "batch/v1"
@@ -34,4 +34,3 @@ metadata: ListMeta?
/// items is the list of Jobs.
items: Listing
-
diff --git a/generated-package/api/batch/v1/JobSpec.pkl b/generated-package/api/batch/v1/JobSpec.pkl
index 28cd2f6..f22fd99 100644
--- a/generated-package/api/batch/v1/JobSpec.pkl
+++ b/generated-package/api/batch/v1/JobSpec.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -41,7 +41,8 @@ template: PodTemplateSpec
/// Specifies the number of retries before marking this job failed.
///
-/// Defaults to 6
+/// Defaults to 6, unless backoffLimitPerIndex (only Indexed Job) is specified.
+/// When backoffLimitPerIndex is specified, backoffLimit defaults to 2147483647.
backoffLimit: Int32?
/// Specifies the limit for the number of retries within an index before marking this index as failed.
@@ -49,8 +50,6 @@ backoffLimit: Int32?
/// When enabled the number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count annotation.
/// It can only be set when Job's completionMode=Indexed, and the Pod's restart policy is Never.
/// The field is immutable.
-/// This field is beta-level.
-/// It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (enabled by default).
@K8sVersion { introducedIn = "1.28" }
backoffLimitPerIndex: Int32?
@@ -80,19 +79,19 @@ completions: Int32?
/// completionMode specifies how Pod completions are tracked.
///
/// It can be `NonIndexed` (default) or `Indexed`.
-///
+///
/// `NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods.
/// Each Pod completion is homologous to each other.
-///
+///
/// `Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index.
/// The Job is considered complete when there is one successfully completed Pod for each index.
/// When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5.
/// In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`.
-///
+///
/// More completion modes can be added in the future.
/// If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.
@K8sVersion { introducedIn = "1.21" }
-completionMode: ("NonIndexed"|"Indexed")?
+completionMode: ("NonIndexed" | "Indexed")?
/// Specifies the policy of handling failed pods.
///
@@ -116,12 +115,9 @@ ttlSecondsAfterFinished: Int32?
/// when they are terminating (has a metadata.deletionTimestamp) or failed.
/// - Failed means to wait until a previously created Pod is fully terminated (has phase
/// Failed or Succeeded) before creating a replacement Pod.
-///
+///
/// When using podFailurePolicy, Failed is the the only allowed value.
/// TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.
-/// This is an beta field.
-/// To use this, enable the JobPodReplacementPolicy feature toggle.
-/// This is on by default.
@K8sVersion { introducedIn = "1.28" }
podReplacementPolicy: String?
@@ -132,7 +128,7 @@ podReplacementPolicy: String?
/// All characters trailing the first "/" must be valid HTTP Path characters as defined by RFC 3986.
/// The value cannot exceed 63 characters.
/// This field is immutable.
-///
+///
/// This field is beta-level.
/// The job controller accepts setting the field when the feature gate JobManagedBy is enabled (enabled by default).
@K8sVersion { introducedIn = "1.30" }
@@ -151,8 +147,6 @@ selector: LabelSelector?
/// It can only be specified when backoffLimitPerIndex is set.
/// It can be null or up to completions.
/// It is required and must be less than or equal to 10^4 when is completions greater than 10^5.
-/// This field is beta-level.
-/// It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (enabled by default).
@K8sVersion { introducedIn = "1.28" }
maxFailedIndexes: Int32?
@@ -166,9 +160,6 @@ activeDeadlineSeconds: Int?
/// If empty, the default behavior applies - the Job is declared as succeeded only when the number of succeeded pods equals to the completions.
/// When the field is specified, it must be immutable and works only for the Indexed Jobs.
/// Once the Job meets the SuccessPolicy, the lingering pods are terminated.
-///
-/// This field is beta-level.
-/// To use this field, you must enable the `JobSuccessPolicy` feature gate (enabled by default).
@K8sVersion { introducedIn = "1.30" }
successPolicy: SuccessPolicy?
@@ -193,14 +184,11 @@ class PodFailurePolicyRule {
/// Specifies the action taken on a pod failure when the requirements are satisfied.
///
/// Possible values are:
- ///
+ ///
/// - FailJob: indicates that the pod's job is marked as Failed and all
/// running pods are terminated.
/// - FailIndex: indicates that the pod's index is marked as Failed and will
/// not be restarted.
- /// This value is beta-level.
- /// It can be used when the
- /// `JobBackoffLimitPerIndex` feature gate is enabled (enabled by default).
/// - Ignore: indicates that the counter towards the .backoffLimit is not
/// incremented and a replacement pod is created.
/// - Count: indicates that the pod is handled in the default way - the
@@ -241,7 +229,7 @@ class PodFailurePolicyOnExitCodesRequirement {
///
/// Containers completed with success (exit code 0) are excluded from the requirement check.
/// Possible values are:
- ///
+ ///
/// - In: the requirement is satisfied if at least one container exit code
/// (might be multiple if there are multiple containers not restricted
/// by the 'containerName' field) is in the set of specified values.
@@ -271,7 +259,7 @@ class PodFailurePolicyOnPodConditionsPattern {
class SuccessPolicy {
/// rules represents the list of alternative rules for the declaring the Jobs as successful before `.status.succeeded >= .spec.completions`.
///
- /// Once any of the rules are met, the "SucceededCriteriaMet" condition is added, and the lingering pods are removed.
+ /// Once any of the rules are met, the "SuccessCriteriaMet" condition is added, and the lingering pods are removed.
/// The terminal state for such a Job has the "Complete" condition.
/// Additionally, these rules are evaluated in order; Once the Job meets one of the rules, other rules are ignored.
/// At most 20 elements are allowed.
@@ -301,4 +289,3 @@ class SuccessPolicyRule {
/// When this field is null, this field doesn't default to any value and is never evaluated at any time.
succeededIndexes: String?
}
-
diff --git a/generated-package/api/batch/v1beta1/CronJob.pkl b/generated-package/api/batch/v1beta1/CronJob.pkl
index 45f37d1..7ba2b41 100644
--- a/generated-package/api/batch/v1beta1/CronJob.pkl
+++ b/generated-package/api/batch/v1beta1/CronJob.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,9 +21,9 @@ open module k8s.api.batch.v1beta1.CronJob
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/batch/v1/JobSpec.pkl"
import ".../api/core/v1/ObjectReference.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "batch/v1beta1"
@@ -65,7 +65,7 @@ class CronJobSpec {
/// Specifies how to treat concurrent executions of a Job.
///
/// Valid values are: - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
- concurrencyPolicy: ("Allow"|"Forbid"|"Replace")?
+ concurrencyPolicy: ("Allow" | "Forbid" | "Replace")?
/// The time zone for the given schedule, see
///
@@ -112,4 +112,3 @@ class CronJobStatus {
@K8sVersion { introducedIn = "1.21" }
lastSuccessfulTime: Time?
}
-
diff --git a/generated-package/api/batch/v1beta1/CronJobList.pkl b/generated-package/api/batch/v1beta1/CronJobList.pkl
index eb7a013..c220010 100644
--- a/generated-package/api/batch/v1beta1/CronJobList.pkl
+++ b/generated-package/api/batch/v1beta1/CronJobList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.batch.v1beta1.CronJobList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/batch/v1beta1/CronJob.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "batch/v1beta1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// items is the list of CronJobs.
items: Listing
-
diff --git a/generated-package/api/batch/v2alpha1/CronJob.pkl b/generated-package/api/batch/v2alpha1/CronJob.pkl
index ff96544..0c568c9 100644
--- a/generated-package/api/batch/v2alpha1/CronJob.pkl
+++ b/generated-package/api/batch/v2alpha1/CronJob.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,9 +21,9 @@ open module k8s.api.batch.v2alpha1.CronJob
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/batch/v1/JobSpec.pkl"
import ".../api/core/v1/ObjectReference.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "batch/v2alpha1"
@@ -65,7 +65,7 @@ class CronJobSpec {
/// Specifies how to treat concurrent executions of a Job.
///
/// Valid values are: - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
- concurrencyPolicy: ("Allow"|"Forbid"|"Replace")?
+ concurrencyPolicy: ("Allow" | "Forbid" | "Replace")?
/// The number of failed finished jobs to retain.
///
@@ -99,4 +99,3 @@ class CronJobStatus {
/// A list of pointers to currently running jobs.
active: Listing?
}
-
diff --git a/generated-package/api/batch/v2alpha1/CronJobList.pkl b/generated-package/api/batch/v2alpha1/CronJobList.pkl
index 84fba58..4a642a3 100644
--- a/generated-package/api/batch/v2alpha1/CronJobList.pkl
+++ b/generated-package/api/batch/v2alpha1/CronJobList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.batch.v2alpha1.CronJobList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/batch/v2alpha1/CronJob.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "batch/v2alpha1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// items is the list of CronJobs.
items: Listing
-
diff --git a/generated-package/api/certificates/v1/CertificateSigningRequest.pkl b/generated-package/api/certificates/v1/CertificateSigningRequest.pkl
index c589f08..2a17cdc 100644
--- a/generated-package/api/certificates/v1/CertificateSigningRequest.pkl
+++ b/generated-package/api/certificates/v1/CertificateSigningRequest.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -16,13 +16,13 @@
/// CertificateSigningRequest objects provide a mechanism to obtain x509 certificates by submitting a certificate signing request, and having it asynchronously approved and issued.
///
-///
+///
/// Kubelets use this API to obtain:
/// 1.
/// client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName).
/// 2.
/// serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).
-///
+///
/// This API can be used to request client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client" signerName), or to obtain certificates from custom non-Kubernetes signers.
@ModuleInfo { minPklVersion = "0.25.0" }
open module k8s.api.certificates.v1.CertificateSigningRequest
@@ -61,11 +61,11 @@ class CertificateSigningRequestSpec {
/// expirationSeconds is the requested duration of validity of the issued certificate.
///
/// The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration.
- ///
+ ///
/// The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager.
- ///
+ ///
/// Certificate signers may not honor this field for various reasons:
- ///
+ ///
/// 1.
/// Old signer that is unaware of the field (such as the in-tree
/// implementations prior to v1.22)
@@ -73,7 +73,7 @@ class CertificateSigningRequestSpec {
/// Signer whose configured maximum is shorter than the requested duration
/// 3.
/// Signer whose configured minimum is longer than the requested duration
- ///
+ ///
/// The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
@K8sVersion { introducedIn = "1.22" }
expirationSeconds: Int32?
@@ -90,11 +90,11 @@ class CertificateSigningRequestSpec {
/// usages specifies a set of key usages requested in the issued certificate.
///
- ///
+ ///
/// Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
- ///
+ ///
/// Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
- ///
+ ///
/// Valid values are:
/// "signing", "digital signature", "content commitment",
/// "key encipherment", "key agreement", "data encipherment",
@@ -103,13 +103,35 @@ class CertificateSigningRequestSpec {
/// "code signing", "email protection", "s/mime",
/// "ipsec end system", "ipsec tunnel", "ipsec user",
/// "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
- usages: "signing"|"digital signature"|"content commitment"|"key encipherment"|"key agreement"|"data encipherment"|"cert sign"|"crl sign"|"encipher only"|"decipher only"|"any"|"server auth"|"client auth"|"code signing"|"email protection"|"s/mime"|"ipsec end system"|"ipsec tunnel"|"ipsec user"|"timestamping"|"ocsp signing"|"microsoft sgc"|"netscape sgc"
+ usages: "signing"
+ | "digital signature"
+ | "content commitment"
+ | "key encipherment"
+ | "key agreement"
+ | "data encipherment"
+ | "cert sign"
+ | "crl sign"
+ | "encipher only"
+ | "decipher only"
+ | "any"
+ | "server auth"
+ | "client auth"
+ | "code signing"
+ | "email protection"
+ | "s/mime"
+ | "ipsec end system"
+ | "ipsec tunnel"
+ | "ipsec user"
+ | "timestamping"
+ | "ocsp signing"
+ | "microsoft sgc"
+ | "netscape sgc"
/// signerName indicates the requested signer, and is a qualified name.
///
- ///
+ ///
/// List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
- ///
+ ///
/// Well-known Kubernetes signers are:
/// 1.
/// "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
@@ -120,9 +142,9 @@ class CertificateSigningRequestSpec {
/// 3.
/// "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
/// Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
- ///
+ ///
/// More details are available at
- ///
+ ///
/// Custom signerNames can also be specified.
/// The signer defines:
/// 1.
@@ -151,10 +173,10 @@ class CertificateSigningRequestStatus {
///
/// This field is set via the /status subresource.
/// Once populated, this field is immutable.
- ///
+ ///
/// If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty.
/// If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty.
- ///
+ ///
/// Validation requirements:
/// 1.
/// certificate must contain one or more PEM blocks.
@@ -164,13 +186,13 @@ class CertificateSigningRequestStatus {
/// 3.
/// Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated,
/// to allow for explanatory text as described in section 5.2 of RFC7468.
- ///
+ ///
/// If more than one PEM block is present, and the definition of the requested spec.signerName does not indicate otherwise, the first block is the issued certificate, and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes.
- ///
+ ///
/// The certificate is encoded in PEM format.
- ///
+ ///
/// When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of:
- ///
+ ///
/// base64(
/// -----BEGIN CERTIFICATE-----
/// ...
@@ -200,18 +222,18 @@ class CertificateSigningRequestCondition {
/// type of the condition.
///
/// Known conditions are "Approved", "Denied", and "Failed".
- ///
+ ///
/// An "Approved" condition is added via the /approval subresource, indicating the request was approved and should be issued by the signer.
- ///
+ ///
/// A "Denied" condition is added via the /approval subresource, indicating the request was denied and should not be issued by the signer.
- ///
+ ///
/// A "Failed" condition is added via the /status subresource, indicating the signer failed to issue the certificate.
- ///
+ ///
/// Approved and Denied conditions are mutually exclusive.
/// Approved, Denied, and Failed conditions cannot be removed once added.
- ///
+ ///
/// Only one condition of a given type is allowed.
- type: "Approved"|"Denied"|"Failed"|String
+ type: "Approved" | "Denied" | "Failed" | String
/// lastUpdateTime is the time of the last update to this condition
lastUpdateTime: Time?
@@ -219,6 +241,5 @@ class CertificateSigningRequestCondition {
/// status of the condition, one of True, False, Unknown.
///
/// Approved, Denied, and Failed conditions may not be "False" or "Unknown".
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
-
diff --git a/generated-package/api/certificates/v1/CertificateSigningRequestList.pkl b/generated-package/api/certificates/v1/CertificateSigningRequestList.pkl
index 936825c..588dded 100644
--- a/generated-package/api/certificates/v1/CertificateSigningRequestList.pkl
+++ b/generated-package/api/certificates/v1/CertificateSigningRequestList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.certificates.v1.CertificateSigningRequestList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/certificates/v1/CertificateSigningRequest.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "certificates.k8s.io/v1"
@@ -31,4 +31,3 @@ metadata: ListMeta?
/// items is a collection of CertificateSigningRequest objects
items: Listing
-
diff --git a/generated-package/api/certificates/v1alpha1/ClusterTrustBundle.pkl b/generated-package/api/certificates/v1alpha1/ClusterTrustBundle.pkl
index 78af14b..043af4e 100644
--- a/generated-package/api/certificates/v1alpha1/ClusterTrustBundle.pkl
+++ b/generated-package/api/certificates/v1alpha1/ClusterTrustBundle.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -16,11 +16,11 @@
/// ClusterTrustBundle is a cluster-scoped container for X.509 trust anchors (root certificates).
