From a90ba5d1c2d93c46c9c2f7eb42ef91de4f37fe0b Mon Sep 17 00:00:00 2001 From: Niklas Wagner Date: Sun, 2 Feb 2025 10:27:25 +0100 Subject: [PATCH] Update several CRD (#458) --- elbv2.k8s.aws/ingressclassparams_v1beta1.json | 64 ++- .../targetgroupbinding_v1alpha1.json | 22 +- elbv2.k8s.aws/targetgroupbinding_v1beta1.json | 36 +- extensions.istio.io/wasmplugin_v1alpha1.json | 170 +++++- networking.istio.io/destinationrule_v1.json | 543 ++++++++++++++++-- .../destinationrule_v1alpha3.json | 543 ++++++++++++++++-- .../destinationrule_v1beta1.json | 543 ++++++++++++++++-- networking.istio.io/envoyfilter_v1alpha3.json | 133 ++++- networking.istio.io/gateway_v1.json | 91 ++- networking.istio.io/gateway_v1alpha3.json | 91 ++- networking.istio.io/gateway_v1beta1.json | 91 ++- networking.istio.io/proxyconfig_v1beta1.json | 115 +++- networking.istio.io/serviceentry_v1.json | 210 ++++++- .../serviceentry_v1alpha3.json | 210 ++++++- networking.istio.io/serviceentry_v1beta1.json | 210 ++++++- networking.istio.io/sidecar_v1.json | 199 ++++++- networking.istio.io/sidecar_v1alpha3.json | 199 ++++++- networking.istio.io/sidecar_v1beta1.json | 199 ++++++- networking.istio.io/virtualservice_v1.json | 164 +++++- .../virtualservice_v1alpha3.json | 164 +++++- .../virtualservice_v1beta1.json | 164 +++++- networking.istio.io/workloadentry_v1.json | 138 ++++- .../workloadentry_v1alpha3.json | 138 ++++- .../workloadentry_v1beta1.json | 138 ++++- networking.istio.io/workloadgroup_v1.json | 172 +++++- .../workloadgroup_v1alpha3.json | 170 +++++- .../workloadgroup_v1beta1.json | 172 +++++- ...rconaservermongodb_v1.json:Zone.Identifier | 0 ...ervermongodbbackup_v1.json:Zone.Identifier | 0 ...rvermongodbrestore_v1.json:Zone.Identifier | 0 security.istio.io/authorizationpolicy_v1.json | 170 +++++- .../authorizationpolicy_v1beta1.json | 170 +++++- security.istio.io/peerauthentication_v1.json | 128 ++++- .../peerauthentication_v1beta1.json | 128 ++++- .../requestauthentication_v1.json | 217 ++++++- .../requestauthentication_v1beta1.json | 217 ++++++- telemetry.istio.io/telemetry_v1.json | 178 +++++- telemetry.istio.io/telemetry_v1alpha1.json | 178 +++++- velero.io/backuprepository_v1.json | 8 + vpcresources.k8s.aws/cninode_v1alpha1.json | 6 +- .../securitygrouppolicy_v1beta1.json | 26 +- 41 files changed, 6116 insertions(+), 399 deletions(-) delete mode 100644 psmdb.percona.com/perconaservermongodb_v1.json:Zone.Identifier delete mode 100644 psmdb.percona.com/perconaservermongodbbackup_v1.json:Zone.Identifier delete mode 100644 psmdb.percona.com/perconaservermongodbrestore_v1.json:Zone.Identifier diff --git a/elbv2.k8s.aws/ingressclassparams_v1beta1.json b/elbv2.k8s.aws/ingressclassparams_v1beta1.json index f73cf80a..d62b5ffb 100644 --- a/elbv2.k8s.aws/ingressclassparams_v1beta1.json +++ b/elbv2.k8s.aws/ingressclassparams_v1beta1.json @@ -2,11 +2,11 @@ "description": "IngressClassParams is the Schema for the IngressClassParams API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -52,6 +52,48 @@ ], "type": "string" }, + "listeners": { + "description": "Listeners define a list of listeners with their protocol, port and attributes.", + "items": { + "properties": { + "listenerAttributes": { + "description": "The attributes of the listener", + "items": { + "description": "Attributes defines custom attributes on resources.", + "properties": { + "key": { + "description": "The key of the attribute.", + "type": "string" + }, + "value": { + "description": "The value of the attribute.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "port": { + "description": "The port of the listener", + "format": "int32", + "type": "integer" + }, + "protocol": { + "description": "The protocol of the listener", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, "loadBalancerAttributes": { "description": "LoadBalancerAttributes define the custom attributes to LoadBalancers for all Ingress that that belong to IngressClass with this IngressClassParams.", "items": { @@ -76,27 +118,28 @@ "type": "array" }, "namespaceSelector": { - "description": "NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams. * if absent or present but empty, it selects all namespaces.", + "description": "NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams.\n* if absent or present but empty, it selects all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -106,13 +149,14 @@ "type": "object", "additionalProperties": false }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -152,7 +196,7 @@ }, "type": "array" }, - "description": "Tags specifies subnets in the load balancer's VPC where each tag specified in the map key contains one of the values in the corresponding value list. Exactly one of this or `ids` must be specified.", + "description": "Tags specifies subnets in the load balancer's VPC where each\ntag specified in the map key contains one of the values in the corresponding\nvalue list.\nExactly one of this or `ids` must be specified.", "type": "object" } }, diff --git a/elbv2.k8s.aws/targetgroupbinding_v1alpha1.json b/elbv2.k8s.aws/targetgroupbinding_v1alpha1.json index 0317ad23..bb8a2d40 100644 --- a/elbv2.k8s.aws/targetgroupbinding_v1alpha1.json +++ b/elbv2.k8s.aws/targetgroupbinding_v1alpha1.json @@ -2,11 +2,11 @@ "description": "TargetGroupBinding is the Schema for the TargetGroupBinding API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -15,6 +15,10 @@ "spec": { "description": "TargetGroupBindingSpec defines the desired state of TargetGroupBinding", "properties": { + "multiClusterTargetGroup": { + "description": "MultiClusterTargetGroup Denotes if the TargetGroup is shared among multiple clusters", + "type": "boolean" + }, "networking": { "description": "networking provides the networking setup for ELBV2 LoadBalancer to access targets in TargetGroup.", "properties": { @@ -23,15 +27,15 @@ "items": { "properties": { "from": { - "description": "List of peers which should be able to access the targets in TargetGroup. At least one NetworkingPeer should be specified.", + "description": "List of peers which should be able to access the targets in TargetGroup.\nAt least one NetworkingPeer should be specified.", "items": { "description": "NetworkingPeer defines the source/destination peer for networking rules.", "properties": { "ipBlock": { - "description": "IPBlock defines an IPBlock peer. If specified, none of the other fields can be set.", + "description": "IPBlock defines an IPBlock peer.\nIf specified, none of the other fields can be set.", "properties": { "cidr": { - "description": "CIDR is the network CIDR. Both IPV4 or IPV6 CIDR are accepted.", + "description": "CIDR is the network CIDR.\nBoth IPV4 or IPV6 CIDR are accepted.", "type": "string" } }, @@ -42,7 +46,7 @@ "additionalProperties": false }, "securityGroup": { - "description": "SecurityGroup defines a SecurityGroup peer. If specified, none of the other fields can be set.", + "description": "SecurityGroup defines a SecurityGroup peer.\nIf specified, none of the other fields can be set.", "properties": { "groupID": { "description": "GroupID is the EC2 SecurityGroupID.", @@ -62,7 +66,7 @@ "type": "array" }, "ports": { - "description": "List of ports which should be made accessible on the targets in TargetGroup. If ports is empty or unspecified, it defaults to all ports with TCP.", + "description": "List of ports which should be made accessible on the targets in TargetGroup.\nIf ports is empty or unspecified, it defaults to all ports with TCP.", "items": { "properties": { "port": { @@ -74,11 +78,11 @@ "type": "string" } ], - "description": "The port which traffic must match. When NodePort endpoints(instance TargetType) is used, this must be a numerical port. When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods. if port is unspecified, it defaults to all ports.", + "description": "The port which traffic must match.\nWhen NodePort endpoints(instance TargetType) is used, this must be a numerical port.\nWhen Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.\nif port is unspecified, it defaults to all ports.", "x-kubernetes-int-or-string": true }, "protocol": { - "description": "The protocol which traffic must match. If protocol is unspecified, it defaults to TCP.", + "description": "The protocol which traffic must match.\nIf protocol is unspecified, it defaults to TCP.", "enum": [ "TCP", "UDP" diff --git a/elbv2.k8s.aws/targetgroupbinding_v1beta1.json b/elbv2.k8s.aws/targetgroupbinding_v1beta1.json index 1dbe7e7a..3f27847c 100644 --- a/elbv2.k8s.aws/targetgroupbinding_v1beta1.json +++ b/elbv2.k8s.aws/targetgroupbinding_v1beta1.json @@ -2,11 +2,11 @@ "description": "TargetGroupBinding is the Schema for the TargetGroupBinding API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -23,6 +23,10 @@ ], "type": "string" }, + "multiClusterTargetGroup": { + "description": "MultiClusterTargetGroup Denotes if the TargetGroup is shared among multiple clusters", + "type": "boolean" + }, "networking": { "description": "networking defines the networking rules to allow ELBV2 LoadBalancer to access targets in TargetGroup.", "properties": { @@ -32,15 +36,15 @@ "description": "NetworkingIngressRule defines a particular set of traffic that is allowed to access TargetGroup's targets.", "properties": { "from": { - "description": "List of peers which should be able to access the targets in TargetGroup. At least one NetworkingPeer should be specified.", + "description": "List of peers which should be able to access the targets in TargetGroup.\nAt least one NetworkingPeer should be specified.", "items": { "description": "NetworkingPeer defines the source/destination peer for networking rules.", "properties": { "ipBlock": { - "description": "IPBlock defines an IPBlock peer. If specified, none of the other fields can be set.", + "description": "IPBlock defines an IPBlock peer.\nIf specified, none of the other fields can be set.", "properties": { "cidr": { - "description": "CIDR is the network CIDR. Both IPV4 or IPV6 CIDR are accepted.", + "description": "CIDR is the network CIDR.\nBoth IPV4 or IPV6 CIDR are accepted.", "type": "string" } }, @@ -51,7 +55,7 @@ "additionalProperties": false }, "securityGroup": { - "description": "SecurityGroup defines a SecurityGroup peer. If specified, none of the other fields can be set.", + "description": "SecurityGroup defines a SecurityGroup peer.\nIf specified, none of the other fields can be set.", "properties": { "groupID": { "description": "GroupID is the EC2 SecurityGroupID.", @@ -71,7 +75,7 @@ "type": "array" }, "ports": { - "description": "List of ports which should be made accessible on the targets in TargetGroup. If ports is empty or unspecified, it defaults to all ports with TCP.", + "description": "List of ports which should be made accessible on the targets in TargetGroup.\nIf ports is empty or unspecified, it defaults to all ports with TCP.", "items": { "description": "NetworkingPort defines the port and protocol for networking rules.", "properties": { @@ -84,11 +88,11 @@ "type": "string" } ], - "description": "The port which traffic must match. When NodePort endpoints(instance TargetType) is used, this must be a numerical port. When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods. if port is unspecified, it defaults to all ports.", + "description": "The port which traffic must match.\nWhen NodePort endpoints(instance TargetType) is used, this must be a numerical port.\nWhen Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.\nif port is unspecified, it defaults to all ports.", "x-kubernetes-int-or-string": true }, "protocol": { - "description": "The protocol which traffic must match. If protocol is unspecified, it defaults to TCP.", + "description": "The protocol which traffic must match.\nIf protocol is unspecified, it defaults to TCP.", "enum": [ "TCP", "UDP" @@ -121,22 +125,23 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -146,13 +151,14 @@ "type": "object", "additionalProperties": false }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, diff --git a/extensions.istio.io/wasmplugin_v1alpha1.json b/extensions.istio.io/wasmplugin_v1alpha1.json index b73c76aa..a24bec1a 100644 --- a/extensions.istio.io/wasmplugin_v1alpha1.json +++ b/extensions.istio.io/wasmplugin_v1alpha1.json @@ -100,10 +100,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -118,22 +136,45 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, "targetRefs": { @@ -142,24 +183,48 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, + "maxItems": 16, "type": "array" }, "type": { @@ -240,11 +305,106 @@ "url" ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or selector can be set", + "rule": "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "required": [ diff --git a/networking.istio.io/destinationrule_v1.json b/networking.istio.io/destinationrule_v1.json index 271c14af..99700fe8 100644 --- a/networking.istio.io/destinationrule_v1.json +++ b/networking.istio.io/destinationrule_v1.json @@ -58,7 +58,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -88,15 +94,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -108,7 +132,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -118,7 +148,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -385,9 +421,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -397,7 +472,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -426,7 +507,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -476,7 +563,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -506,15 +599,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -526,7 +637,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -536,7 +653,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -803,9 +926,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -815,7 +977,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -844,7 +1012,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -933,6 +1107,7 @@ "type": "object", "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "proxyProtocol": { @@ -1070,7 +1245,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -1100,15 +1281,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -1120,7 +1319,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -1130,7 +1335,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1397,9 +1608,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1409,7 +1659,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -1438,7 +1694,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -1488,7 +1750,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -1518,15 +1786,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -1538,7 +1824,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -1548,7 +1840,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1815,9 +2113,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1827,7 +2164,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -1856,7 +2199,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -1945,6 +2294,7 @@ "type": "object", "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "proxyProtocol": { @@ -2049,10 +2399,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -2066,8 +2434,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/destinationrule_v1alpha3.json b/networking.istio.io/destinationrule_v1alpha3.json index 271c14af..99700fe8 100644 --- a/networking.istio.io/destinationrule_v1alpha3.json +++ b/networking.istio.io/destinationrule_v1alpha3.json @@ -58,7 +58,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -88,15 +94,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -108,7 +132,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -118,7 +148,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -385,9 +421,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -397,7 +472,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -426,7 +507,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -476,7 +563,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -506,15 +599,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -526,7 +637,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -536,7 +653,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -803,9 +926,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -815,7 +977,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -844,7 +1012,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -933,6 +1107,7 @@ "type": "object", "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "proxyProtocol": { @@ -1070,7 +1245,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -1100,15 +1281,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -1120,7 +1319,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -1130,7 +1335,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1397,9 +1608,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1409,7 +1659,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -1438,7 +1694,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -1488,7 +1750,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -1518,15 +1786,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -1538,7 +1824,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -1548,7 +1840,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1815,9 +2113,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1827,7 +2164,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -1856,7 +2199,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -1945,6 +2294,7 @@ "type": "object", "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "proxyProtocol": { @@ -2049,10 +2399,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -2066,8 +2434,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/destinationrule_v1beta1.json b/networking.istio.io/destinationrule_v1beta1.json index 271c14af..99700fe8 