///
-///
+///
/// ClusterTrustBundle objects are considered to be readable by any authenticated user in the cluster, because they can be mounted by pods using the `clusterTrustBundle` projection.
/// All service accounts have read access to ClusterTrustBundles by default.
/// Users who only have namespace-level access to a cluster can read ClusterTrustBundles by impersonating a serviceaccount that they have access to.
-///
+///
/// It can be optionally associated with a particular assigner, in which case it contains one valid set of trust anchors for that signer.
/// Signers may have multiple associated ClusterTrustBundles; each is an independent set of trust anchors for that signer.
/// Admission control is used to enforce that only users with permissions on the signer can create or modify the corresponding bundle.
@@ -46,25 +46,24 @@ spec: ClusterTrustBundleSpec
class ClusterTrustBundleSpec {
/// trustBundle contains the individual X.509 trust anchors for this bundle, as PEM bundle of PEM-wrapped, DER-formatted X.509 certificates.
///
- ///
+ ///
/// The data must consist only of PEM certificate blocks that parse as valid X.509 certificates.
/// Each certificate must include a basic constraints extension with the CA bit set.
/// The API server will reject objects that contain duplicate certificates, or that use PEM block headers.
- ///
+ ///
/// Users of ClusterTrustBundles, including Kubelet, are free to reorder and deduplicate certificate blocks in this file according to their own logic, as well as to drop PEM block headers and inter-block data.
trustBundle: String
/// signerName indicates the associated signer, if any.
///
- ///
+ ///
/// In order to create or update a ClusterTrustBundle that sets signerName, you must have the following cluster-scoped permission: group=certificates.k8s.io resource=signers resourceName= verb=attest.
- ///
+ ///
/// If signerName is not empty, then the ClusterTrustBundle object must be named with the signer name as a prefix (translating slashes to colons).
/// For example, for the signer name `example.com/foo`, valid ClusterTrustBundle object names include `example.com:foo:abc` and `example.com:foo:v1`.
- ///
+ ///
/// If signerName is empty, then the ClusterTrustBundle object's name must not have such a prefix.
- ///
+ ///
/// List/watch requests for ClusterTrustBundles can filter on this field using a `spec.signerName=NAME` field selector.
signerName: String?
}
-
diff --git a/generated-package/api/certificates/v1alpha1/ClusterTrustBundleList.pkl b/generated-package/api/certificates/v1alpha1/ClusterTrustBundleList.pkl
index f67e393..3a50bf6 100644
--- a/generated-package/api/certificates/v1alpha1/ClusterTrustBundleList.pkl
+++ b/generated-package/api/certificates/v1alpha1/ClusterTrustBundleList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.certificates.v1alpha1.ClusterTrustBundleList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/certificates/v1alpha1/ClusterTrustBundle.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "certificates.k8s.io/v1alpha1"
@@ -33,4 +33,3 @@ metadata: ListMeta?
/// items is a collection of ClusterTrustBundle objects
items: Listing
-
diff --git a/generated-package/api/certificates/v1alpha1/PodCertificateRequest.pkl b/generated-package/api/certificates/v1alpha1/PodCertificateRequest.pkl
new file mode 100644
index 0000000..30c3d6d
--- /dev/null
+++ b/generated-package/api/certificates/v1alpha1/PodCertificateRequest.pkl
@@ -0,0 +1,165 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// PodCertificateRequest encodes a pod requesting a certificate from a given signer.
+///
+///
+/// Kubelets use this API to implement podCertificate projected volumes
+@K8sVersion { introducedIn = "1.34" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.certificates.v1alpha1.PodCertificateRequest
+
+extends ".../K8sResource.pkl"
+
+import ".../apimachinery/pkg/apis/meta/v1/Condition.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
+
+fixed apiVersion: "certificates.k8s.io/v1alpha1"
+
+fixed kind: "PodCertificateRequest"
+
+/// metadata contains the object metadata.
+metadata: ObjectMeta?
+
+/// spec contains the details about the certificate being requested.
+spec: PodCertificateRequestSpec
+
+/// status contains the issued certificate, and a standard set of conditions.
+status: PodCertificateRequestStatus?
+
+/// PodCertificateRequestSpec describes the certificate request.
+///
+/// All fields are immutable after creation.
+class PodCertificateRequestSpec {
+ /// nodeName is the name of the node the pod is assigned to.
+ nodeName: String
+
+ /// pkixPublicKey is the PKIX-serialized public key the signer will issue the certificate to.
+ ///
+ ///
+ /// The key must be one of RSA3072, RSA4096, ECDSAP256, ECDSAP384, ECDSAP521, or ED25519.
+ /// Note that this list may be expanded in the future.
+ ///
+ /// Signer implementations do not need to support all key types supported by kube-apiserver and kubelet.
+ /// If a signer does not support the key type used for a given PodCertificateRequest, it must deny the request by setting a status.conditions entry with a type of "Denied" and a reason of "UnsupportedKeyType".
+ /// It may also suggest a key type that it does support in the message field.
+ pkixPublicKey: String
+
+ /// podUID is the UID of the pod into which the certificate will be mounted.
+ podUID: String
+
+ /// serviceAccountName is the name of the service account the pod is running as.
+ serviceAccountName: String
+
+ /// maxExpirationSeconds is the maximum lifetime permitted for the certificate.
+ ///
+ ///
+ /// If omitted, kube-apiserver will set it to 86400(24 hours).
+ /// kube-apiserver will reject values shorter than 3600 (1 hour).
+ /// The maximum allowable value is 7862400 (91 days).
+ ///
+ /// The signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour).
+ /// This constraint is enforced by kube-apiserver.
+ /// `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours.
+ maxExpirationSeconds: Int32?
+
+ /// nodeUID is the UID of the node the pod is assigned to.
+ nodeUID: String
+
+ /// podName is the name of the pod into which the certificate will be mounted.
+ podName: String
+
+ /// proofOfPossession proves that the requesting kubelet holds the private key corresponding to pkixPublicKey.
+ ///
+ ///
+ /// It is contructed by signing the ASCII bytes of the pod's UID using `pkixPublicKey`.
+ ///
+ /// kube-apiserver validates the proof of possession during creation of the PodCertificateRequest.
+ ///
+ /// If the key is an RSA key, then the signature is over the ASCII bytes of the pod UID, using RSASSA-PSS from RFC 8017 (as implemented by the golang function crypto/rsa.SignPSS with nil options).
+ ///
+ /// If the key is an ECDSA key, then the signature is as described by [SEC 1, Version 2.0]( (as implemented by the golang library function crypto/ecdsa.SignASN1)
+ ///
+ /// If the key is an ED25519 key, the the signature is as described by the [ED25519 Specification]( (as implemented by the golang library crypto/ed25519.Sign).
+ proofOfPossession: String
+
+ /// serviceAccountUID is the UID of the service account the pod is running as.
+ serviceAccountUID: String
+
+ /// signerName indicates the requested signer.
+ ///
+ ///
+ /// All signer names beginning with `kubernetes.io` are reserved for use by the Kubernetes project.
+ /// There is currently one well-known signer documented by the Kubernetes project, `kubernetes.io/kube-apiserver-client-pod`, which will issue client certificates understood by kube-apiserver.
+ /// It is currently unimplemented.
+ signerName: String
+}
+
+/// PodCertificateRequestStatus describes the status of the request, and holds the certificate data if the request is issued.
+class PodCertificateRequestStatus {
+ /// notAfter is the time at which the certificate expires.
+ ///
+ /// The value must be the same as the notAfter value in the leaf certificate in certificateChain.
+ /// This field is set via the /status subresource.
+ /// Once populated, it is immutable.
+ /// The signer must set this field at the same time it sets certificateChain.
+ notAfter: Time?
+
+ /// certificateChain is populated with an issued certificate by the signer.
+ ///
+ /// This field is set via the /status subresource.
+ /// Once populated, this field is immutable.
+ ///
+ /// If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty.
+ /// If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty.
+ ///
+ /// Validation requirements:
+ /// 1.
+ /// certificateChain must consist of one or more PEM-formatted certificates.
+ /// 2.
+ /// Each entry must be a valid PEM-wrapped, DER-encoded ASN.1 Certificate as
+ /// described in section 4 of RFC5280.
+ ///
+ /// If more than one block is present, and the definition of the requested spec.signerName does not indicate otherwise, the first block is the issued certificate, and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes.
+ /// When projecting the chain into a pod volume, kubelet will drop any data in-between the PEM blocks, as well as any PEM block headers.
+ certificateChain: String?
+
+ /// beginRefreshAt is the time at which the kubelet should begin trying to refresh the certificate.
+ ///
+ /// This field is set via the /status subresource, and must be set at the same time as certificateChain.
+ /// Once populated, this field is immutable.
+ ///
+ /// This field is only a hint.
+ /// Kubelet may start refreshing before or after this time if necessary.
+ beginRefreshAt: Time?
+
+ /// conditions applied to the request.
+ ///
+ ///
+ /// The types "Issued", "Denied", and "Failed" have special handling.
+ /// At most one of these conditions may be present, and they must have status "True".
+ ///
+ /// If the request is denied with `Reason=UnsupportedKeyType`, the signer may suggest a key type that will work in the message field.
+ conditions: Listing?
+
+ /// notBefore is the time at which the certificate becomes valid.
+ ///
+ /// The value must be the same as the notBefore value in the leaf certificate in certificateChain.
+ /// This field is set via the /status subresource.
+ /// Once populated, it is immutable.
+ /// The signer must set this field at the same time it sets certificateChain.
+ notBefore: Time?
+}
diff --git a/generated-package/api/certificates/v1alpha1/PodCertificateRequestList.pkl b/generated-package/api/certificates/v1alpha1/PodCertificateRequestList.pkl
new file mode 100644
index 0000000..13a6702
--- /dev/null
+++ b/generated-package/api/certificates/v1alpha1/PodCertificateRequestList.pkl
@@ -0,0 +1,35 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// PodCertificateRequestList is a collection of PodCertificateRequest objects
+@K8sVersion { introducedIn = "1.34" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.certificates.v1alpha1.PodCertificateRequestList
+
+extends ".../K8sResource.pkl"
+
+import ".../api/certificates/v1alpha1/PodCertificateRequest.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
+
+fixed apiVersion: "certificates.k8s.io/v1alpha1"
+
+fixed kind: "PodCertificateRequestList"
+
+/// metadata contains the list metadata.
+metadata: ListMeta?
+
+/// items is a collection of PodCertificateRequest objects
+items: Listing
diff --git a/generated-package/api/certificates/v1beta1/CertificateSigningRequest.pkl b/generated-package/api/certificates/v1beta1/CertificateSigningRequest.pkl
index b10ebcd..a55f62a 100644
--- a/generated-package/api/certificates/v1beta1/CertificateSigningRequest.pkl
+++ b/generated-package/api/certificates/v1beta1/CertificateSigningRequest.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -85,7 +85,29 @@ class CertificateSigningRequestSpec {
/// "ocsp signing",
/// "microsoft sgc",
/// "netscape sgc"
- usages: "signing"|"digital signature"|"content commitment"|"key encipherment"|"key agreement"|"data encipherment"|"cert sign"|"crl sign"|"encipher only"|"decipher only"|"any"|"server auth"|"client auth"|"code signing"|"email protection"|"s/mime"|"ipsec end system"|"ipsec tunnel"|"ipsec user"|"timestamping"|"ocsp signing"|"microsoft sgc"|"netscape sgc"
+ usages: "signing"
+ | "digital signature"
+ | "content commitment"
+ | "key encipherment"
+ | "key agreement"
+ | "data encipherment"
+ | "cert sign"
+ | "crl sign"
+ | "encipher only"
+ | "decipher only"
+ | "any"
+ | "server auth"
+ | "client auth"
+ | "code signing"
+ | "email protection"
+ | "s/mime"
+ | "ipsec end system"
+ | "ipsec tunnel"
+ | "ipsec user"
+ | "timestamping"
+ | "ocsp signing"
+ | "microsoft sgc"
+ | "netscape sgc"
/// Requested signer for the request.
///
@@ -132,7 +154,7 @@ class CertificateSigningRequestCondition {
/// type of the condition.
///
/// Known conditions include "Approved", "Denied", and "Failed".
- type: "Approved"|"Denied"|"Failed"|String
+ type: "Approved" | "Denied" | "Failed" | String
/// timestamp for the last update to this condition
lastUpdateTime: Time?
@@ -142,6 +164,5 @@ class CertificateSigningRequestCondition {
/// Approved, Denied, and Failed conditions may not be "False" or "Unknown".
/// Defaults to "True".
/// If unset, should be treated as "True".
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
-
diff --git a/generated-package/api/certificates/v1beta1/CertificateSigningRequestList.pkl b/generated-package/api/certificates/v1beta1/CertificateSigningRequestList.pkl
index f472619..5391569 100644
--- a/generated-package/api/certificates/v1beta1/CertificateSigningRequestList.pkl
+++ b/generated-package/api/certificates/v1beta1/CertificateSigningRequestList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.certificates.v1beta1.CertificateSigningRequestList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/certificates/v1beta1/CertificateSigningRequest.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "certificates.k8s.io/v1beta1"
@@ -30,4 +30,3 @@ fixed kind: "CertificateSigningRequestList"
metadata: ListMeta?
items: Listing
-
diff --git a/generated-package/api/certificates/v1beta1/ClusterTrustBundle.pkl b/generated-package/api/certificates/v1beta1/ClusterTrustBundle.pkl
new file mode 100644
index 0000000..60df6ba
--- /dev/null
+++ b/generated-package/api/certificates/v1beta1/ClusterTrustBundle.pkl
@@ -0,0 +1,69 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// ClusterTrustBundle is a cluster-scoped container for X.509 trust anchors (root certificates).
+///
+///
+/// ClusterTrustBundle objects are considered to be readable by any authenticated user in the cluster, because they can be mounted by pods using the `clusterTrustBundle` projection.
+/// All service accounts have read access to ClusterTrustBundles by default.
+/// Users who only have namespace-level access to a cluster can read ClusterTrustBundles by impersonating a serviceaccount that they have access to.
+///
+/// It can be optionally associated with a particular assigner, in which case it contains one valid set of trust anchors for that signer.
+/// Signers may have multiple associated ClusterTrustBundles; each is an independent set of trust anchors for that signer.
+/// Admission control is used to enforce that only users with permissions on the signer can create or modify the corresponding bundle.
+@K8sVersion { introducedIn = "1.33" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.certificates.v1beta1.ClusterTrustBundle
+
+extends ".../K8sResource.pkl"
+
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
+
+fixed apiVersion: "certificates.k8s.io/v1beta1"
+
+fixed kind: "ClusterTrustBundle"
+
+/// metadata contains the object metadata.
+metadata: ObjectMeta?
+
+/// spec contains the signer (if any) and trust anchors.
+spec: ClusterTrustBundleSpec
+
+/// ClusterTrustBundleSpec contains the signer and trust anchors.
+class ClusterTrustBundleSpec {
+ /// trustBundle contains the individual X.509 trust anchors for this bundle, as PEM bundle of PEM-wrapped, DER-formatted X.509 certificates.
+ ///
+ ///
+ /// The data must consist only of PEM certificate blocks that parse as valid X.509 certificates.
+ /// Each certificate must include a basic constraints extension with the CA bit set.
+ /// The API server will reject objects that contain duplicate certificates, or that use PEM block headers.
+ ///
+ /// Users of ClusterTrustBundles, including Kubelet, are free to reorder and deduplicate certificate blocks in this file according to their own logic, as well as to drop PEM block headers and inter-block data.
+ trustBundle: String
+
+ /// signerName indicates the associated signer, if any.
+ ///
+ ///
+ /// In order to create or update a ClusterTrustBundle that sets signerName, you must have the following cluster-scoped permission: group=certificates.k8s.io resource=signers resourceName= verb=attest.
+ ///
+ /// If signerName is not empty, then the ClusterTrustBundle object must be named with the signer name as a prefix (translating slashes to colons).
+ /// For example, for the signer name `example.com/foo`, valid ClusterTrustBundle object names include `example.com:foo:abc` and `example.com:foo:v1`.
+ ///
+ /// If signerName is empty, then the ClusterTrustBundle object's name must not have such a prefix.
+ ///
+ /// List/watch requests for ClusterTrustBundles can filter on this field using a `spec.signerName=NAME` field selector.
+ signerName: String?
+}
diff --git a/generated-package/api/certificates/v1beta1/ClusterTrustBundleList.pkl b/generated-package/api/certificates/v1beta1/ClusterTrustBundleList.pkl
new file mode 100644
index 0000000..d1555a7
--- /dev/null
+++ b/generated-package/api/certificates/v1beta1/ClusterTrustBundleList.pkl
@@ -0,0 +1,35 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// ClusterTrustBundleList is a collection of ClusterTrustBundle objects
+@K8sVersion { introducedIn = "1.33" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.certificates.v1beta1.ClusterTrustBundleList
+
+extends ".../K8sResource.pkl"
+
+import ".../api/certificates/v1beta1/ClusterTrustBundle.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
+
+fixed apiVersion: "certificates.k8s.io/v1beta1"
+
+fixed kind: "ClusterTrustBundleList"
+
+/// metadata contains the list metadata.
+metadata: ListMeta?
+
+/// items is a collection of ClusterTrustBundle objects
+items: Listing
diff --git a/generated-package/api/coordination/v1/Lease.pkl b/generated-package/api/coordination/v1/Lease.pkl
index 4b153a0..a758b83 100644
--- a/generated-package/api/coordination/v1/Lease.pkl
+++ b/generated-package/api/coordination/v1/Lease.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -68,4 +68,3 @@ class LeaseSpec {
/// If Coordinated Leader Election is used, the holder identity must be equal to the elected LeaseCandidate.metadata.name field.
holderIdentity: String?
}
-
diff --git a/generated-package/api/coordination/v1/LeaseList.pkl b/generated-package/api/coordination/v1/LeaseList.pkl
index e4a7bb4..e02d9c7 100644
--- a/generated-package/api/coordination/v1/LeaseList.pkl
+++ b/generated-package/api/coordination/v1/LeaseList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.coordination.v1.LeaseList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/coordination/v1/Lease.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "coordination.k8s.io/v1"
@@ -34,4 +34,3 @@ metadata: ListMeta?
/// items is a list of schema objects.
items: Listing
-
diff --git a/generated-package/api/coordination/v1alpha1/LeaseCandidate.pkl b/generated-package/api/coordination/v1alpha1/LeaseCandidate.pkl
index 6f89c52..b53bbb5 100644
--- a/generated-package/api/coordination/v1alpha1/LeaseCandidate.pkl
+++ b/generated-package/api/coordination/v1alpha1/LeaseCandidate.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -82,4 +82,3 @@ class LeaseCandidateSpec {
/// (Alpha) Using this field requires the CoordinatedLeaderElection feature gate to be enabled.
preferredStrategies: Listing
}
-
diff --git a/generated-package/api/coordination/v1alpha1/LeaseCandidateList.pkl b/generated-package/api/coordination/v1alpha1/LeaseCandidateList.pkl
index 7830ddb..9d383d8 100644
--- a/generated-package/api/coordination/v1alpha1/LeaseCandidateList.pkl
+++ b/generated-package/api/coordination/v1alpha1/LeaseCandidateList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.coordination.v1alpha1.LeaseCandidateList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/coordination/v1alpha1/LeaseCandidate.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "coordination.k8s.io/v1alpha1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// items is a list of schema objects.
items: Listing
-
diff --git a/generated-package/api/coordination/v1alpha2/LeaseCandidate.pkl b/generated-package/api/coordination/v1alpha2/LeaseCandidate.pkl
index cd251ae..432a3c9 100644
--- a/generated-package/api/coordination/v1alpha2/LeaseCandidate.pkl
+++ b/generated-package/api/coordination/v1alpha2/LeaseCandidate.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -74,7 +74,5 @@ class LeaseCandidateSpec {
///
/// If multiple candidates for the same Lease return different strategies, the strategy provided by the candidate with the latest BinaryVersion will be used.
/// If there is still conflict, this is a user error and coordinated leader election will not operate the Lease until resolved.
- /// (Alpha) Using this field requires the CoordinatedLeaderElection feature gate to be enabled.
strategy: String
}
-
diff --git a/generated-package/api/coordination/v1alpha2/LeaseCandidateList.pkl b/generated-package/api/coordination/v1alpha2/LeaseCandidateList.pkl
index 6703165..e3a08ad 100644
--- a/generated-package/api/coordination/v1alpha2/LeaseCandidateList.pkl
+++ b/generated-package/api/coordination/v1alpha2/LeaseCandidateList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.coordination.v1alpha2.LeaseCandidateList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/coordination/v1alpha2/LeaseCandidate.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "coordination.k8s.io/v1alpha2"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// items is a list of schema objects.
items: Listing
-
diff --git a/generated-package/api/coordination/v1beta1/Lease.pkl b/generated-package/api/coordination/v1beta1/Lease.pkl
index bb709e1..3794ff5 100644
--- a/generated-package/api/coordination/v1beta1/Lease.pkl
+++ b/generated-package/api/coordination/v1beta1/Lease.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -54,4 +54,3 @@ class LeaseSpec {
/// holderIdentity contains the identity of the holder of a current lease.
holderIdentity: String?
}
-
diff --git a/generated-package/api/coordination/v1beta1/LeaseCandidate.pkl b/generated-package/api/coordination/v1beta1/LeaseCandidate.pkl
new file mode 100644
index 0000000..3f9d237
--- /dev/null
+++ b/generated-package/api/coordination/v1beta1/LeaseCandidate.pkl
@@ -0,0 +1,80 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// LeaseCandidate defines a candidate for a Lease object.
+///
+/// Candidates are created such that coordinated leader election will pick the best leader from the list of candidates.
+@K8sVersion { introducedIn = "1.33" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.coordination.v1beta1.LeaseCandidate
+
+extends ".../K8sResource.pkl"
+
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
+
+fixed apiVersion: "coordination.k8s.io/v1beta1"
+
+fixed kind: "LeaseCandidate"
+
+/// More info:
+metadata: ObjectMeta?
+
+/// spec contains the specification of the Lease.
+///
+/// More info:
+spec: LeaseCandidateSpec?
+
+/// LeaseCandidateSpec is a specification of a Lease.
+class LeaseCandidateSpec {
+ /// RenewTime is the time that the LeaseCandidate was last updated.
+ ///
+ /// Any time a Lease needs to do leader election, the PingTime field is updated to signal to the LeaseCandidate that they should update the RenewTime.
+ /// Old LeaseCandidate objects are also garbage collected if it has been hours since the last renew.
+ /// The PingTime field is updated regularly to prevent garbage collection for still active LeaseCandidates.
+ renewTime: MicroTime?
+
+ /// BinaryVersion is the binary version.
+ ///
+ /// It must be in a semver format without leading `v`.
+ /// This field is required.
+ binaryVersion: String
+
+ /// EmulationVersion is the emulation version.
+ ///
+ /// It must be in a semver format without leading `v`.
+ /// EmulationVersion must be less than or equal to BinaryVersion.
+ /// This field is required when strategy is "OldestEmulationVersion"
+ emulationVersion: String?
+
+ /// PingTime is the last time that the server has requested the LeaseCandidate to renew.
+ ///
+ /// It is only done during leader election to check if any LeaseCandidates have become ineligible.
+ /// When PingTime is updated, the LeaseCandidate will respond by updating RenewTime.
+ pingTime: MicroTime?
+
+ /// LeaseName is the name of the lease for which this candidate is contending.
+ ///
+ /// The limits on this field are the same as on Lease.name.
+ /// Multiple lease candidates may reference the same Lease.name.
+ /// This field is immutable.
+ leaseName: String
+
+ /// Strategy is the strategy that coordinated leader election will use for picking the leader.
+ ///
+ /// If multiple candidates for the same Lease return different strategies, the strategy provided by the candidate with the latest BinaryVersion will be used.
+ /// If there is still conflict, this is a user error and coordinated leader election will not operate the Lease until resolved.
+ strategy: String
+}
diff --git a/generated-package/api/coordination/v1beta1/LeaseCandidateList.pkl b/generated-package/api/coordination/v1beta1/LeaseCandidateList.pkl
new file mode 100644
index 0000000..d2173a9
--- /dev/null
+++ b/generated-package/api/coordination/v1beta1/LeaseCandidateList.pkl
@@ -0,0 +1,37 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// LeaseCandidateList is a list of Lease objects.
+@K8sVersion { introducedIn = "1.33" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+open module k8s.api.coordination.v1beta1.LeaseCandidateList
+
+extends ".../K8sResource.pkl"
+
+import ".../api/coordination/v1beta1/LeaseCandidate.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
+
+fixed apiVersion: "coordination.k8s.io/v1beta1"
+
+fixed kind: "LeaseCandidateList"
+
+/// Standard list metadata.
+///
+/// More info:
+metadata: ListMeta?
+
+/// items is a list of schema objects.
+items: Listing
diff --git a/generated-package/api/coordination/v1beta1/LeaseList.pkl b/generated-package/api/coordination/v1beta1/LeaseList.pkl
index 4fc0d15..5a892e8 100644
--- a/generated-package/api/coordination/v1beta1/LeaseList.pkl
+++ b/generated-package/api/coordination/v1beta1/LeaseList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.coordination.v1beta1.LeaseList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/coordination/v1beta1/Lease.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "coordination.k8s.io/v1beta1"
@@ -35,4 +35,3 @@ metadata: ListMeta?
/// Items is a list of schema objects.
items: Listing
-
diff --git a/generated-package/api/core/v1/AWSElasticBlockStoreVolumeSource.pkl b/generated-package/api/core/v1/AWSElasticBlockStoreVolumeSource.pkl
index c384249..2e60a96 100644
--- a/generated-package/api/core/v1/AWSElasticBlockStoreVolumeSource.pkl
+++ b/generated-package/api/core/v1/AWSElasticBlockStoreVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -16,7 +16,7 @@
/// Represents a Persistent Disk resource in AWS.
///
-///
+///
/// An AWS EBS disk must exist before mounting to a container.
/// The disk must also be in the same AWS zone as the kubelet.
/// An AWS EBS disk can only be mounted as read/write once.
@@ -50,4 +50,3 @@ readOnly: Boolean?
/// Implicitly inferred to be "ext4" if unspecified.
/// More info:
fsType: String?
-
diff --git a/generated-package/api/core/v1/AppArmorProfile.pkl b/generated-package/api/core/v1/AppArmorProfile.pkl
index ea8031f..0908b50 100644
--- a/generated-package/api/core/v1/AppArmorProfile.pkl
+++ b/generated-package/api/core/v1/AppArmorProfile.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -35,4 +35,3 @@ localhostProfile: String?
/// RuntimeDefault - the container runtime's default profile.
/// Unconfined - no AppArmor enforcement.
type: String
-
diff --git a/generated-package/api/core/v1/AzureDiskVolumeSource.pkl b/generated-package/api/core/v1/AzureDiskVolumeSource.pkl
index 2e42c31..0525b89 100644
--- a/generated-package/api/core/v1/AzureDiskVolumeSource.pkl
+++ b/generated-package/api/core/v1/AzureDiskVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -45,4 +45,3 @@ diskURI: String
/// Ex. "ext4", "xfs", "ntfs".
/// Implicitly inferred to be "ext4" if unspecified.
fsType: String?
-
diff --git a/generated-package/api/core/v1/Binding.pkl b/generated-package/api/core/v1/Binding.pkl
index 66d18c6..3347c8c 100644
--- a/generated-package/api/core/v1/Binding.pkl
+++ b/generated-package/api/core/v1/Binding.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.Binding
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/ObjectReference.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "v1"
@@ -34,4 +34,3 @@ metadata: ObjectMeta?
/// The target object that you want to bind to the standard object.
target: ObjectReference
-
diff --git a/generated-package/api/core/v1/ComponentStatus.pkl b/generated-package/api/core/v1/ComponentStatus.pkl
index a7273fe..6a55303 100644
--- a/generated-package/api/core/v1/ComponentStatus.pkl
+++ b/generated-package/api/core/v1/ComponentStatus.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -52,11 +52,10 @@ class ComponentCondition {
/// Type of condition for a component.
///
/// Valid value: "Healthy"
- type: "Healthy"|String
+ type: "Healthy" | String
/// Status of the condition for a component.
///
/// Valid values for "Healthy": "True", "False", or "Unknown".
- status: String((type == "Healthy").implies(this is "True"|"False"|"Unknown"))
+ status: String((type == "Healthy").implies(this is "True" | "False" | "Unknown"))
}
-
diff --git a/generated-package/api/core/v1/ComponentStatusList.pkl b/generated-package/api/core/v1/ComponentStatusList.pkl
index 8bd66ab..681a2de 100644
--- a/generated-package/api/core/v1/ComponentStatusList.pkl
+++ b/generated-package/api/core/v1/ComponentStatusList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -23,8 +23,8 @@ open module k8s.api.core.v1.ComponentStatusList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/ComponentStatus.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -37,4 +37,3 @@ metadata: ListMeta?
/// List of ComponentStatus objects.
items: Listing
-
diff --git a/generated-package/api/core/v1/ConfigMap.pkl b/generated-package/api/core/v1/ConfigMap.pkl
index 027529f..bebfa4a 100644
--- a/generated-package/api/core/v1/ConfigMap.pkl
+++ b/generated-package/api/core/v1/ConfigMap.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -51,4 +51,3 @@ data: Mapping?
/// The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process.
/// Using this field will require 1.10+ apiserver and kubelet.
binaryData: Mapping?
-
diff --git a/generated-package/api/core/v1/ConfigMapList.pkl b/generated-package/api/core/v1/ConfigMapList.pkl
index d6dedd8..c3ce631 100644
--- a/generated-package/api/core/v1/ConfigMapList.pkl
+++ b/generated-package/api/core/v1/ConfigMapList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.ConfigMapList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/ConfigMap.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -32,4 +32,3 @@ metadata: ListMeta?
/// Items is the list of ConfigMaps.
items: Listing
-
diff --git a/generated-package/api/core/v1/ContainerPort.pkl b/generated-package/api/core/v1/ContainerPort.pkl
index f3bd7a8..5a2954f 100644
--- a/generated-package/api/core/v1/ContainerPort.pkl
+++ b/generated-package/api/core/v1/ContainerPort.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -24,7 +24,7 @@ extends ".../K8sObject.pkl"
///
/// Must be UDP, TCP, or SCTP.
/// Defaults to "TCP".
-protocol: ("UDP"|"TCP"|"SCTP")?
+protocol: ("UDP" | "TCP" | "SCTP")?
/// What host IP to bind the external port to.
hostIP: String?
@@ -46,4 +46,3 @@ containerPort: PortNumber
/// If HostNetwork is specified, this must match ContainerPort.
/// Most containers do not need this.
hostPort: PortNumber?