100644 --- a/networking.istio.io/destinationrule_v1beta1.json +++ b/networking.istio.io/destinationrule_v1beta1.json @@ -58,7 +58,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -88,15 +94,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -108,7 +132,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -118,7 +148,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -385,9 +421,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -397,7 +472,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -426,7 +507,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -476,7 +563,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -506,15 +599,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -526,7 +637,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -536,7 +653,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -803,9 +926,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -815,7 +977,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -844,7 +1012,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -933,6 +1107,7 @@ "type": "object", "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "proxyProtocol": { @@ -1070,7 +1245,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -1100,15 +1281,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -1120,7 +1319,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -1130,7 +1335,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1397,9 +1608,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1409,7 +1659,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -1438,7 +1694,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -1488,7 +1750,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -1518,15 +1786,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -1538,7 +1824,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -1548,7 +1840,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1815,9 +2113,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1827,7 +2164,13 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", @@ -1856,7 +2199,13 @@ }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", @@ -1945,6 +2294,7 @@ "type": "object", "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "proxyProtocol": { @@ -2049,10 +2399,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -2066,8 +2434,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/envoyfilter_v1alpha3.json b/networking.istio.io/envoyfilter_v1alpha3.json index ebae7113..2744375e 100644 --- a/networking.istio.io/envoyfilter_v1alpha3.json +++ b/networking.istio.io/envoyfilter_v1alpha3.json @@ -308,24 +308,48 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, + "maxItems": 16, "type": "array" }, "workloadSelector": { @@ -333,9 +357,17 @@ "properties": { "labels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard is not supported in selector", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied.", + "maxProperties": 256, "type": "object" } }, @@ -344,11 +376,106 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or workloadSelector can be set", + "rule": "(has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/gateway_v1.json b/networking.istio.io/gateway_v1.json index 74cc9d1d..3a15f295 100644 --- a/networking.istio.io/gateway_v1.json +++ b/networking.istio.io/gateway_v1.json @@ -171,8 +171,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/gateway_v1alpha3.json b/networking.istio.io/gateway_v1alpha3.json index 74cc9d1d..3a15f295 100644 --- a/networking.istio.io/gateway_v1alpha3.json +++ b/networking.istio.io/gateway_v1alpha3.json @@ -171,8 +171,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/gateway_v1beta1.json b/networking.istio.io/gateway_v1beta1.json index 74cc9d1d..3a15f295 100644 --- a/networking.istio.io/gateway_v1beta1.json +++ b/networking.istio.io/gateway_v1beta1.json @@ -171,8 +171,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/proxyconfig_v1beta1.json b/networking.istio.io/proxyconfig_v1beta1.json index fb7a178f..c39955da 100644 --- a/networking.istio.io/proxyconfig_v1beta1.json +++ b/networking.istio.io/proxyconfig_v1beta1.json @@ -6,11 +6,13 @@ "concurrency": { "description": "The number of worker threads to run.", "format": "int32", + "minimum": 0, "nullable": true, "type": "integer" }, "environmentVariables": { "additionalProperties": { + "maxLength": 2048, "type": "string" }, "description": "Additional environment variables for the proxy.", @@ -32,10 +34,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -46,8 +66,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/serviceentry_v1.json b/networking.istio.io/serviceentry_v1.json index 61cdb6c5..729fbc62 100644 --- a/networking.istio.io/serviceentry_v1.json +++ b/networking.istio.io/serviceentry_v1.json @@ -6,8 +6,10 @@ "addresses": { "description": "The virtual IP addresses associated with the service.", "items": { + "maxLength": 64, "type": "string" }, + "maxItems": 256, "type": "array" }, "endpoints": { @@ -16,34 +18,62 @@ "properties": { "address": { "description": "Address associated with the network endpoint without the port.", - "type": "string" + "maxLength": 256, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "UDS must be an absolute path or abstract socket", + "rule": "self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + }, + { + "message": "UDS may not be a dir", + "rule": "self.startsWith('unix://') ? !self.endsWith('/') : true" + } + ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "One or more labels associated with the endpoint.", + "maxProperties": 256, "type": "object" }, "locality": { "description": "The locality associated with the endpoint.", + "maxLength": 2048, "type": "string" }, "network": { "description": "Network enables Istio to group endpoints resident in the same L3 domain/network.", + "maxLength": 2048, "type": "string" }, "ports": { "additionalProperties": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "description": "Set of ports associated with the endpoint.", - "type": "object" + "maxProperties": 128, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port name must be valid", + "rule": "self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" + } + ] }, "serviceAccount": { "description": "The service account associated with the workload if a sidecar is present in the workload.", + "maxLength": 253, "type": "string" }, "weight": { @@ -54,8 +84,19 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "Address is required", + "rule": "has(self.address) || has(self.network)" + }, + { + "message": "UDS may not include ports", + "rule": "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" + } + ], "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "exportTo": { @@ -68,8 +109,16 @@ "hosts": { "description": "The hosts associated with the ServiceEntry.", "items": { - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "hostname cannot be wildcard", + "rule": "self != '*'" + } + ] }, + "maxItems": 256, + "minItems": 1, "type": "array" }, "location": { @@ -86,23 +135,37 @@ "properties": { "name": { "description": "Label assigned to the port.", + "maxLength": 256, "type": "string" }, "number": { "description": "A valid non-negative integer port number.", "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "protocol": { "description": "The protocol exposed on the port.", + "maxLength": 256, "type": "string" }, "targetPort": { "description": "The port number on the endpoint where the traffic will be received.", "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] } }, "required": [ @@ -112,7 +175,18 @@ "type": "object", "additionalProperties": false }, - "type": "array" + "maxItems": 256, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "port number cannot be duplicated", + "rule": "self.all(l1, self.exists_one(l2, l1.number == l2.number))" + } + ] }, "resolution": { "description": "Service resolution mode for the hosts.\n\nValid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN", @@ -136,9 +210,17 @@ "properties": { "labels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard is not supported in selector", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied.", + "maxProperties": 256, "type": "object" } }, @@ -150,12 +232,122 @@ "hosts" ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of WorkloadSelector or Endpoints can be set", + "rule": "(has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1" + }, + { + "message": "CIDR addresses are allowed only for NONE/STATIC resolution types", + "rule": "!