-
diff --git a/generated-package/api/core/v1/ContainerResizePolicy.pkl b/generated-package/api/core/v1/ContainerResizePolicy.pkl
index c467418..eca0981 100644
--- a/generated-package/api/core/v1/ContainerResizePolicy.pkl
+++ b/generated-package/api/core/v1/ContainerResizePolicy.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -30,4 +30,3 @@ resourceName: String
///
/// If not specified, it defaults to NotRequired.
restartPolicy: String
-
diff --git a/generated-package/api/core/v1/ContainerRestartRule.pkl b/generated-package/api/core/v1/ContainerRestartRule.pkl
new file mode 100644
index 0000000..a995a3a
--- /dev/null
+++ b/generated-package/api/core/v1/ContainerRestartRule.pkl
@@ -0,0 +1,46 @@
+//===----------------------------------------------------------------------===//
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//===----------------------------------------------------------------------===//
+
+/// ContainerRestartRule describes how a container exit is handled.
+@K8sVersion { introducedIn = "1.34" }
+@ModuleInfo { minPklVersion = "0.25.0" }
+module k8s.api.core.v1.ContainerRestartRule
+
+extends ".../K8sObject.pkl"
+
+/// Specifies the action taken on a container exit if the requirements are satisfied.
+///
+/// The only possible value is "Restart" to restart the container.
+action: String
+
+/// Represents the exit codes to check on container exits.
+exitCodes: ContainerRestartRuleOnExitCodes?
+
+/// ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes.
+class ContainerRestartRuleOnExitCodes {
+ /// Specifies the set of values to check for container exit codes.
+ ///
+ /// At most 255 elements are allowed.
+ values: Listing?
+
+ /// Represents the relationship between the container exit code(s) and the specified values.
+ ///
+ /// Possible values are: - In: the requirement is satisfied if the container exit code is in the
+ /// set of specified values.
+ /// - NotIn: the requirement is satisfied if the container exit code is
+ /// not in the set of specified values.
+ operator: String
+}
diff --git a/generated-package/api/core/v1/Endpoints.pkl b/generated-package/api/core/v1/Endpoints.pkl
index 896d28a..4ec1a05 100644
--- a/generated-package/api/core/v1/Endpoints.pkl
+++ b/generated-package/api/core/v1/Endpoints.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -17,7 +17,7 @@
/// Endpoints is a collection of endpoints that implement the actual service.
///
/// Example:
-///
+///
/// Name: "mysvc",
/// Subsets: [
/// {
@@ -29,13 +29,20 @@
/// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
/// },
/// ]
+///
+/// Endpoints is a legacy API and does not contain information about all Service features.
+/// Use discoveryv1.EndpointSlice for complete information about Service endpoints.
+///
+/// Deprecated: This API is deprecated in v1.33+.
+/// Use discoveryv1.EndpointSlice.
+@Deprecated
@ModuleInfo { minPklVersion = "0.25.0" }
open module k8s.api.core.v1.Endpoints
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/ObjectReference.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "v1"
@@ -58,16 +65,19 @@ subsets: Listing?
///
/// The expanded set of endpoints is the Cartesian product of Addresses x Ports.
/// For example, given:
-///
+///
/// {
/// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
/// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
/// }
-///
+///
/// The resulting set of endpoints can be viewed as:
-///
+///
/// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
/// b: [ 10.10.1.1:309, 10.10.2.2:309 ]
+///
+/// Deprecated: This API is deprecated in v1.33+.
+@Deprecated
class EndpointSubset {
/// IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.
notReadyAddresses: Listing?
@@ -82,6 +92,9 @@ class EndpointSubset {
}
/// EndpointAddress is a tuple that describes single IP address.
+///
+/// Deprecated: This API is deprecated in v1.33+.
+@Deprecated
class EndpointAddress {
/// Optional: Node hosting this endpoint.
///
@@ -101,12 +114,15 @@ class EndpointAddress {
}
/// EndpointPort is a tuple that describes a single port.
+///
+/// Deprecated: This API is deprecated in v1.33+.
+@Deprecated
class EndpointPort {
/// The IP protocol for this port.
///
/// Must be UDP, TCP, or SCTP.
/// Default is TCP.
- protocol: ("UDP"|"TCP"|"SCTP")?
+ protocol: ("UDP" | "TCP" | "SCTP")?
/// The port number of the endpoint.
port: PortNumber
@@ -116,14 +132,14 @@ class EndpointPort {
/// This is used as a hint for implementations to offer richer behavior for protocols that they understand.
/// This field follows standard Kubernetes label syntax.
/// Valid values are either:
- ///
+ ///
/// * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and
- ///
+ ///
/// * Kubernetes-defined prefixed names:
/// * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in
/// * 'kubernetes.io/ws' - WebSocket over cleartext as described in
/// * 'kubernetes.io/wss' - WebSocket over TLS as described in
- ///
+ ///
/// * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
appProtocol: String?
@@ -134,4 +150,3 @@ class EndpointPort {
/// Optional only if one port is defined.
name: Rfc1035Label?
}
-
diff --git a/generated-package/api/core/v1/EndpointsList.pkl b/generated-package/api/core/v1/EndpointsList.pkl
index 2bf6705..6934192 100644
--- a/generated-package/api/core/v1/EndpointsList.pkl
+++ b/generated-package/api/core/v1/EndpointsList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -15,13 +15,16 @@
//===----------------------------------------------------------------------===//
/// EndpointsList is a list of endpoints.
+///
+/// Deprecated: This API is deprecated in v1.33+.
+@Deprecated
@ModuleInfo { minPklVersion = "0.25.0" }
open module k8s.api.core.v1.EndpointsList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/Endpoints.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -34,4 +37,3 @@ metadata: ListMeta?
/// List of endpoints.
items: Listing
-
diff --git a/generated-package/api/core/v1/EnvFromSource.pkl b/generated-package/api/core/v1/EnvFromSource.pkl
index 5335a38..a060855 100644
--- a/generated-package/api/core/v1/EnvFromSource.pkl
+++ b/generated-package/api/core/v1/EnvFromSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@
// limitations under the License.
//===----------------------------------------------------------------------===//
-/// EnvFromSource represents the source of a set of ConfigMaps
+/// EnvFromSource represents the source of a set of ConfigMaps or Secrets
@ModuleInfo { minPklVersion = "0.25.0" }
module k8s.api.core.v1.EnvFromSource
@@ -23,9 +23,9 @@ extends ".../K8sObject.pkl"
/// The ConfigMap to select from
configMapRef: ConfigMapEnvSource?
-/// An optional identifier to prepend to each key in the ConfigMap.
+/// Optional text to prepend to the name of each environment variable.
///
-/// Must be a C_IDENTIFIER.
+/// May consist of any printable ASCII characters except '='.
prefix: String?
/// The Secret to select from
@@ -33,7 +33,7 @@ secretRef: SecretEnvSource?
/// ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
///
-///
+///
/// The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
class ConfigMapEnvSource {
/// Name of the referent.
@@ -49,7 +49,7 @@ class ConfigMapEnvSource {
/// SecretEnvSource selects a Secret to populate the environment variables with.
///
-///
+///
/// The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
class SecretEnvSource {
/// Name of the referent.
@@ -62,4 +62,3 @@ class SecretEnvSource {
/// Specify whether the Secret must be defined
optional: Boolean?
}
-
diff --git a/generated-package/api/core/v1/EnvVar.pkl b/generated-package/api/core/v1/EnvVar.pkl
index d2b9f66..3d07785 100644
--- a/generated-package/api/core/v1/EnvVar.pkl
+++ b/generated-package/api/core/v1/EnvVar.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,12 +20,12 @@ module k8s.api.core.v1.EnvVar
extends ".../K8sObject.pkl"
-import ".../api/core/v1/ResourceFieldSelector.pkl"
import ".../api/core/v1/ObjectFieldSelector.pkl"
+import ".../api/core/v1/ResourceFieldSelector.pkl"
/// Name of the environment variable.
///
-/// Must be a C_IDENTIFIER.
+/// May consist of any printable ASCII characters except '='.
name: String
/// Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables.
@@ -54,6 +54,12 @@ class EnvVarSource {
/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
fieldRef: ObjectFieldSelector?
+
+ /// FileKeyRef selects a key of the env file.
+ ///
+ /// Requires the EnvFiles feature gate to be enabled.
+ @K8sVersion { introducedIn = "1.34" }
+ fileKeyRef: FileKeySelector?
}
/// SecretKeySelector selects a key of a Secret.
@@ -90,3 +96,28 @@ class ConfigMapKeySelector {
key: String
}
+/// FileKeySelector selects a key of the env file.
+class FileKeySelector {
+ /// The path within the volume from which to select the file.
+ ///
+ /// Must be relative and may not contain the '..' path or start with '..'.
+ path: String
+
+ /// The name of the volume mount containing the env file.
+ volumeName: String
+
+ /// Specify whether the file or its key must be defined.
+ ///
+ /// If the file or key does not exist, then the env var is not published.
+ /// If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.
+ ///
+ /// If optional is set to false and the specified key does not exist, an error will be returned during Pod creation.
+ optional: Boolean?
+
+ /// The key within the env file.
+ ///
+ /// An invalid key will prevent the pod from starting.
+ /// The keys defined within a source may consist of any printable ASCII characters except '='.
+ /// During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ key: String
+}
diff --git a/generated-package/api/core/v1/EphemeralContainer.pkl b/generated-package/api/core/v1/EphemeralContainer.pkl
index 4864736..afe4ff9 100644
--- a/generated-package/api/core/v1/EphemeralContainer.pkl
+++ b/generated-package/api/core/v1/EphemeralContainer.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@
///
/// Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted.
/// The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.
-///
+///
/// To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod.
/// Ephemeral containers may not be removed or restarted.
@ModuleInfo { minPklVersion = "0.25.0" }
@@ -26,20 +26,27 @@ module k8s.api.core.v1.EphemeralContainer
extends ".../K8sObject.pkl"
-import ".../api/core/v1/VolumeDevice.pkl"
-import ".../api/core/v1/SecurityContext.pkl"
-import ".../api/core/v1/Probe.pkl"
import ".../api/core/v1/ContainerPort.pkl"
-import ".../api/core/v1/VolumeMount.pkl"
-import ".../api/core/v1/Lifecycle.pkl"
import ".../api/core/v1/ContainerResizePolicy.pkl"
+import ".../api/core/v1/ContainerRestartRule.pkl"
import ".../api/core/v1/EnvFromSource.pkl"
-import ".../api/core/v1/ResourceRequirements.pkl"
import ".../api/core/v1/EnvVar.pkl"
+import ".../api/core/v1/Lifecycle.pkl"
+import ".../api/core/v1/Probe.pkl"
+import ".../api/core/v1/ResourceRequirements.pkl"
+import ".../api/core/v1/SecurityContext.pkl"
+import ".../api/core/v1/VolumeDevice.pkl"
+import ".../api/core/v1/VolumeMount.pkl"
/// volumeDevices is the list of block devices to be used by the container.
volumeDevices: Listing?
+/// Represents a list of rules to be checked to determine if the container should be restarted on exit.
+///
+/// You cannot set this field on ephemeral containers.
+@K8sVersion { introducedIn = "1.34" }
+restartPolicyRules: Listing?
+
/// Whether this container should allocate a buffer for stdin in the container runtime.
///
/// If this is not set, reads from stdin in the container will always result in EOF.
@@ -84,8 +91,7 @@ resizePolicy: Listing?
/// List of sources to populate environment variables in the container.
///
-/// The keys defined within a source must be a C_IDENTIFIER.
-/// All invalid keys will be reported as an event when the container is starting.
+/// The keys defined within a source may consist of any printable ASCII characters except '='.
/// When a key exists in multiple sources, the value associated with the last source will take precedence.
/// Values defined by an Env with a duplicate key will take precedence.
/// Cannot be updated.
@@ -102,7 +108,7 @@ image: String?
/// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
/// Cannot be updated.
/// More info:
-imagePullPolicy: ("Always"|"Never"|"IfNotPresent")?
+imagePullPolicy: ("Always" | "Never" | "IfNotPresent")?
/// Probes are not allowed for ephemeral containers.
livenessProbe: Probe?
@@ -111,7 +117,7 @@ livenessProbe: Probe?
///
/// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
/// If not set then the ephemeral container uses the namespaces configured in the Pod spec.
-///
+///
/// The container runtime must implement support for this feature.
/// If the runtime does not support namespace targeting then the result of setting this field is undefined.
targetContainerName: String?
@@ -143,7 +149,6 @@ env: Listing?
/// Restart policy for the container to manage the restart behavior of each container within a pod.
///
-/// This may only be set for init containers.
/// You cannot set this field on ephemeral containers.
@K8sVersion { introducedIn = "1.28" }
restartPolicy: String?
@@ -188,4 +193,3 @@ tty: Boolean?
/// If this flag is false, a container processes that reads from stdin will never receive an EOF.
/// Default is false
stdinOnce: Boolean?
-
diff --git a/generated-package/api/core/v1/EphemeralContainers.pkl b/generated-package/api/core/v1/EphemeralContainers.pkl
index eec9956..479fd13 100644
--- a/generated-package/api/core/v1/EphemeralContainers.pkl
+++ b/generated-package/api/core/v1/EphemeralContainers.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,8 @@ open module k8s.api.core.v1.EphemeralContainers
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/EphemeralContainer.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "v1"
@@ -34,4 +34,3 @@ metadata: ObjectMeta?
///
/// New ephemeral containers may be appended to this list, but existing ephemeral containers may not be removed or modified.
ephemeralContainers: Listing
-
diff --git a/generated-package/api/core/v1/Event.pkl b/generated-package/api/core/v1/Event.pkl
index eec4953..989bcf7 100644
--- a/generated-package/api/core/v1/Event.pkl
+++ b/generated-package/api/core/v1/Event.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -24,9 +24,9 @@ open module k8s.api.core.v1.Event
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
-import ".../api/core/v1/ObjectReference.pkl"
import ".../api/core/v1/EventSource.pkl"
+import ".../api/core/v1/ObjectReference.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "v1"
@@ -91,4 +91,3 @@ class EventSeries {
/// Time of the last occurrence observed
lastObservedTime: MicroTime?
}
-
diff --git a/generated-package/api/core/v1/EventList.pkl b/generated-package/api/core/v1/EventList.pkl
index 4ed632d..fece018 100644
--- a/generated-package/api/core/v1/EventList.pkl
+++ b/generated-package/api/core/v1/EventList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.EventList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/Event.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -34,4 +34,3 @@ metadata: ListMeta?
/// List of events
items: Listing
-
diff --git a/generated-package/api/core/v1/EventSource.pkl b/generated-package/api/core/v1/EventSource.pkl
index 97df973..e256c63 100644
--- a/generated-package/api/core/v1/EventSource.pkl
+++ b/generated-package/api/core/v1/EventSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -25,4 +25,3 @@ component: String?
/// Node name on which the event is generated.
host: String?
-
diff --git a/generated-package/api/core/v1/ExecAction.pkl b/generated-package/api/core/v1/ExecAction.pkl
index c092c95..4cdad50 100644
--- a/generated-package/api/core/v1/ExecAction.pkl
+++ b/generated-package/api/core/v1/ExecAction.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -26,4 +26,3 @@ extends ".../K8sObject.pkl"
/// To use a shell, you need to explicitly call out to that shell.
/// Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
command: Listing?
-
diff --git a/generated-package/api/core/v1/FCVolumeSource.pkl b/generated-package/api/core/v1/FCVolumeSource.pkl
index 269cf5c..c3cf289 100644
--- a/generated-package/api/core/v1/FCVolumeSource.pkl
+++ b/generated-package/api/core/v1/FCVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -43,4 +43,3 @@ wwids: Listing?
/// Ex. "ext4", "xfs", "ntfs".
/// Implicitly inferred to be "ext4" if unspecified.
fsType: String?
-
diff --git a/generated-package/api/core/v1/FlockerVolumeSource.pkl b/generated-package/api/core/v1/FlockerVolumeSource.pkl
index 1bb7c87..ccd9d96 100644
--- a/generated-package/api/core/v1/FlockerVolumeSource.pkl
+++ b/generated-package/api/core/v1/FlockerVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -30,4 +30,3 @@ datasetName: String?((this != null).xor(datasetUUID != null))
///
/// This is unique identifier of a Flocker dataset
datasetUUID: String?
-
diff --git a/generated-package/api/core/v1/GCEPersistentDiskVolumeSource.pkl b/generated-package/api/core/v1/GCEPersistentDiskVolumeSource.pkl
index 2ed1367..5aa63e7 100644
--- a/generated-package/api/core/v1/GCEPersistentDiskVolumeSource.pkl
+++ b/generated-package/api/core/v1/GCEPersistentDiskVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -16,7 +16,7 @@
/// Represents a Persistent Disk resource in Google Compute Engine.
///
-///
+///
/// A GCE PD must exist before mounting to a container.
/// The disk must also be in the same GCE project and zone as the kubelet.
/// A GCE PD can only be mounted as read/write once or read-only many times.
@@ -53,4 +53,3 @@ pdName: String
/// Implicitly inferred to be "ext4" if unspecified.
/// More info:
fsType: String?
-
diff --git a/generated-package/api/core/v1/HTTPGetAction.pkl b/generated-package/api/core/v1/HTTPGetAction.pkl
index f4b0d46..717050c 100644
--- a/generated-package/api/core/v1/HTTPGetAction.pkl
+++ b/generated-package/api/core/v1/HTTPGetAction.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ scheme: String?
///
/// Number must be in the range 1 to 65535.
/// Name must be an IANA_SVC_NAME.
-port: PortNumber|PortName
+port: PortNumber | PortName
/// Host name to connect to, defaults to the pod IP.
///
@@ -54,4 +54,3 @@ class HTTPHeader {
/// The header field value
value: String
}
-
diff --git a/generated-package/api/core/v1/HostPathVolumeSource.pkl b/generated-package/api/core/v1/HostPathVolumeSource.pkl
index f2d33c5..52fd7e3 100644
--- a/generated-package/api/core/v1/HostPathVolumeSource.pkl
+++ b/generated-package/api/core/v1/HostPathVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -30,4 +30,3 @@ path: String
/// type for HostPath Volume Defaults to "" More info:
type: String?
-
diff --git a/generated-package/api/core/v1/Lifecycle.pkl b/generated-package/api/core/v1/Lifecycle.pkl
index 9cdaa8c..108eec9 100644
--- a/generated-package/api/core/v1/Lifecycle.pkl
+++ b/generated-package/api/core/v1/Lifecycle.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -22,9 +22,9 @@ module k8s.api.core.v1.Lifecycle
extends ".../K8sObject.pkl"
-import ".../api/core/v1/TCPSocketAction.pkl"
import ".../api/core/v1/ExecAction.pkl"
import ".../api/core/v1/HTTPGetAction.pkl"
+import ".../api/core/v1/TCPSocketAction.pkl"
/// PostStart is called immediately after a container is created.
///
@@ -42,6 +42,13 @@ postStart: LifecycleHandler?
/// More info:
preStop: LifecycleHandler?
+/// StopSignal defines which signal will be sent to a container when it is being stopped.
+///
+/// If not specified, the default is defined by the container runtime in use.
+/// StopSignal can only be set for Pods with a non-empty .spec.os.name
+@K8sVersion { introducedIn = "1.33" }
+stopSignal: String?
+
/// LifecycleHandler defines a specific action that should be taken in a lifecycle hook.
///
/// One and only one of the fields, except TCPSocket must be specified.
@@ -70,6 +77,8 @@ class SleepAction {
seconds: Int
}
-@Deprecated { message = "`Handler` has been renamed to [LifecycleHandler]."; replaceWith = "LifecycleHandler" }
+@Deprecated {
+ message = "`Handler` has been renamed to [LifecycleHandler]."
+ replaceWith = "LifecycleHandler"
+}
typealias Handler = LifecycleHandler
-
diff --git a/generated-package/api/core/v1/LimitRange.pkl b/generated-package/api/core/v1/LimitRange.pkl
index a2dae68..3421df5 100644
--- a/generated-package/api/core/v1/LimitRange.pkl
+++ b/generated-package/api/core/v1/LimitRange.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -62,4 +62,3 @@ class LimitRangeItem {
/// DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
defaultRequest: Mapping?
}
-
diff --git a/generated-package/api/core/v1/LimitRangeList.pkl b/generated-package/api/core/v1/LimitRangeList.pkl
index 0b3b47e..85477cb 100644
--- a/generated-package/api/core/v1/LimitRangeList.pkl
+++ b/generated-package/api/core/v1/LimitRangeList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.LimitRangeList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/LimitRange.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -36,4 +36,3 @@ metadata: ListMeta?
///
/// More info:
items: Listing
-
diff --git a/generated-package/api/core/v1/LoadBalancerStatus.pkl b/generated-package/api/core/v1/LoadBalancerStatus.pkl
index aa15252..595a954 100644
--- a/generated-package/api/core/v1/LoadBalancerStatus.pkl
+++ b/generated-package/api/core/v1/LoadBalancerStatus.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -49,7 +49,7 @@ class LoadBalancerIngress {
/// PortStatus represents the error condition of a service port
class PortStatus {
/// Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP"
- protocol: "UDP"|"TCP"|"SCTP"
+ protocol: "UDP" | "TCP" | "SCTP"
/// Port is the port number of the service port of which status is recorded here
port: Int32
@@ -61,4 +61,3 @@ class PortStatus {
/// format foo.example.com/CamelCase.
error: String?
}
-
diff --git a/generated-package/api/core/v1/LocalObjectReference.pkl b/generated-package/api/core/v1/LocalObjectReference.pkl
index 9718680..1289119 100644
--- a/generated-package/api/core/v1/LocalObjectReference.pkl
+++ b/generated-package/api/core/v1/LocalObjectReference.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -26,4 +26,3 @@ extends ".../K8sObject.pkl"
/// Instances of this type with an empty value here are almost certainly wrong.
/// More info:
name: String?
-
diff --git a/generated-package/api/core/v1/NFSVolumeSource.pkl b/generated-package/api/core/v1/NFSVolumeSource.pkl
index a859855..64ae9bc 100644
--- a/generated-package/api/core/v1/NFSVolumeSource.pkl
+++ b/generated-package/api/core/v1/NFSVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -37,4 +37,3 @@ server: String
/// Defaults to false.
/// More info:
readOnly: Boolean?
-
diff --git a/generated-package/api/core/v1/Namespace.pkl b/generated-package/api/core/v1/Namespace.pkl
index 35a5d33..02b0e1f 100644
--- a/generated-package/api/core/v1/Namespace.pkl
+++ b/generated-package/api/core/v1/Namespace.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -77,6 +77,5 @@ class NamespaceCondition {
type: String
/// Status of the condition, one of True, False, Unknown.
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
-
diff --git a/generated-package/api/core/v1/NamespaceList.pkl b/generated-package/api/core/v1/NamespaceList.pkl
index 83a9179..3d7982f 100644
--- a/generated-package/api/core/v1/NamespaceList.pkl
+++ b/generated-package/api/core/v1/NamespaceList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.NamespaceList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/Namespace.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -36,4 +36,3 @@ metadata: ListMeta?
///
/// More info:
items: Listing
-
diff --git a/generated-package/api/core/v1/Node.pkl b/generated-package/api/core/v1/Node.pkl
index 881a238..82aa815 100644
--- a/generated-package/api/core/v1/Node.pkl
+++ b/generated-package/api/core/v1/Node.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -86,15 +86,13 @@ class NodeSpec {
/// The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
class Taint {
/// TimeAdded represents the time at which the taint was added.
- ///
- /// It is only written for NoExecute taints.
timeAdded: Time?
/// Required.
///
/// The effect of the taint on pods that do not tolerate the taint.
/// Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
- effect: "NoSchedule"|"PreferNoSchedule"|"NoExecute"
+ effect: "NoSchedule" | "PreferNoSchedule" | "NoExecute"
/// The taint value corresponding to the taint key.
value: String
@@ -224,7 +222,7 @@ class NodeAddress {
address: String
/// Node address type, one of Hostname, ExternalIP or InternalIP.
- type: "ExternalDNS"|"ExternalIP"|"Hostname"|"InternalDNS"|"InternalIP"
+ type: "ExternalDNS" | "ExternalIP" | "Hostname" | "InternalDNS" | "InternalIP"
}
/// Describe a container image
@@ -284,6 +282,10 @@ class NodeSystemInfo {
/// Learn more from man(5) machine-id:
machineID: String
+ /// Swap Info reported by the node.
+ @K8sVersion { introducedIn = "1.33" }
+ swap: NodeSwapStatus?
+
/// Boot ID reported by the node.
bootID: String
@@ -316,6 +318,12 @@ class NodeSystemInfo {
osImage: String
}
+/// NodeSwapStatus represents swap memory information.
+class NodeSwapStatus {
+ /// Total amount of swap memory in bytes.
+ capacity: Int?
+}
+
/// NodeCondition contains condition information for a node.
class NodeCondition {
/// (brief) reason for the condition's last transition.
@@ -331,10 +339,10 @@ class NodeCondition {
message: String?
/// Type of node condition.
- type: "DiskPressure"|"MemoryPressure"|"NetworkUnavailable"|"PIDPressure"|"Ready"
+ type: "DiskPressure" | "MemoryPressure" | "NetworkUnavailable" | "PIDPressure" | "Ready"
/// Status of the condition, one of True, False, Unknown.
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
/// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
@@ -372,4 +380,3 @@ class NodeConfigStatus {
/// Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.
error: String?
}
-
diff --git a/generated-package/api/core/v1/NodeList.pkl b/generated-package/api/core/v1/NodeList.pkl
index 9cff8cb..31f1dce 100644
--- a/generated-package/api/core/v1/NodeList.pkl
+++ b/generated-package/api/core/v1/NodeList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.NodeList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/Node.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -34,4 +34,3 @@ metadata: ListMeta?
/// List of nodes
items: Listing
-
diff --git a/generated-package/api/core/v1/NodeSelector.pkl b/generated-package/api/core/v1/NodeSelector.pkl
index 4187eb4..5adaef4 100644
--- a/generated-package/api/core/v1/NodeSelector.pkl
+++ b/generated-package/api/core/v1/NodeSelector.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -27,4 +27,3 @@ import ".../api/core/v1/NodeSelectorTerm.pkl"
/// A list of node selector terms.
/// The terms are ORed.
nodeSelectorTerms: Listing
-
diff --git a/generated-package/api/core/v1/NodeSelectorTerm.pkl b/generated-package/api/core/v1/NodeSelectorTerm.pkl
index f84f096..e8fa6e6 100644
--- a/generated-package/api/core/v1/NodeSelectorTerm.pkl
+++ b/generated-package/api/core/v1/NodeSelectorTerm.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -48,4 +48,3 @@ class NodeSelectorRequirement {
/// Gt, and Lt.
operator: String
}
-
diff --git a/generated-package/api/core/v1/ObjectFieldSelector.pkl b/generated-package/api/core/v1/ObjectFieldSelector.pkl
index d8bfa10..fb61753 100644
--- a/generated-package/api/core/v1/ObjectFieldSelector.pkl
+++ b/generated-package/api/core/v1/ObjectFieldSelector.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -25,4 +25,3 @@ apiVersion: String?
/// Path of the field to select in the specified API version.
fieldPath: String
-
diff --git a/generated-package/api/core/v1/ObjectReference.pkl b/generated-package/api/core/v1/ObjectReference.pkl
index d0d0f3f..8e0d9ca 100644
--- a/generated-package/api/core/v1/ObjectReference.pkl
+++ b/generated-package/api/core/v1/ObjectReference.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -53,4 +53,3 @@ name: String?
///
/// More info:
namespace: String?
-
diff --git a/generated-package/api/core/v1/PersistentVolume.pkl b/generated-package/api/core/v1/PersistentVolume.pkl
index d1752d8..c6c9d08 100644
--- a/generated-package/api/core/v1/PersistentVolume.pkl
+++ b/generated-package/api/core/v1/PersistentVolume.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -23,8 +23,8 @@ open module k8s.api.core.v1.PersistentVolume
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/PersistentVolumeSpec.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "v1"
@@ -65,4 +65,3 @@ class PersistentVolumeStatus {
/// message is a human-readable message indicating details about why the volume is in this state.
message: String?
}
-
diff --git a/generated-package/api/core/v1/PersistentVolumeClaim.pkl b/generated-package/api/core/v1/PersistentVolumeClaim.pkl
index 9fb77ec..f5a7c49 100644
--- a/generated-package/api/core/v1/PersistentVolumeClaim.pkl
+++ b/generated-package/api/core/v1/PersistentVolumeClaim.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.PersistentVolumeClaim
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/PersistentVolumeClaimSpec.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "v1"
@@ -56,22 +56,22 @@ class PersistentVolumeClaimStatus {
/// - storage - the capacity of the volume.
/// * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
/// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
- ///
+ ///
/// Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested.
/// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
/// If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
/// If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.
- ///
+ ///
/// A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed.
/// For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
- ///
+ ///
/// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
@K8sVersion { introducedIn = "1.23" }
allocatedResources: Mapping?
/// currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
///
- /// When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
+ /// When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
@K8sVersion { introducedIn = "1.29" }
currentVolumeAttributesClassName: String?
@@ -83,7 +83,7 @@ class PersistentVolumeClaimStatus {
/// - storage - the capacity of the volume.
/// * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
/// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
- ///
+ ///
/// ClaimResourceStatus can be in any of following states:
/// - ControllerResizeInProgress:
/// State set when resize controller starts resizing the volume in control-plane.
@@ -105,10 +105,10 @@ class PersistentVolumeClaimStatus {
/// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
/// - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
/// When this field is not set, it means that no resize operation is in progress for the given PVC.
- ///
+ ///
/// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed.
/// For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
- ///
+ ///
/// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
@K8sVersion { introducedIn = "1.28" }
allocatedResourceStatuses: Mapping?
@@ -126,7 +126,6 @@ class PersistentVolumeClaimStatus {
/// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
///
/// When this is unset, there is no ModifyVolume operation being attempted.
- /// This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
@K8sVersion { introducedIn = "1.29" }
modifyVolumeStatus: ModifyVolumeStatus?
@@ -157,7 +156,7 @@ class PersistentVolumeClaimCondition {
/// Type is the type of the condition.
///
/// More info:
- type: "FileSystemResizePending"|"Resizing"
+ type: "FileSystemResizePending" | "Resizing"
/// lastProbeTime is the time we probed the condition.
lastProbeTime: Time?
@@ -190,4 +189,3 @@ class ModifyVolumeStatus {
/// Consumers should check for unknown statuses and fail appropriately.
status: String
}
-
diff --git a/generated-package/api/core/v1/PersistentVolumeClaimList.pkl b/generated-package/api/core/v1/PersistentVolumeClaimList.pkl
index e943e27..9960cb8 100644
--- a/generated-package/api/core/v1/PersistentVolumeClaimList.pkl
+++ b/generated-package/api/core/v1/PersistentVolumeClaimList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.PersistentVolumeClaimList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/PersistentVolumeClaim.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -36,4 +36,3 @@ metadata: ListMeta?