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution != 'NONE'))" + }, + { + "message": "NONE mode cannot set endpoints", + "rule": "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints) : true" + }, + { + "message": "DNS_ROUND_ROBIN mode cannot have multiple endpoints", + "rule": "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN') ? (!has(self.endpoints) || size(self.endpoints) == 1) : true" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, + "required": [ + "spec" + ], "type": "object" } diff --git a/networking.istio.io/serviceentry_v1alpha3.json b/networking.istio.io/serviceentry_v1alpha3.json index 61cdb6c5..729fbc62 100644 --- a/networking.istio.io/serviceentry_v1alpha3.json +++ b/networking.istio.io/serviceentry_v1alpha3.json @@ -6,8 +6,10 @@ "addresses": { "description": "The virtual IP addresses associated with the service.", "items": { + "maxLength": 64, "type": "string" }, + "maxItems": 256, "type": "array" }, "endpoints": { @@ -16,34 +18,62 @@ "properties": { "address": { "description": "Address associated with the network endpoint without the port.", - "type": "string" + "maxLength": 256, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "UDS must be an absolute path or abstract socket", + "rule": "self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + }, + { + "message": "UDS may not be a dir", + "rule": "self.startsWith('unix://') ? !self.endsWith('/') : true" + } + ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "One or more labels associated with the endpoint.", + "maxProperties": 256, "type": "object" }, "locality": { "description": "The locality associated with the endpoint.", + "maxLength": 2048, "type": "string" }, "network": { "description": "Network enables Istio to group endpoints resident in the same L3 domain/network.", + "maxLength": 2048, "type": "string" }, "ports": { "additionalProperties": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "description": "Set of ports associated with the endpoint.", - "type": "object" + "maxProperties": 128, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port name must be valid", + "rule": "self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" + } + ] }, "serviceAccount": { "description": "The service account associated with the workload if a sidecar is present in the workload.", + "maxLength": 253, "type": "string" }, "weight": { @@ -54,8 +84,19 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "Address is required", + "rule": "has(self.address) || has(self.network)" + }, + { + "message": "UDS may not include ports", + "rule": "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" + } + ], "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "exportTo": { @@ -68,8 +109,16 @@ "hosts": { "description": "The hosts associated with the ServiceEntry.", "items": { - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "hostname cannot be wildcard", + "rule": "self != '*'" + } + ] }, + "maxItems": 256, + "minItems": 1, "type": "array" }, "location": { @@ -86,23 +135,37 @@ "properties": { "name": { "description": "Label assigned to the port.", + "maxLength": 256, "type": "string" }, "number": { "description": "A valid non-negative integer port number.", "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "protocol": { "description": "The protocol exposed on the port.", + "maxLength": 256, "type": "string" }, "targetPort": { "description": "The port number on the endpoint where the traffic will be received.", "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] } }, "required": [ @@ -112,7 +175,18 @@ "type": "object", "additionalProperties": false }, - "type": "array" + "maxItems": 256, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "port number cannot be duplicated", + "rule": "self.all(l1, self.exists_one(l2, l1.number == l2.number))" + } + ] }, "resolution": { "description": "Service resolution mode for the hosts.\n\nValid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN", @@ -136,9 +210,17 @@ "properties": { "labels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard is not supported in selector", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied.", + "maxProperties": 256, "type": "object" } }, @@ -150,12 +232,122 @@ "hosts" ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of WorkloadSelector or Endpoints can be set", + "rule": "(has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1" + }, + { + "message": "CIDR addresses are allowed only for NONE/STATIC resolution types", + "rule": "!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution != 'NONE'))" + }, + { + "message": "NONE mode cannot set endpoints", + "rule": "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints) : true" + }, + { + "message": "DNS_ROUND_ROBIN mode cannot have multiple endpoints", + "rule": "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN') ? (!has(self.endpoints) || size(self.endpoints) == 1) : true" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, + "required": [ + "spec" + ], "type": "object" } diff --git a/networking.istio.io/serviceentry_v1beta1.json b/networking.istio.io/serviceentry_v1beta1.json index 61cdb6c5..729fbc62 100644 --- a/networking.istio.io/serviceentry_v1beta1.json +++ b/networking.istio.io/serviceentry_v1beta1.json @@ -6,8 +6,10 @@ "addresses": { "description": "The virtual IP addresses associated with the service.", "items": { + "maxLength": 64, "type": "string" }, + "maxItems": 256, "type": "array" }, "endpoints": { @@ -16,34 +18,62 @@ "properties": { "address": { "description": "Address associated with the network endpoint without the port.", - "type": "string" + "maxLength": 256, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "UDS must be an absolute path or abstract socket", + "rule": "self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + }, + { + "message": "UDS may not be a dir", + "rule": "self.startsWith('unix://') ? !self.endsWith('/') : true" + } + ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "One or more labels associated with the endpoint.", + "maxProperties": 256, "type": "object" }, "locality": { "description": "The locality associated with the endpoint.", + "maxLength": 2048, "type": "string" }, "network": { "description": "Network enables Istio to group endpoints resident in the same L3 domain/network.", + "maxLength": 2048, "type": "string" }, "ports": { "additionalProperties": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "description": "Set of ports associated with the endpoint.", - "type": "object" + "maxProperties": 128, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port name must be valid", + "rule": "self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" + } + ] }, "serviceAccount": { "description": "The service account associated with the workload if a sidecar is present in the workload.", + "maxLength": 253, "type": "string" }, "weight": { @@ -54,8 +84,19 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "Address is required", + "rule": "has(self.address) || has(self.network)" + }, + { + "message": "UDS may not include ports", + "rule": "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" + } + ], "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "exportTo": { @@ -68,8 +109,16 @@ "hosts": { "description": "The hosts associated with the ServiceEntry.", "items": { - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "hostname cannot be wildcard", + "rule": "self != '*'" + } + ] }, + "maxItems": 256, + "minItems": 1, "type": "array" }, "location": { @@ -86,23 +135,37 @@ "properties": { "name": { "description": "Label assigned to the port.", + "maxLength": 256, "type": "string" }, "number": { "description": "A valid non-negative integer port number.", "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "protocol": { "description": "The protocol exposed on the port.", + "maxLength": 256, "type": "string" }, "targetPort": { "description": "The port number on the endpoint where the traffic will be received.", "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] } }, "required": [ @@ -112,7 +175,18 @@ "type": "object", "additionalProperties": false }, - "type": "array" + "maxItems": 256, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-validations": [ + { + "message": "port number cannot be duplicated", + "rule": "self.all(l1, self.exists_one(l2, l1.number == l2.number))" + } + ] }, "resolution": { "description": "Service resolution mode for the hosts.\n\nValid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN", @@ -136,9 +210,17 @@ "properties": { "labels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard is not supported in selector", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied.", + "maxProperties": 256, "type": "object" } }, @@ -150,12 +232,122 @@ "hosts" ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of WorkloadSelector or Endpoints can be set", + "rule": "(has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1" + }, + { + "message": "CIDR addresses are allowed only for NONE/STATIC resolution types", + "rule": "!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution != 'NONE'))" + }, + { + "message": "NONE mode cannot set endpoints", + "rule": "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints) : true" + }, + { + "message": "DNS_ROUND_ROBIN mode cannot have multiple endpoints", + "rule": "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN') ? (!has(self.endpoints) || size(self.endpoints) == 1) : true" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, + "required": [ + "spec" + ], "type": "object" } diff --git a/networking.istio.io/sidecar_v1.json b/networking.istio.io/sidecar_v1.json index 38472543..bc1afd75 100644 --- a/networking.istio.io/sidecar_v1.json +++ b/networking.istio.io/sidecar_v1.json @@ -89,7 +89,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -119,15 +125,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -139,7 +163,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -149,7 +179,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -207,7 +243,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -237,15 +279,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -257,7 +317,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -267,7 +333,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -414,7 +486,7 @@ "type": "array" }, "outboundTrafficPolicy": { - "description": "Configuration for the outbound traffic policy.", + "description": "Set the default behavior of the sidecar for handling outbound traffic from the application.", "properties": { "egressProxy": { "properties": { @@ -462,9 +534,17 @@ "properties": { "labels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard is not supported in selector", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied.", + "maxProperties": 256, "type": "object" } }, @@ -476,8 +556,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/sidecar_v1alpha3.json b/networking.istio.io/sidecar_v1alpha3.json index 38472543..bc1afd75 100644 --- a/networking.istio.io/sidecar_v1alpha3.json +++ b/networking.istio.io/sidecar_v1alpha3.json @@ -89,7 +89,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -119,15 +125,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -139,7 +163,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -149,7 +179,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -207,7 +243,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -237,15 +279,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -257,7 +317,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -267,7 +333,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -414,7 +486,7 @@ "type": "array" }, "outboundTrafficPolicy": { - "description": "Configuration for the outbound traffic policy.", + "description": "Set the default behavior of the sidecar for handling outbound traffic from the application.", "properties": { "egressProxy": { "properties": { @@ -462,9 +534,17 @@ "properties": { "labels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard is not supported in selector", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied.", + "maxProperties": 256, "type": "object" } }, @@ -476,8 +556,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/sidecar_v1beta1.json b/networking.istio.io/sidecar_v1beta1.json index 38472543..bc1afd75 100644 --- a/networking.istio.io/sidecar_v1beta1.json +++ b/networking.istio.io/sidecar_v1beta1.json @@ -89,7 +89,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -119,15 +125,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -139,7 +163,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -149,7 +179,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -207,7 +243,13 @@ }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", @@ -237,15 +279,33 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -257,7 +317,13 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", @@ -267,7 +333,13 @@ }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -414,7 +486,7 @@ "type": "array" }, "outboundTrafficPolicy": { - "description": "Configuration for the outbound traffic policy.", + "description": "Set the default behavior of the sidecar for handling outbound traffic from the application.", "properties": { "egressProxy": { "properties": { @@ -462,9 +534,17 @@ "properties": { "labels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard is not supported in selector", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied.", + "maxProperties": 256, "type": "object" } }, @@ -476,8 +556,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/virtualservice_v1.json b/networking.istio.io/virtualservice_v1.json index 75847433..51127221 100644 --- a/networking.istio.io/virtualservice_v1.json +++ b/networking.istio.io/virtualservice_v1.json @@ -105,7 +105,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -123,6 +123,21 @@ }, "maxAge": { "description": "Specifies how long the results of a preflight request can be cached.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "unmatchedPreflights": { + "description": "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.\n\nValid Options: FORWARD, IGNORE", + "enum": [ + "UNSPECIFIED", + "FORWARD", + "IGNORE" + ], "type": "string" } }, @@ -306,11 +321,23 @@ ], "properties": { "exponentialDelay": { - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "fixedDelay": { "description": "Add a fixed delay before forwarding the request.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "percent": { "description": "Percentage of requests on which the delay will be injected (0-100).", @@ -395,7 +422,7 @@ "items": { "properties": { "authority": { - "description": "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -442,7 +469,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -504,7 +531,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -519,7 +546,7 @@ "type": "boolean" }, "method": { - "description": "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -566,7 +593,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -631,7 +658,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -642,7 +669,7 @@ "type": "object" }, "scheme": { - "description": "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -689,7 +716,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -712,7 +739,7 @@ "type": "string" }, "uri": { - "description": "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -759,7 +786,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -814,7 +841,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -1018,7 +1045,13 @@ }, "perTryTimeout": { "description": "Timeout per attempt for a given request, including the initial call and any retries.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "retryOn": { "description": "Specifies the conditions under which retry takes place.", @@ -1048,7 +1081,7 @@ "description": "rewrite the path portion of the URI with the specified regex.", "properties": { "match": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" }, "rewrite": { @@ -1167,7 +1200,13 @@ }, "timeout": { "description": "Timeout for HTTP requests, default is disabled.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1394,8 +1433,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/virtualservice_v1alpha3.json b/networking.istio.io/virtualservice_v1alpha3.json index 75847433..51127221 100644 --- a/networking.istio.io/virtualservice_v1alpha3.json +++ b/networking.istio.io/virtualservice_v1alpha3.json @@ -105,7 +105,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -123,6 +123,21 @@ }, "maxAge": { "description": "Specifies how long the results of a preflight request can be cached.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "unmatchedPreflights": { + "description": "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.\n\nValid Options: FORWARD, IGNORE", + "enum": [ + "UNSPECIFIED", + "FORWARD", + "IGNORE" + ], "type": "string" } }, @@ -306,11 +321,23 @@ ], "properties": { "exponentialDelay": { - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "fixedDelay": { "description": "Add a fixed delay before forwarding the request.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "percent": { "description": "Percentage of requests on which the delay will be injected (0-100).", @@ -395,7 +422,7 @@ "items": { "properties": { "authority": { - "description": "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -442,7 +469,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -504,7 +531,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -519,7 +546,7 @@ "type": "boolean" }, "method": { - "description": "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -566,7 +593,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -631,7 +658,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -642,7 +669,7 @@ "type": "object" }, "scheme": { - "description": "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -689,7 +716,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -712,7 +739,7 @@ "type": "string" }, "uri": { - "description": "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -759,7 +786,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -814,7 +841,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -1018,7 +1045,13 @@ }, "perTryTimeout": { "description": "Timeout per attempt for a given request, including the initial call and any retries.