///
/// More info:
items: Listing
-
diff --git a/generated-package/api/core/v1/PersistentVolumeClaimSpec.pkl b/generated-package/api/core/v1/PersistentVolumeClaimSpec.pkl
index 5976bdd..2d5a864 100644
--- a/generated-package/api/core/v1/PersistentVolumeClaimSpec.pkl
+++ b/generated-package/api/core/v1/PersistentVolumeClaimSpec.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ module k8s.api.core.v1.PersistentVolumeClaimSpec
extends ".../K8sObject.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
import ".../api/core/v1/TypedLocalObjectReference.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
/// storageClassName is the name of the StorageClass required by the claim.
///
@@ -55,10 +55,10 @@ volumeName: String?
///
/// If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass.
/// This has a different purpose than storageClassName, it can be changed after the claim is created.
-/// An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
-/// If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists.
+/// An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim.
+/// If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification.
/// If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists.
-/// More info: (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
+/// More info:
@K8sVersion { introducedIn = "1.29" }
volumeAttributesClassName: String?
@@ -124,4 +124,3 @@ class VolumeResourceRequirements {
/// More info:
limits: Mapping?
}
-
diff --git a/generated-package/api/core/v1/PersistentVolumeList.pkl b/generated-package/api/core/v1/PersistentVolumeList.pkl
index bf9dbc2..3f18f71 100644
--- a/generated-package/api/core/v1/PersistentVolumeList.pkl
+++ b/generated-package/api/core/v1/PersistentVolumeList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.PersistentVolumeList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/PersistentVolume.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -36,4 +36,3 @@ metadata: ListMeta?
///
/// More info:
items: Listing
-
diff --git a/generated-package/api/core/v1/PersistentVolumeSpec.pkl b/generated-package/api/core/v1/PersistentVolumeSpec.pkl
index 6c189a9..2ff2484 100644
--- a/generated-package/api/core/v1/PersistentVolumeSpec.pkl
+++ b/generated-package/api/core/v1/PersistentVolumeSpec.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,19 +20,19 @@ module k8s.api.core.v1.PersistentVolumeSpec
extends ".../K8sObject.pkl"
-import ".../api/core/v1/ObjectReference.pkl"
-import ".../api/core/v1/QuobyteVolumeSource.pkl"
-import ".../api/core/v1/GCEPersistentDiskVolumeSource.pkl"
-import ".../api/core/v1/PhotonPersistentDiskVolumeSource.pkl"
-import ".../api/core/v1/AzureDiskVolumeSource.pkl"
import ".../api/core/v1/AWSElasticBlockStoreVolumeSource.pkl"
-import ".../api/core/v1/NodeSelector.pkl"
+import ".../api/core/v1/AzureDiskVolumeSource.pkl"
+import ".../api/core/v1/FCVolumeSource.pkl"
import ".../api/core/v1/FlockerVolumeSource.pkl"
+import ".../api/core/v1/GCEPersistentDiskVolumeSource.pkl"
+import ".../api/core/v1/HostPathVolumeSource.pkl"
import ".../api/core/v1/NFSVolumeSource.pkl"
+import ".../api/core/v1/NodeSelector.pkl"
+import ".../api/core/v1/ObjectReference.pkl"
+import ".../api/core/v1/PhotonPersistentDiskVolumeSource.pkl"
import ".../api/core/v1/PortworxVolumeSource.pkl"
+import ".../api/core/v1/QuobyteVolumeSource.pkl"
import ".../api/core/v1/VsphereVirtualDiskVolumeSource.pkl"
-import ".../api/core/v1/FCVolumeSource.pkl"
-import ".../api/core/v1/HostPathVolumeSource.pkl"
/// claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
///
@@ -67,7 +67,6 @@ flexVolume: FlexPersistentVolumeSource?
/// When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass.
/// This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class.
/// For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process.
-/// This is a beta field and requires enabling VolumeAttributesClass feature (off by default).
@K8sVersion { introducedIn = "1.29" }
volumeAttributesClassName: String?
@@ -203,7 +202,7 @@ nfs: NFSVolumeSource?
/// Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated).
/// Recycle must be supported by the volume plugin underlying this PersistentVolume.
/// More info:
-persistentVolumeReclaimPolicy: ("Retain"|"Delete"|"Recycle")?
+persistentVolumeReclaimPolicy: ("Retain" | "Delete" | "Recycle")?
/// portworxVolume represents a portworx volume attached and mounted on kubelets host machine.
///
@@ -630,4 +629,3 @@ class CSIPersistentVolumeSource {
/// volumeAttributes of the volume to publish.
volumeAttributes: Mapping?
}
-
diff --git a/generated-package/api/core/v1/PhotonPersistentDiskVolumeSource.pkl b/generated-package/api/core/v1/PhotonPersistentDiskVolumeSource.pkl
index 286076d..4d85b05 100644
--- a/generated-package/api/core/v1/PhotonPersistentDiskVolumeSource.pkl
+++ b/generated-package/api/core/v1/PhotonPersistentDiskVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -29,4 +29,3 @@ pdID: String
/// Ex. "ext4", "xfs", "ntfs".
/// Implicitly inferred to be "ext4" if unspecified.
fsType: String?
-
diff --git a/generated-package/api/core/v1/Pod.pkl b/generated-package/api/core/v1/Pod.pkl
index d542ea4..347d29c 100644
--- a/generated-package/api/core/v1/Pod.pkl
+++ b/generated-package/api/core/v1/Pod.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -22,9 +22,9 @@ open module k8s.api.core.v1.Pod
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/PodSpec.pkl"
import ".../api/core/v1/ResourceRequirements.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "v1"
@@ -56,7 +56,7 @@ class PodStatus {
///
/// The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status.
/// There are five possible phase values:
- ///
+ ///
/// Pending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created.
/// This includes time before being scheduled as well as time spent downloading images over the network, which could take a while.
/// Running: The pod has been bound to a node, and all of the containers have been created.
@@ -65,7 +65,7 @@ class PodStatus {
/// Failed: All containers in the pod have terminated, and at least one container has terminated in failure.
/// The container either exited with non-zero status or was terminated by the system.
/// Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.
- ///
+ ///
/// More info:
phase: String?
@@ -92,6 +92,10 @@ class PodStatus {
/// A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod
hostIP: String?
+ /// Status of extended resource claim backed by DRA.
+ @K8sVersion { introducedIn = "1.34" }
+ extendedResourceClaimStatus: PodExtendedResourceClaimStatus?
+
/// nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods.
///
/// This field does not guarantee that the pod will be scheduled on this node.
@@ -135,7 +139,10 @@ class PodStatus {
/// Status of resources resize desired for pod's containers.
///
/// It is empty if no resources resize is pending.
- /// Any changes to container resources will automatically set this to "Proposed"
+ /// Any changes to container resources will automatically set this to "Proposed" Deprecated: Resize status is moved to two pod conditions PodResizePending and PodResizeInProgress.
+ /// PodResizePending will track states where the spec has been resized, but the Kubelet has not yet allocated the resources.
+ /// PodResizeInProgress will track in-progress resizes, and should be present whenever allocated resources != acknowledged resources.
+ @Deprecated
@K8sVersion { introducedIn = "1.27" }
resize: String?
@@ -160,6 +167,13 @@ class PodStatus {
/// If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored.
/// More info:
initContainerStatuses: Listing?
+
+ /// If set, this represents the .metadata.generation that the pod status was set based upon.
+ ///
+ /// This is an alpha field.
+ /// Enable PodObservedGenerationTracking to be able to use this field.
+ @K8sVersion { introducedIn = "1.33" }
+ observedGeneration: Int?
}
/// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate.
@@ -233,7 +247,7 @@ class ContainerStatus {
///
/// The value will change as readiness probes keep executing.
/// If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).
- ///
+ ///
/// The value is typically used to determine whether a container is ready to accept traffic.
ready: Boolean
@@ -251,6 +265,10 @@ class ContainerStatus {
/// Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
containerID: String?
+ /// StopSignal reports the effective stop signal for this container
+ @K8sVersion { introducedIn = "1.33" }
+ stopSignal: String?
+
/// User represents user identity information initially attached to the first process of the container
@K8sVersion { introducedIn = "1.31" }
user: ContainerUser?
@@ -294,7 +312,7 @@ class ResourceHealth {
/// temporary and permanent issues.
/// - Unknown: The status cannot be determined.
/// For example, Device Plugin got unregistered and hasn't been re-registered since.
- ///
+ ///
/// In future we may want to introduce the PermanentlyUnhealthy Status.
health: String?
}
@@ -390,6 +408,29 @@ class LinuxContainerUser {
supplementalGroups: Listing?
}
+/// PodExtendedResourceClaimStatus is stored in the PodStatus for the extended resource requests backed by DRA.
+///
+/// It stores the generated name for the corresponding special ResourceClaim created by the scheduler.
+class PodExtendedResourceClaimStatus {
+ /// ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod.
+ resourceClaimName: String
+
+ /// RequestMappings identifies the mapping of to device request in the generated ResourceClaim.
+ requestMappings: Listing
+}
+
+/// ContainerExtendedResourceRequest has the mapping of container name, extended resource name to the device request name.
+class ContainerExtendedResourceRequest {
+ /// The name of the request in the special ResourceClaim which corresponds to the extended resource.
+ requestName: String
+
+ /// The name of the container requesting resources.
+ containerName: String
+
+ /// The name of the extended resource in that container which gets backed by DRA.
+ resourceName: String
+}
+
/// PodIP represents a single IP address allocated to the pod.
class PodIP {
/// IP is the IP address assigned to the pod
@@ -418,6 +459,13 @@ class PodCondition {
/// More info:
type: String
+ /// If set, this represents the .metadata.generation that the pod condition was set based upon.
+ ///
+ /// This is an alpha field.
+ /// Enable PodObservedGenerationTracking to be able to use this field.
+ @K8sVersion { introducedIn = "1.33" }
+ observedGeneration: Int?
+
/// Last time we probed the condition.
lastProbeTime: Time?
@@ -427,4 +475,3 @@ class PodCondition {
/// More info:
status: String
}
-
diff --git a/generated-package/api/core/v1/PodList.pkl b/generated-package/api/core/v1/PodList.pkl
index f40539a..57bf029 100644
--- a/generated-package/api/core/v1/PodList.pkl
+++ b/generated-package/api/core/v1/PodList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.PodList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/Pod.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -36,4 +36,3 @@ metadata: ListMeta?
///
/// More info:
items: Listing
-
diff --git a/generated-package/api/core/v1/PodSpec.pkl b/generated-package/api/core/v1/PodSpec.pkl
index 1ebec17..b325081 100644
--- a/generated-package/api/core/v1/PodSpec.pkl
+++ b/generated-package/api/core/v1/PodSpec.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,27 +20,28 @@ module k8s.api.core.v1.PodSpec
extends ".../K8sObject.pkl"
-import ".../api/core/v1/LocalObjectReference.pkl"
-import ".../api/core/v1/SELinuxOptions.pkl"
import ".../api/core/v1/AppArmorProfile.pkl"
-import ".../api/core/v1/SeccompProfile.pkl" as SeccompProfileModule
-import ".../api/core/v1/WindowsSecurityContextOptions.pkl" as WindowsSecurityContextOptionsModule
-import ".../api/core/v1/Toleration.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
-import ".../api/core/v1/Volume.pkl"
-import ".../api/core/v1/ResourceRequirements.pkl"
-import ".../api/core/v1/EphemeralContainer.pkl" as EphemeralContainerModule
-import ".../api/core/v1/VolumeDevice.pkl" as VolumeDeviceModule
-import ".../api/core/v1/Probe.pkl" as ProbeModule
-import ".../api/core/v1/SecurityContext.pkl" as SecurityContextModule
-import ".../api/core/v1/EnvVar.pkl"
import ".../api/core/v1/ContainerPort.pkl" as ContainerPortModule
-import ".../api/core/v1/VolumeMount.pkl"
-import ".../api/core/v1/Lifecycle.pkl" as LifecycleModule
import ".../api/core/v1/ContainerResizePolicy.pkl"
+import ".../api/core/v1/ContainerRestartRule.pkl"
import ".../api/core/v1/EnvFromSource.pkl"
+import ".../api/core/v1/EnvVar.pkl"
+import ".../api/core/v1/EphemeralContainer.pkl" as EphemeralContainerModule
+import ".../api/core/v1/Lifecycle.pkl" as LifecycleModule
+import ".../api/core/v1/LocalObjectReference.pkl"
import ".../api/core/v1/NodeSelector.pkl"
import ".../api/core/v1/NodeSelectorTerm.pkl"
+import ".../api/core/v1/Probe.pkl" as ProbeModule
+import ".../api/core/v1/ResourceRequirements.pkl"
+import ".../api/core/v1/SeccompProfile.pkl" as SeccompProfileModule
+import ".../api/core/v1/SecurityContext.pkl" as SecurityContextModule
+import ".../api/core/v1/SELinuxOptions.pkl"
+import ".../api/core/v1/Toleration.pkl"
+import ".../api/core/v1/Volume.pkl"
+import ".../api/core/v1/VolumeDevice.pkl" as VolumeDeviceModule
+import ".../api/core/v1/VolumeMount.pkl"
+import ".../api/core/v1/WindowsSecurityContextOptions.pkl" as WindowsSecurityContextOptionsModule
+import ".../apimachinery/pkg/apis/meta/v1/LabelSelector.pkl"
/// Set DNS policy for the pod.
///
@@ -48,7 +49,7 @@ import ".../api/core/v1/NodeSelectorTerm.pkl"
/// Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
/// DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
/// To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
-dnsPolicy: ("ClusterFirstWithHostNet"|"ClusterFirst"|"Default"|"None")?
+dnsPolicy: ("ClusterFirstWithHostNet" | "ClusterFirst" | "Default" | "None")?
/// NodeName indicates in which node this pod is scheduled.
///
@@ -77,7 +78,8 @@ dnsConfig: PodDNSConfig?
/// Host networking requested for this pod.
///
/// Use the host's network namespace.
-/// If this option is set, the ports that will be used must be specified.
+/// When using HostNetwork you should specify ports so the scheduler is aware.
+/// When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`.
/// Default to false.
hostNetwork: Boolean?
@@ -91,6 +93,19 @@ readinessGates: Listing?
/// More info:
serviceAccountName: String?
+/// HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod.
+///
+/// This field only specifies the pod's hostname and does not affect its DNS records.
+/// When this field is set to a non-empty string: - It takes precedence over the values set in `hostname` and `subdomain`.
+/// - The Pod's hostname will be set to this value.
+/// - `setHostnameAsFQDN` must be nil or set to false.
+/// - `hostNetwork` must be set to false.
+///
+/// This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters.
+/// Requires the HostnameOverride feature gate to be enabled.
+@K8sVersion { introducedIn = "1.34" }
+hostnameOverride: String?
+
/// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
///
/// If specified, these secrets will be passed to individual puller implementations for them to use.
@@ -117,7 +132,7 @@ securityContext: PodSecurityContext?
///
/// One of Never, PreemptLowerPriority.
/// Defaults to PreemptLowerPriority if unset.
-preemptionPolicy: ("Never"|"PreemptLowerPriority")?
+preemptionPolicy: ("Never" | "PreemptLowerPriority")?