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "retryOn": { "description": "Specifies the conditions under which retry takes place.", @@ -1048,7 +1081,7 @@ "description": "rewrite the path portion of the URI with the specified regex.", "properties": { "match": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" }, "rewrite": { @@ -1167,7 +1200,13 @@ }, "timeout": { "description": "Timeout for HTTP requests, default is disabled.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1394,8 +1433,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/virtualservice_v1beta1.json b/networking.istio.io/virtualservice_v1beta1.json index 75847433..51127221 100644 --- a/networking.istio.io/virtualservice_v1beta1.json +++ b/networking.istio.io/virtualservice_v1beta1.json @@ -105,7 +105,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -123,6 +123,21 @@ }, "maxAge": { "description": "Specifies how long the results of a preflight request can be cached.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "unmatchedPreflights": { + "description": "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.\n\nValid Options: FORWARD, IGNORE", + "enum": [ + "UNSPECIFIED", + "FORWARD", + "IGNORE" + ], "type": "string" } }, @@ -306,11 +321,23 @@ ], "properties": { "exponentialDelay": { - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "fixedDelay": { "description": "Add a fixed delay before forwarding the request.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "percent": { "description": "Percentage of requests on which the delay will be injected (0-100).", @@ -395,7 +422,7 @@ "items": { "properties": { "authority": { - "description": "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "HTTP Authority values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -442,7 +469,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -504,7 +531,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -519,7 +546,7 @@ "type": "boolean" }, "method": { - "description": "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "HTTP Method values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -566,7 +593,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -631,7 +658,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -642,7 +669,7 @@ "type": "object" }, "scheme": { - "description": "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "URI Scheme values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -689,7 +716,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -712,7 +739,7 @@ "type": "string" }, "uri": { - "description": "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "URI to match values are case-sensitive and formatted as follows: - `exact: \"value\"` for exact string match - `prefix: \"value\"` for prefix-based match - `regex: \"value\"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "oneOf": [ { "not": { @@ -759,7 +786,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -814,7 +841,7 @@ "type": "string" }, "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" } }, @@ -1018,7 +1045,13 @@ }, "perTryTimeout": { "description": "Timeout per attempt for a given request, including the initial call and any retries.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "retryOn": { "description": "Specifies the conditions under which retry takes place.", @@ -1048,7 +1081,7 @@ "description": "rewrite the path portion of the URI with the specified regex.", "properties": { "match": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", + "description": "[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).", "type": "string" }, "rewrite": { @@ -1167,7 +1200,13 @@ }, "timeout": { "description": "Timeout for HTTP requests, default is disabled.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1394,8 +1433,97 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/networking.istio.io/workloadentry_v1.json b/networking.istio.io/workloadentry_v1.json index 225a1d36..62120376 100644 --- a/networking.istio.io/workloadentry_v1.json +++ b/networking.istio.io/workloadentry_v1.json @@ -5,34 +5,62 @@ "properties": { "address": { "description": "Address associated with the network endpoint without the port.", - "type": "string" + "maxLength": 256, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "UDS must be an absolute path or abstract socket", + "rule": "self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + }, + { + "message": "UDS may not be a dir", + "rule": "self.startsWith('unix://') ? !self.endsWith('/') : true" + } + ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "One or more labels associated with the endpoint.", + "maxProperties": 256, "type": "object" }, "locality": { "description": "The locality associated with the endpoint.", + "maxLength": 2048, "type": "string" }, "network": { "description": "Network enables Istio to group endpoints resident in the same L3 domain/network.", + "maxLength": 2048, "type": "string" }, "ports": { "additionalProperties": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "description": "Set of ports associated with the endpoint.", - "type": "object" + "maxProperties": 128, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port name must be valid", + "rule": "self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" + } + ] }, "serviceAccount": { "description": "The service account associated with the workload if a sidecar is present in the workload.", + "maxLength": 253, "type": "string" }, "weight": { @@ -43,12 +71,114 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "Address is required", + "rule": "has(self.address) || has(self.network)" + }, + { + "message": "UDS may not include ports", + "rule": "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, + "required": [ + "spec" + ], "type": "object" } diff --git a/networking.istio.io/workloadentry_v1alpha3.json b/networking.istio.io/workloadentry_v1alpha3.json index 225a1d36..62120376 100644 --- a/networking.istio.io/workloadentry_v1alpha3.json +++ b/networking.istio.io/workloadentry_v1alpha3.json @@ -5,34 +5,62 @@ "properties": { "address": { "description": "Address associated with the network endpoint without the port.", - "type": "string" + "maxLength": 256, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "UDS must be an absolute path or abstract socket", + "rule": "self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + }, + { + "message": "UDS may not be a dir", + "rule": "self.startsWith('unix://') ? !self.endsWith('/') : true" + } + ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "One or more labels associated with the endpoint.", + "maxProperties": 256, "type": "object" }, "locality": { "description": "The locality associated with the endpoint.", + "maxLength": 2048, "type": "string" }, "network": { "description": "Network enables Istio to group endpoints resident in the same L3 domain/network.", + "maxLength": 2048, "type": "string" }, "ports": { "additionalProperties": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "description": "Set of ports associated with the endpoint.", - "type": "object" + "maxProperties": 128, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port name must be valid", + "rule": "self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" + } + ] }, "serviceAccount": { "description": "The service account associated with the workload if a sidecar is present in the workload.", + "maxLength": 253, "type": "string" }, "weight": { @@ -43,12 +71,114 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "Address is required", + "rule": "has(self.address) || has(self.network)" + }, + { + "message": "UDS may not include ports", + "rule": "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, + "required": [ + "spec" + ], "type": "object" } diff --git a/networking.istio.io/workloadentry_v1beta1.json b/networking.istio.io/workloadentry_v1beta1.json index 225a1d36..62120376 100644 --- a/networking.istio.io/workloadentry_v1beta1.json +++ b/networking.istio.io/workloadentry_v1beta1.json @@ -5,34 +5,62 @@ "properties": { "address": { "description": "Address associated with the network endpoint without the port.", - "type": "string" + "maxLength": 256, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "UDS must be an absolute path or abstract socket", + "rule": "self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + }, + { + "message": "UDS may not be a dir", + "rule": "self.startsWith('unix://') ? !self.endsWith('/') : true" + } + ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "One or more labels associated with the endpoint.", + "maxProperties": 256, "type": "object" }, "locality": { "description": "The locality associated with the endpoint.", + "maxLength": 2048, "type": "string" }, "network": { "description": "Network enables Istio to group endpoints resident in the same L3 domain/network.", + "maxLength": 2048, "type": "string" }, "ports": { "additionalProperties": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "description": "Set of ports associated with the endpoint.", - "type": "object" + "maxProperties": 128, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port name must be valid", + "rule": "self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" + } + ] }, "serviceAccount": { "description": "The service account associated with the workload if a sidecar is present in the workload.", + "maxLength": 253, "type": "string" }, "weight": { @@ -43,12 +71,114 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "Address is required", + "rule": "has(self.address) || has(self.network)" + }, + { + "message": "UDS may not include ports", + "rule": "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, + "required": [ + "spec" + ], "type": "object" } diff --git a/networking.istio.io/workloadgroup_v1.json b/networking.istio.io/workloadgroup_v1.json index 68ad839b..066b00c6 100644 --- a/networking.istio.io/workloadgroup_v1.json +++ b/networking.istio.io/workloadgroup_v1.json @@ -1,7 +1,7 @@ { "properties": { "spec": { - "description": "`WorkloadGroup` enables specifying the properties of a single workload for bootstrap and provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties of workloads via `Pod` templates.", + "description": "Describes a collection of workload instances. See more details at: https://istio.io/docs/reference/config/networking/workload-group.html", "properties": { "metadata": { "description": "Metadata that will be used for all corresponding `WorkloadEntries`.", @@ -10,12 +10,14 @@ "additionalProperties": { "type": "string" }, + "maxProperties": 256, "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, + "maxProperties": 256, "type": "object" } }, @@ -69,17 +71,22 @@ "command": { "description": "Command to run.", "items": { + "minLength": 1, "type": "string" }, "type": "array" } }, + "required": [ + "command" + ], "type": "object", "additionalProperties": false }, "failureThreshold": { "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.", "format": "int32", + "minimum": 0, "type": "integer" }, "httpGet": { @@ -94,6 +101,7 @@ "items": { "properties": { "name": { + "pattern": "^[-_A-Za-z0-9]+$", "type": "string" }, "value": { @@ -113,10 +121,22 @@ "description": "Port on which the endpoint lives.", "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "scheme": { - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "scheme must be one of [HTTP, HTTPS]", + "rule": "self in ['', 'HTTP', 'HTTPS']" + } + ] } }, "required": [ @@ -128,16 +148,19 @@ "initialDelaySeconds": { "description": "Number of seconds after the container has started before readiness probes are initiated.", "format": "int32", + "minimum": 0, "type": "integer" }, "periodSeconds": { "description": "How often (in seconds) to perform the probe.", "format": "int32", + "minimum": 0, "type": "integer" }, "successThreshold": { "description": "Minimum consecutive successes for the probe to be considered successful after having failed.", "format": "int32", + "minimum": 0, "type": "integer" }, "tcpSocket": { @@ -149,7 +172,13 @@ "port": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] } }, "required": [ @@ -161,6 +190,7 @@ "timeoutSeconds": { "description": "Number of seconds after which the probe times out.", "format": "int32", + "minimum": 0, "type": "integer" } }, @@ -172,34 +202,62 @@ "properties": { "address": { "description": "Address associated with the network endpoint without the port.", - "type": "string" + "maxLength": 256, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "UDS must be an absolute path or abstract socket", + "rule": "self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + }, + { + "message": "UDS may not be a dir", + "rule": "self.startsWith('unix://') ? !self.endsWith('/') : true" + } + ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "One or more labels associated with the endpoint.", + "maxProperties": 256, "type": "object" }, "locality": { "description": "The locality associated with the endpoint.", + "maxLength": 2048, "type": "string" }, "network": { "description": "Network enables Istio to group endpoints resident in the same L3 domain/network.", + "maxLength": 2048, "type": "string" }, "ports": { "additionalProperties": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "description": "Set of ports associated with the endpoint.", - "type": "object" + "maxProperties": 128, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port name must be valid", + "rule": "self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" + } + ] }, "serviceAccount": { "description": "The service account associated with the workload if a sidecar is present in the workload.", + "maxLength": 253, "type": "string" }, "weight": { @@ -210,6 +268,12 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "UDS may not include ports", + "rule": "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" + } + ], "additionalProperties": false } }, @@ -220,9 +284,101 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, + "required": [ + "spec" + ], "type": "object" } diff --git a/networking.istio.io/workloadgroup_v1alpha3.json b/networking.istio.io/workloadgroup_v1alpha3.json index 2113f68e..066b00c6 100644 --- a/networking.istio.io/workloadgroup_v1alpha3.json +++ b/networking.istio.io/workloadgroup_v1alpha3.json @@ -10,12 +10,14 @@ "additionalProperties": { "type": "string" }, + "maxProperties": 256, "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, + "maxProperties": 256, "type": "object" } }, @@ -69,17 +71,22 @@ "command": { "description": "Command to run.", "items": { + "minLength": 1, "type": "string" }, "type": "array" } }, + "required": [ + "command" + ], "type": "object", "additionalProperties": false }, "failureThreshold": { "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.", "format": "int32", + "minimum": 0, "type": "integer" }, "httpGet": { @@ -94,6 +101,7 @@ "items": { "properties": { "name": { + "pattern": "^[-_A-Za-z0-9]+$", "type": "string" }, "value": { @@ -113,10 +121,22 @@ "description": "Port on which the endpoint lives.", "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "scheme": { - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "scheme must be one of [HTTP, HTTPS]", + "rule": "self in ['', 'HTTP', 'HTTPS']" + } + ] } }, "required": [ @@ -128,16 +148,19 @@ "initialDelaySeconds": { "description": "Number of seconds after the container has started before readiness probes are initiated.", "format": "int32", + "minimum": 0, "type": "integer" }, "periodSeconds": { "description": "How often (in seconds) to perform the probe.", "format": "int32", + "minimum": 0, "type": "integer" }, "successThreshold": { "description": "Minimum consecutive successes for the probe to be considered successful after having failed.", "format": "int32", + "minimum": 0, "type": "integer" }, "tcpSocket": { @@ -149,7 +172,13 @@ "port": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] } }, "required": [ @@ -161,6 +190,7 @@ "timeoutSeconds": { "description": "Number of seconds after which the probe times out.", "format": "int32", + "minimum": 0, "type": "integer" } }, @@ -172,34 +202,62 @@ "properties": { "address": { "description": "Address associated with the network endpoint without the port.", - "type": "string" + "maxLength": 256, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "UDS must be an absolute path or abstract socket", + "rule": "self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + }, + { + "message": "UDS may not be a dir", + "rule": "self.startsWith('unix://') ? !self.endsWith('/') : true" + } + ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "One or more labels associated with the endpoint.", + "maxProperties": 256, "type": "object" }, "locality": { "description": "The locality associated with the endpoint.", + "maxLength": 2048, "type": "string" }, "network": { "description": "Network enables Istio to group endpoints resident in the same L3 domain/network.", + "maxLength": 2048, "type": "string" }, "ports": { "additionalProperties": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "description": "Set of ports associated with the endpoint.", - "type": "object" + "maxProperties": 128, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port name must be valid", + "rule": "self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" + } + ] }, "serviceAccount": { "description": "The service account associated with the workload if a sidecar is present in the workload.", + "maxLength": 253, "type": "string" }, "weight": { @@ -210,6 +268,12 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "UDS