/// NodeSelector is a selector which must be true for the pod to fit on a node.
///
@@ -144,7 +159,7 @@ automountServiceAccountToken: Boolean?
/// SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
///
/// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
-///
+///
/// SchedulingGates can only be set at pod creation time, and be removed only afterwards.
@K8sVersion { introducedIn = "1.26" }
schedulingGates: Listing?
@@ -162,10 +177,10 @@ activeDeadlineSeconds: Int?
/// Specifies the OS of the containers in the pod.
///
/// Some pod and container fields are restricted if this is set.
-///
+///
/// If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions
-///
-/// If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup
+///
+/// If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup
@K8sVersion { introducedIn = "1.23" }
os: PodOS?
@@ -209,11 +224,11 @@ volumes: Listing?
/// Resources is the total amount of CPU and Memory resources required by all containers in the pod.
///
-/// It supports specifying Requests and Limits for "cpu" and "memory" resource names only.
+/// It supports specifying Requests and Limits for "cpu", "memory" and "hugepages-" resource names only.
/// ResourceClaims are not supported.
-///
+///
/// This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod.
-///
+///
/// This is an alpha field and requires enabling the PodLevelResources feature gate.
@K8sVersion { introducedIn = "1.32" }
resources: ResourceRequirements?
@@ -245,7 +260,7 @@ priority: Int32?
/// In some contexts, only a subset of those values may be permitted.
/// Default to Always.
/// More info:
-restartPolicy: ("Always"|"OnFailure"|"Never")?
+restartPolicy: ("Always" | "OnFailure" | "Never")?
/// Share a single process namespace between all of the containers in a pod.
///
@@ -267,9 +282,9 @@ hostUsers: Boolean?
/// ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start.
///
/// The resources will be made available to those containers which consume them by name.
-///
+///
/// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
-///
+///
/// This field is immutable.
@K8sVersion { introducedIn = "1.26" }
resourceClaims: Listing?
@@ -292,7 +307,7 @@ containers: Listing
/// If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy.
/// The name for an init container or normal container must be unique among all containers.
/// Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
-/// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers.
+/// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers.
/// Limits are applied to init containers in a similar fashion.
/// Init containers cannot currently be added or removed.
/// Cannot be updated.
@@ -377,14 +392,14 @@ class PodSecurityContext {
/// A special supplemental group that applies to all containers in a pod.
///
/// Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- ///
+ ///
/// 1.
/// The owning GID will be the FSGroup
/// 2.
/// The setgid bit is set (new files created in the volume will be owned by FSGroup)
/// 3.
/// The permission bits are OR'd with rw-rw----
- ///
+ ///
/// If unset, the Kubelet will not modify the ownership and permissions of any volume.
/// Note that this field cannot be set when spec.os.name is windows.
fsGroup: Int?
@@ -396,28 +411,28 @@ class PodSecurityContext {
/// Valid values are "OnRootMismatch" and "Always".
/// If not specified, "Always" is used.
/// Note that this field cannot be set when spec.os.name is windows.
- fsGroupChangePolicy: ("OnRootMismatch"|"Always")?
+ fsGroupChangePolicy: ("OnRootMismatch" | "Always")?
/// seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
///
/// It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
/// Valid values are "MountOption" and "Recursive".
- ///
+ ///
/// "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
/// This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
- ///
+ ///
/// "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
/// This requires all Pods that share the same volume to use the same SELinux label.
/// It is not possible to share the same volume among privileged and unprivileged Pods.
/// Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance.
/// Other volumes are always re-labelled recursively.
/// "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
- ///
+ ///
/// If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
/// If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
- ///
+ ///
/// This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
- ///
+ ///
/// All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
/// Note that this field cannot be set when spec.os.name is windows.
@K8sVersion { introducedIn = "1.32" }
@@ -515,9 +530,8 @@ class TopologySpreadConstraint {
/// Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included.
/// - Ignore: node taints are ignored.
/// All nodes are included.
- ///
+ ///
/// If this value is nil, the behavior is equivalent to the Ignore policy.
- /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
@K8sVersion { introducedIn = "1.25" }
nodeTaintsPolicy: String?
@@ -550,9 +564,8 @@ class TopologySpreadConstraint {
/// Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
/// - Ignore: nodeAffinity/nodeSelector are ignored.
/// All nodes are included in the calculations.
- ///
+ ///
/// If this value is nil, the behavior is equivalent to the Honor policy.
- /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
@K8sVersion { introducedIn = "1.25" }
nodeAffinityPolicy: String?
@@ -569,7 +582,7 @@ class TopologySpreadConstraint {
/// If value is nil, the constraint behaves as if MinDomains is equal to 1.
/// Valid values are integers greater than 0.
/// When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
- ///
+ ///
/// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
/// In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
@K8sVersion { introducedIn = "1.24" }
@@ -593,7 +606,7 @@ class TopologySpreadConstraint {
/// MatchLabelKeys cannot be set when LabelSelector isn't set.
/// Keys that don't exist in the incoming pod labels will be ignored.
/// A null or empty list means only match against labelSelector.
- ///
+ ///
/// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
@K8sVersion { introducedIn = "1.25" }
matchLabelKeys: Listing?
@@ -601,13 +614,13 @@ class TopologySpreadConstraint {
/// PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.
///
-///
+///
/// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
/// Containers that need access to the ResourceClaim reference it with this name.
class PodResourceClaim {
/// ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
///
- ///
+ ///
/// Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set.
@K8sVersion { introducedIn = "1.31" }
resourceClaimName: String?
@@ -619,13 +632,13 @@ class PodResourceClaim {
/// ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
///
- ///
+ ///
/// The template will be used to create a new ResourceClaim, which will be bound to this pod.
/// When this pod is deleted, the ResourceClaim will also be deleted.
/// The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
- ///
+ ///
/// This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
- ///
+ ///
/// Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set.
@K8sVersion { introducedIn = "1.31" }
resourceClaimTemplateName: String?
@@ -637,7 +650,7 @@ class PodResourceClaim {
/// ClaimSource describes a reference to a ResourceClaim.
///
-///
+///
/// Exactly one of these fields should be set.
/// Consumers of this type must treat an empty object as if it has an unknown value.
class ClaimSource {
@@ -646,11 +659,11 @@ class ClaimSource {
/// ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
///
- ///
+ ///
/// The template will be used to create a new ResourceClaim, which will be bound to this pod.
/// When this pod is deleted, the ResourceClaim will also be deleted.
/// The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
- ///
+ ///
/// This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
resourceClaimTemplateName: String?
}
@@ -660,6 +673,86 @@ class Container {
/// volumeDevices is the list of block devices to be used by the container.
volumeDevices: Listing?
+ /// Represents a list of rules to be checked to determine if the container should be restarted on exit.
+ ///
+ /// The rules are evaluated in order.
+ /// Once a rule matches a container exit condition, the remaining rules are ignored.
+ /// If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not.
+ /// Constraints on the rules: - At most 20 rules are allowed.
+ /// - Rules can have the same action.
+ /// - Identical rules are not forbidden in validations.
+ /// When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
+ @K8sVersion { introducedIn = "1.34" }
+ restartPolicyRules: Listing?
+
+ /// Whether this container should allocate a buffer for stdin in the container runtime.
+ ///
+ /// If this is not set, reads from stdin in the container will always result in EOF.
+ /// Default is false.
+ stdin: Boolean?
+
+ /// Indicate how the termination message should be populated.
+ ///
+ /// File will use the contents of terminationMessagePath to populate the container status message on both success and failure.
+ /// FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error.
+ /// The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ /// Defaults to File.
+ /// Cannot be updated.
+ terminationMessagePolicy: String?
+
+ /// SecurityContext defines the security options the container should be run with.
+ ///
+ /// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ /// More info:
+ securityContext: SecurityContextModule?
+
+ /// StartupProbe indicates that the Pod has successfully initialized.
+ ///
+ /// If specified, no other probes are executed until this completes successfully.
+ /// If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ /// This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation.
+ /// This cannot be updated.
+ /// More info:
+ startupProbe: ProbeModule?
+
+ /// List of ports to expose from the container.
+ ///
+ /// Not specifying a port here DOES NOT prevent that port from being exposed.
+ /// Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network.
+ /// Modifying this array with strategic merge patch may corrupt the data.
+ /// For more information See
+ /// Cannot be updated.
+ ports: Listing(module.hasUniquePortNames(this))?
+
+ /// Pod volumes to mount into the container's filesystem.
+ ///
+ /// Cannot be updated.
+ volumeMounts: Listing?
+
+ /// Actions that the management system should take in response to container lifecycle events.
+ ///
+ /// Cannot be updated.
+ lifecycle: LifecycleModule?
+
+ /// Periodic probe of container service readiness.
+ ///
+ /// Container will be removed from service endpoints if the probe fails.
+ /// Cannot be updated.
+ /// More info:
+ readinessProbe: ProbeModule?
+
+ /// Resources resize policy for the container.
+ @K8sVersion { introducedIn = "1.27" }
+ resizePolicy: Listing?
+
+ /// List of sources to populate environment variables in the container.
+ ///
+ /// The keys defined within a source may consist of any printable ASCII characters except '='.
+ /// When a key exists in multiple sources, the value associated with the last source will take precedence.
+ /// Values defined by an Env with a duplicate key will take precedence.
+ /// Cannot be updated.
+ envFrom: Listing?
+
/// Container image name.
///
/// More info: This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
@@ -671,7 +764,7 @@ class Container {
/// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
/// Cannot be updated.
/// More info:
- imagePullPolicy: ("Always"|"Never"|"IfNotPresent")?
+ imagePullPolicy: ("Always" | "Never" | "IfNotPresent")?
/// Periodic probe of container liveness.
///
@@ -680,21 +773,6 @@ class Container {
/// More info:
livenessProbe: ProbeModule?
- /// Whether this container should allocate a buffer for stdin in the container runtime.
- ///
- /// If this is not set, reads from stdin in the container will always result in EOF.
- /// Default is false.
- stdin: Boolean?
-
- /// Indicate how the termination message should be populated.
- ///
- /// File will use the contents of terminationMessagePath to populate the container status message on both success and failure.
- /// FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error.
- /// The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- /// Defaults to File.
- /// Cannot be updated.
- terminationMessagePolicy: String?
-
/// Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem.
///
/// Message written is intended to be brief final status, such as an assertion failure message.
@@ -716,40 +794,16 @@ class Container {
/// More info:
resources: ResourceRequirements?
- /// SecurityContext defines the security options the container should be run with.
- ///
- /// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- /// More info:
- securityContext: SecurityContextModule?
-
- /// StartupProbe indicates that the Pod has successfully initialized.
- ///
- /// If specified, no other probes are executed until this completes successfully.
- /// If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
- /// This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation.
- /// This cannot be updated.
- /// More info:
- startupProbe: ProbeModule?
-
/// List of environment variables to set in the container.
///
/// Cannot be updated.
env: Listing?
- /// List of ports to expose from the container.
- ///
- /// Not specifying a port here DOES NOT prevent that port from being exposed.
- /// Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network.
- /// Modifying this array with strategic merge patch may corrupt the data.
- /// For more information See
- /// Cannot be updated.
- ports: Listing(module.hasUniquePortNames(this))?
-
/// RestartPolicy defines the restart behavior of individual containers in a pod.
///
- /// This field may only be set for init containers, and the only allowed value is "Always".
- /// For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type.
- /// Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated.
+ /// This overrides the pod-level restart policy.
+ /// When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type.
+ /// Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated.
/// Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down.
/// This lifecycle differs from normal init containers and is often referred to as a "sidecar" container.
/// Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container.
@@ -769,11 +823,6 @@ class Container {
/// More info:
command: Listing?
- /// Pod volumes to mount into the container's filesystem.
- ///
- /// Cannot be updated.
- volumeMounts: Listing?
-
/// Arguments to the entrypoint.
///
/// The container image's CMD is used if this is not provided.
@@ -785,11 +834,6 @@ class Container {
/// More info:
args: Listing?
- /// Actions that the management system should take in response to container lifecycle events.
- ///
- /// Cannot be updated.
- lifecycle: LifecycleModule?
-
/// Name of the container specified as a DNS_LABEL.
///
/// Each container in a pod must have a unique name (DNS_LABEL).
@@ -801,17 +845,6 @@ class Container {
/// Default is false.
tty: Boolean?
- /// Periodic probe of container service readiness.
- ///
- /// Container will be removed from service endpoints if the probe fails.
- /// Cannot be updated.
- /// More info:
- readinessProbe: ProbeModule?
-
- /// Resources resize policy for the container.
- @K8sVersion { introducedIn = "1.27" }
- resizePolicy: Listing?
-
/// Whether the container runtime should close the stdin channel after it has been opened by a single attach.
///
/// When stdin is true the stdin stream will remain open across multiple attach sessions.
@@ -819,15 +852,6 @@ class Container {
/// If this flag is false, a container processes that reads from stdin will never receive an EOF.
/// Default is false
stdinOnce: Boolean?
-
- /// List of sources to populate environment variables in the container.
- ///
- /// The keys defined within a source must be a C_IDENTIFIER.
- /// All invalid keys will be reported as an event when the container is starting.
- /// When a key exists in multiple sources, the value associated with the last source will take precedence.
- /// Values defined by an Env with a duplicate key will take precedence.
- /// Cannot be updated.
- envFrom: Listing?
}
/// Affinity is a group of affinity scheduling rules.
@@ -911,7 +935,6 @@ class PodAffinityTerm {
/// The default value is empty.
/// The same key is forbidden to exist in both matchLabelKeys and labelSelector.
/// Also, matchLabelKeys cannot be set when labelSelector isn't set.
- /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
@K8sVersion { introducedIn = "1.29" }
matchLabelKeys: Listing?
@@ -922,7 +945,6 @@ class PodAffinityTerm {
/// The default value is empty.
/// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
/// Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
@K8sVersion { introducedIn = "1.29" }
mismatchLabelKeys: Listing?
@@ -954,31 +976,51 @@ class PodAntiAffinity {
/// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
///
- /// The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+ /// The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
preferredDuringSchedulingIgnoredDuringExecution: Listing?
}
-@Deprecated { message = "`SeccompProfile` has been moved into its own module."; replaceWith = "SeccompProfileModule" }
+@Deprecated {
+ message = "`SeccompProfile` has been moved into its own module."
+ replaceWith = "SeccompProfileModule"
+}
typealias SeccompProfile = SeccompProfileModule
-@Deprecated { message = "`WindowsSecurityContextOptions` has been moved into its own module."; replaceWith = "WindowsSecurityContextOptionsModule" }
+@Deprecated {
+ message = "`WindowsSecurityContextOptions` has been moved into its own module."
+ replaceWith = "WindowsSecurityContextOptionsModule"
+}
typealias WindowsSecurityContextOptions = WindowsSecurityContextOptionsModule
-@Deprecated { message = "`EphemeralContainer` has been moved into its own module."; replaceWith = "EphemeralContainerModule" }
+@Deprecated {
+ message = "`EphemeralContainer` has been moved into its own module."
+ replaceWith = "EphemeralContainerModule"
+}
typealias EphemeralContainer = EphemeralContainerModule
-@Deprecated { message = "`VolumeDevice` has been moved into its own module."; replaceWith = "VolumeDeviceModule" }
+@Deprecated {
+ message = "`VolumeDevice` has been moved into its own module."
+ replaceWith = "VolumeDeviceModule"
+}
typealias VolumeDevice = VolumeDeviceModule
+@Deprecated {
+ message = "`SecurityContext` has been moved into its own module."
+ replaceWith = "SecurityContextModule"
+}
+typealias SecurityContext = SecurityContextModule
+
@Deprecated { message = "`Probe` has been moved into its own module."; replaceWith = "ProbeModule" }
typealias Probe = ProbeModule
-@Deprecated { message = "`SecurityContext` has been moved into its own module."; replaceWith = "SecurityContextModule" }
-typealias SecurityContext = SecurityContextModule
-
-@Deprecated { message = "`ContainerPort` has been moved into its own module."; replaceWith = "ContainerPortModule" }
+@Deprecated {
+ message = "`ContainerPort` has been moved into its own module."
+ replaceWith = "ContainerPortModule"
+}
typealias ContainerPort = ContainerPortModule
-@Deprecated { message = "`Lifecycle` has been moved into its own module."; replaceWith = "LifecycleModule" }
+@Deprecated {
+ message = "`Lifecycle` has been moved into its own module."
+ replaceWith = "LifecycleModule"
+}
typealias Lifecycle = LifecycleModule
-
diff --git a/generated-package/api/core/v1/PodTemplate.pkl b/generated-package/api/core/v1/PodTemplate.pkl
index bb0bc54..61b47ee 100644
--- a/generated-package/api/core/v1/PodTemplate.pkl
+++ b/generated-package/api/core/v1/PodTemplate.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -36,4 +36,3 @@ template: PodTemplateSpec?
///
/// More info:
metadata: ObjectMeta?
-
diff --git a/generated-package/api/core/v1/PodTemplateList.pkl b/generated-package/api/core/v1/PodTemplateList.pkl
index 7f1f725..e9c603c 100644
--- a/generated-package/api/core/v1/PodTemplateList.pkl
+++ b/generated-package/api/core/v1/PodTemplateList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.PodTemplateList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/PodTemplate.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -34,4 +34,3 @@ metadata: ListMeta?
/// List of pod templates
items: Listing
-
diff --git a/generated-package/api/core/v1/PodTemplateSpec.pkl b/generated-package/api/core/v1/PodTemplateSpec.pkl
index cf6869f..f90268d 100644
--- a/generated-package/api/core/v1/PodTemplateSpec.pkl
+++ b/generated-package/api/core/v1/PodTemplateSpec.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ module k8s.api.core.v1.PodTemplateSpec
extends ".../K8sObject.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/PodSpec.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
/// Standard object's metadata.
///
@@ -32,4 +32,3 @@ metadata: ObjectMeta?
///
/// More info:
spec: PodSpec?
-
diff --git a/generated-package/api/core/v1/PortworxVolumeSource.pkl b/generated-package/api/core/v1/PortworxVolumeSource.pkl
index d1e431a..a09f61e 100644
--- a/generated-package/api/core/v1/PortworxVolumeSource.pkl
+++ b/generated-package/api/core/v1/PortworxVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -33,4 +33,3 @@ readOnly: Boolean?
/// Ex. "ext4", "xfs".
/// Implicitly inferred to be "ext4" if unspecified.
fsType: String?
-
diff --git a/generated-package/api/core/v1/Probe.pkl b/generated-package/api/core/v1/Probe.pkl
index 07b60df..4b81997 100644
--- a/generated-package/api/core/v1/Probe.pkl
+++ b/generated-package/api/core/v1/Probe.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,9 +20,9 @@ module k8s.api.core.v1.Probe
extends ".../K8sObject.pkl"
-import ".../api/core/v1/TCPSocketAction.pkl"
import ".../api/core/v1/ExecAction.pkl"
import ".../api/core/v1/HTTPGetAction.pkl"
+import ".../api/core/v1/TCPSocketAction.pkl"
/// Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
///
@@ -91,8 +91,7 @@ class GRPCAction {
/// Service is the name of the service to place in the gRPC HealthCheckRequest (see
///
- ///
+ ///
/// If this is not specified, the default behavior is defined by gRPC.
service: String?
}
-
diff --git a/generated-package/api/core/v1/QuobyteVolumeSource.pkl b/generated-package/api/core/v1/QuobyteVolumeSource.pkl
index 4602544..0ed8b4f 100644
--- a/generated-package/api/core/v1/QuobyteVolumeSource.pkl
+++ b/generated-package/api/core/v1/QuobyteVolumeSource.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -41,4 +41,3 @@ tenant: String?
/// group to map volume access to Default is no group
group: String?
-
diff --git a/generated-package/api/core/v1/ReplicationController.pkl b/generated-package/api/core/v1/ReplicationController.pkl
index 0185877..4d10b88 100644
--- a/generated-package/api/core/v1/ReplicationController.pkl
+++ b/generated-package/api/core/v1/ReplicationController.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.ReplicationController
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/PodTemplateSpec.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "v1"
@@ -113,6 +113,5 @@ class ReplicationControllerCondition {
type: String
/// Status of the condition, one of True, False, Unknown.
- status: "True"|"False"|"Unknown"
+ status: "True" | "False" | "Unknown"
}
-
diff --git a/generated-package/api/core/v1/ReplicationControllerList.pkl b/generated-package/api/core/v1/ReplicationControllerList.pkl
index 6390e5e..534cb59 100644
--- a/generated-package/api/core/v1/ReplicationControllerList.pkl
+++ b/generated-package/api/core/v1/ReplicationControllerList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.ReplicationControllerList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/ReplicationController.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -36,4 +36,3 @@ metadata: ListMeta?
///
/// More info:
items: Listing
-
diff --git a/generated-package/api/core/v1/ResourceFieldSelector.pkl b/generated-package/api/core/v1/ResourceFieldSelector.pkl
index 0b0387b..55a6d94 100644
--- a/generated-package/api/core/v1/ResourceFieldSelector.pkl
+++ b/generated-package/api/core/v1/ResourceFieldSelector.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -28,4 +28,3 @@ resource: String
/// Container name: required for volumes, optional for env vars
containerName: String?
-
diff --git a/generated-package/api/core/v1/ResourceQuota.pkl b/generated-package/api/core/v1/ResourceQuota.pkl
index deeea17..f0cc6a4 100644
--- a/generated-package/api/core/v1/ResourceQuota.pkl
+++ b/generated-package/api/core/v1/ResourceQuota.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -68,7 +68,12 @@ class ScopeSelector {
/// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.
class ScopedResourceSelectorRequirement {
/// The name of the scope that the selector applies to.
- scopeName: "BestEffort"|"CrossNamespacePodAffinity"|"NotBestEffort"|"NotTerminating"|"PriorityClass"|"Terminating"
+ scopeName: "BestEffort"
+ | "CrossNamespacePodAffinity"
+ | "NotBestEffort"
+ | "NotTerminating"
+ | "PriorityClass"
+ | "Terminating"
/// An array of string values.
///
@@ -80,7 +85,7 @@ class ScopedResourceSelectorRequirement {
/// Represents a scope's relationship to a set of values.
///
/// Valid operators are In, NotIn, Exists, DoesNotExist.
- operator: "In"|"NotIn"|"Exists"|"DoesNotExist"
+ operator: "In" | "NotIn" | "Exists" | "DoesNotExist"
}
/// ResourceQuotaStatus defines the enforced hard limits and observed use.
@@ -93,4 +98,3 @@ class ResourceQuotaStatus {
/// Used is the current observed total usage of the resource in the namespace.
used: Mapping?
}
-
diff --git a/generated-package/api/core/v1/ResourceQuotaList.pkl b/generated-package/api/core/v1/ResourceQuotaList.pkl
index 7f5c68d..6ce8667 100644
--- a/generated-package/api/core/v1/ResourceQuotaList.pkl
+++ b/generated-package/api/core/v1/ResourceQuotaList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.ResourceQuotaList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/ResourceQuota.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -36,4 +36,3 @@ metadata: ListMeta?
///
/// More info:
items: Listing
-
diff --git a/generated-package/api/core/v1/ResourceRequirements.pkl b/generated-package/api/core/v1/ResourceRequirements.pkl
index 5525a51..7a370c2 100644
--- a/generated-package/api/core/v1/ResourceRequirements.pkl
+++ b/generated-package/api/core/v1/ResourceRequirements.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -22,9 +22,9 @@ extends ".../K8sObject.pkl"
/// Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
///
-///
-/// This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
-///
+///
+/// This field depends on the DynamicResourceAllocation feature gate.
+///
/// This field is immutable.
/// It can only be set for containers.
@K8sVersion { introducedIn = "1.26" }
@@ -55,4 +55,3 @@ class ResourceClaim {
/// It makes that resource available inside a container.
name: String
}
-
diff --git a/generated-package/api/core/v1/SELinuxOptions.pkl b/generated-package/api/core/v1/SELinuxOptions.pkl
index fd5f67b..0e01da2 100644
--- a/generated-package/api/core/v1/SELinuxOptions.pkl
+++ b/generated-package/api/core/v1/SELinuxOptions.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -31,4 +31,3 @@ type: String?
/// User is a SELinux user label that applies to the container.
user: String?
-
diff --git a/generated-package/api/core/v1/SeccompProfile.pkl b/generated-package/api/core/v1/SeccompProfile.pkl
index bb85e45..da1a076 100644
--- a/generated-package/api/core/v1/SeccompProfile.pkl
+++ b/generated-package/api/core/v1/SeccompProfile.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -33,9 +33,8 @@ localhostProfile: String(type is "Localhost")?
/// type indicates which kind of seccomp profile will be applied.
///
/// Valid options are:
-///
+///
/// Localhost - a profile defined in a file on the node should be used.
/// RuntimeDefault - the container runtime default profile should be used.
/// Unconfined - no profile should be applied.
-type: "Localhost"|"RuntimeDefault"|"Unconfined"
-
+type: "Localhost" | "RuntimeDefault" | "Unconfined"
diff --git a/generated-package/api/core/v1/Secret.pkl b/generated-package/api/core/v1/Secret.pkl
index 6bac280..22a084e 100644
--- a/generated-package/api/core/v1/Secret.pkl
+++ b/generated-package/api/core/v1/Secret.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -57,4 +57,3 @@ type: String?
/// All keys and values are merged into the data field on write, overwriting any existing values.
/// The stringData field is never output when reading from the API.
stringData: Mapping?
-
diff --git a/generated-package/api/core/v1/SecretList.pkl b/generated-package/api/core/v1/SecretList.pkl
index a3d8c76..2994aaf 100644
--- a/generated-package/api/core/v1/SecretList.pkl
+++ b/generated-package/api/core/v1/SecretList.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,8 +20,8 @@ open module k8s.api.core.v1.SecretList
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
import ".../api/core/v1/Secret.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ListMeta.pkl"
fixed apiVersion: "v1"
@@ -36,4 +36,3 @@ metadata: ListMeta?
///
/// More info:
items: Listing
-
diff --git a/generated-package/api/core/v1/SecurityContext.pkl b/generated-package/api/core/v1/SecurityContext.pkl
index 59f99ae..46ba9b0 100644
--- a/generated-package/api/core/v1/SecurityContext.pkl
+++ b/generated-package/api/core/v1/SecurityContext.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -23,9 +23,9 @@ module k8s.api.core.v1.SecurityContext
extends ".../K8sObject.pkl"
-import ".../api/core/v1/SELinuxOptions.pkl"
import ".../api/core/v1/AppArmorProfile.pkl"
import ".../api/core/v1/SeccompProfile.pkl"
+import ".../api/core/v1/SELinuxOptions.pkl"
import ".../api/core/v1/WindowsSecurityContextOptions.pkl"
/// Run container in privileged mode.
@@ -120,4 +120,3 @@ class Capabilities {
/// Removed capabilities
drop: Listing?
}
-
diff --git a/generated-package/api/core/v1/Service.pkl b/generated-package/api/core/v1/Service.pkl
index 27d05ac..c4b9661 100644
--- a/generated-package/api/core/v1/Service.pkl
+++ b/generated-package/api/core/v1/Service.pkl
@@ -1,5 +1,5 @@
//===----------------------------------------------------------------------===//
-// Copyright © 2024 Apple Inc. and the Pkl project authors. All rights reserved.
+// Copyright © 2024-2025 Apple Inc. and the Pkl project authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -20,9 +20,9 @@ open module k8s.api.core.v1.Service
extends ".../K8sResource.pkl"
-import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import ".../api/core/v1/LoadBalancerStatus.pkl"
import ".../apimachinery/pkg/apis/meta/v1/Condition.pkl"
+import ".../apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
fixed apiVersion: "v1"
@@ -58,7 +58,7 @@ class ServiceSpec {
/// This field will be wiped when updating a Service to type ExternalName.
/// If this field is not specified, it will be initialized from the clusterIP field.
/// If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value.
- ///
+ ///
/// This field may hold a maximum of two entries (dual-stack IPs, in either order).
/// These IPs must correspond to the values of the ipFamilies field.
/// Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
@@ -106,8 +106,7 @@ class ServiceSpec {
///
/// Implementations can use this field as a hint, but are not required to guarantee strict adherence.
/// If the field is not set, the implementation will apply its default routing strategy.
- /// If set to "PreferClose", implementations should prioritize endpoints that are topologically close (e.g., same zone).
- /// This is a beta field and requires enabling ServiceTrafficDistribution feature.
+ /// If set to "PreferClose", implementations should prioritize endpoints that are in the same zone.
@K8sVersion { introducedIn = "1.30" }
trafficDistribution: String?
@@ -123,7 +122,11 @@ class ServiceSpec {
/// The list of ports that are exposed by this service.
///
/// More info:
- ports: Listing(module.hasUniquePortNames(this), module.hasNonNullPortNames(this), !isEmpty)?
+ ports: Listing(
+ module.hasUniquePortNames(this),
+ module.hasNonNullPortNames(this),
+ !isEmpty
+ )?
/// type determines how the Service is exposed.
///
@@ -137,7 +140,7 @@ class ServiceSpec {
/// "ExternalName" aliases this service to the specified externalName.
/// Several other fields do not apply to ExternalName services.
/// More info:
- type: ("ExternalName"|"ClusterIP"|"NodePort"|"LoadBalancer")?
+ type: ("ExternalName" | "ClusterIP" | "NodePort" | "LoadBalancer")?
/// loadBalancerClass is the class of the load balancer implementation this Service belongs to.
///
@@ -164,7 +167,7 @@ class ServiceSpec {
/// Valid values are "IPv4" and "IPv6".
/// This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services.
/// This field will be wiped when updating a Service to type ExternalName.
- ///
+ ///
/// This field may hold a maximum of two entries (dual-stack families, in either order).
/// These families must correspond to the values of the clusterIPs field, if specified.
/// Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
@@ -231,7 +234,7 @@ class ServiceSpec {
/// If this field is specified when creating a Service of type ExternalName, creation will fail.
/// This field will be wiped when updating a Service to type ExternalName.
/// More info:
- clusterIP: ("None"|""|String)?
+ clusterIP: ("None" | "" | String)?
/// topologyKeys is a preference-order list of topology keys which implementations of services should use to preferentially sort endpoints when accessing this Service, it can not be used at the same time as externalTrafficPolicy=Local.
///
@@ -266,7 +269,7 @@ class ServicePort {
///
/// Supports "TCP", "UDP", and "SCTP".
/// Default is TCP.
- protocol: ("UDP"|"TCP"|"SCTP")?
+ protocol: ("UDP" | "TCP" | "SCTP")?
/// The port that will be exposed by this service.
port: PortNumber
@@ -276,14 +279,14 @@ class ServicePort {
/// This is used as a hint for implementations to offer richer behavior for protocols that they understand.
/// This field follows standard Kubernetes label syntax.
/// Valid values are either:
- ///
+ ///
/// * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and