may not include ports", + "rule": "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" + } + ], "additionalProperties": false } }, @@ -220,9 +284,101 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, + "required": [ + "spec" + ], "type": "object" } diff --git a/networking.istio.io/workloadgroup_v1beta1.json b/networking.istio.io/workloadgroup_v1beta1.json index 68ad839b..066b00c6 100644 --- a/networking.istio.io/workloadgroup_v1beta1.json +++ b/networking.istio.io/workloadgroup_v1beta1.json @@ -1,7 +1,7 @@ { "properties": { "spec": { - "description": "`WorkloadGroup` enables specifying the properties of a single workload for bootstrap and provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties of workloads via `Pod` templates.", + "description": "Describes a collection of workload instances. See more details at: https://istio.io/docs/reference/config/networking/workload-group.html", "properties": { "metadata": { "description": "Metadata that will be used for all corresponding `WorkloadEntries`.", @@ -10,12 +10,14 @@ "additionalProperties": { "type": "string" }, + "maxProperties": 256, "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, + "maxProperties": 256, "type": "object" } }, @@ -69,17 +71,22 @@ "command": { "description": "Command to run.", "items": { + "minLength": 1, "type": "string" }, "type": "array" } }, + "required": [ + "command" + ], "type": "object", "additionalProperties": false }, "failureThreshold": { "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.", "format": "int32", + "minimum": 0, "type": "integer" }, "httpGet": { @@ -94,6 +101,7 @@ "items": { "properties": { "name": { + "pattern": "^[-_A-Za-z0-9]+$", "type": "string" }, "value": { @@ -113,10 +121,22 @@ "description": "Port on which the endpoint lives.", "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "scheme": { - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "scheme must be one of [HTTP, HTTPS]", + "rule": "self in ['', 'HTTP', 'HTTPS']" + } + ] } }, "required": [ @@ -128,16 +148,19 @@ "initialDelaySeconds": { "description": "Number of seconds after the container has started before readiness probes are initiated.", "format": "int32", + "minimum": 0, "type": "integer" }, "periodSeconds": { "description": "How often (in seconds) to perform the probe.", "format": "int32", + "minimum": 0, "type": "integer" }, "successThreshold": { "description": "Minimum consecutive successes for the probe to be considered successful after having failed.", "format": "int32", + "minimum": 0, "type": "integer" }, "tcpSocket": { @@ -149,7 +172,13 @@ "port": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] } }, "required": [ @@ -161,6 +190,7 @@ "timeoutSeconds": { "description": "Number of seconds after which the probe times out.", "format": "int32", + "minimum": 0, "type": "integer" } }, @@ -172,34 +202,62 @@ "properties": { "address": { "description": "Address associated with the network endpoint without the port.", - "type": "string" + "maxLength": 256, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "UDS must be an absolute path or abstract socket", + "rule": "self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + }, + { + "message": "UDS may not be a dir", + "rule": "self.startsWith('unix://') ? !self.endsWith('/') : true" + } + ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "One or more labels associated with the endpoint.", + "maxProperties": 256, "type": "object" }, "locality": { "description": "The locality associated with the endpoint.", + "maxLength": 2048, "type": "string" }, "network": { "description": "Network enables Istio to group endpoints resident in the same L3 domain/network.", + "maxLength": 2048, "type": "string" }, "ports": { "additionalProperties": { "maximum": 4294967295, "minimum": 0, - "type": "integer" + "type": "integer", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "0 < self && self <= 65535" + } + ] }, "description": "Set of ports associated with the endpoint.", - "type": "object" + "maxProperties": 128, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port name must be valid", + "rule": "self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" + } + ] }, "serviceAccount": { "description": "The service account associated with the workload if a sidecar is present in the workload.", + "maxLength": 253, "type": "string" }, "weight": { @@ -210,6 +268,12 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "UDS may not include ports", + "rule": "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" + } + ], "additionalProperties": false } }, @@ -220,9 +284,101 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, + "required": [ + "spec" + ], "type": "object" } diff --git a/psmdb.percona.com/perconaservermongodb_v1.json:Zone.Identifier b/psmdb.percona.com/perconaservermongodb_v1.json:Zone.Identifier deleted file mode 100644 index e69de29b..00000000 diff --git a/psmdb.percona.com/perconaservermongodbbackup_v1.json:Zone.Identifier b/psmdb.percona.com/perconaservermongodbbackup_v1.json:Zone.Identifier deleted file mode 100644 index e69de29b..00000000 diff --git a/psmdb.percona.com/perconaservermongodbrestore_v1.json:Zone.Identifier b/psmdb.percona.com/perconaservermongodbrestore_v1.json:Zone.Identifier deleted file mode 100644 index e69de29b..00000000 diff --git a/security.istio.io/authorizationpolicy_v1.json b/security.istio.io/authorizationpolicy_v1.json index 213e1c58..7c0cea85 100644 --- a/security.istio.io/authorizationpolicy_v1.json +++ b/security.istio.io/authorizationpolicy_v1.json @@ -248,10 +248,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -261,22 +279,45 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, "targetRefs": { @@ -285,33 +326,152 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, + "maxItems": 16, "type": "array" } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or selector can be set", + "rule": "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/security.istio.io/authorizationpolicy_v1beta1.json b/security.istio.io/authorizationpolicy_v1beta1.json index 213e1c58..7c0cea85 100644 --- a/security.istio.io/authorizationpolicy_v1beta1.json +++ b/security.istio.io/authorizationpolicy_v1beta1.json @@ -248,10 +248,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -261,22 +279,45 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, "targetRefs": { @@ -285,33 +326,152 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, + "maxItems": 16, "type": "array" } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or selector can be set", + "rule": "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/security.istio.io/peerauthentication_v1.json b/security.istio.io/peerauthentication_v1.json index d3c6a854..f2ce9dbf 100644 --- a/security.istio.io/peerauthentication_v1.json +++ b/security.istio.io/peerauthentication_v1.json @@ -38,17 +38,42 @@ "additionalProperties": false }, "description": "Port specific mutual TLS settings.", - "type": "object" + "minProperties": 1, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "self.all(key, 0 < int(key) && int(key) <= 65535)" + } + ] }, "selector": { "description": "The selector determines the workloads to apply the PeerAuthentication on.", "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -56,11 +81,106 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "portLevelMtls requires selector", + "rule": "(has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0) || !has(self.portLevelMtls)" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/security.istio.io/peerauthentication_v1beta1.json b/security.istio.io/peerauthentication_v1beta1.json index d3c6a854..f2ce9dbf 100644 --- a/security.istio.io/peerauthentication_v1beta1.json +++ b/security.istio.io/peerauthentication_v1beta1.json @@ -38,17 +38,42 @@ "additionalProperties": false }, "description": "Port specific mutual TLS settings.", - "type": "object" + "minProperties": 1, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "self.all(key, 0 < int(key) && int(key) <= 65535)" + } + ] }, "selector": { "description": "The selector determines the workloads to apply the PeerAuthentication on.", "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -56,11 +81,106 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "portLevelMtls requires selector", + "rule": "(has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0) || !has(self.portLevelMtls)" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/security.istio.io/requestauthentication_v1.json b/security.istio.io/requestauthentication_v1.json index f75df0ea..4ac20a76 100644 --- a/security.istio.io/requestauthentication_v1.json +++ b/security.istio.io/requestauthentication_v1.json @@ -10,6 +10,7 @@ "audiences": { "description": "The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) that are allowed to access.", "items": { + "minLength": 1, "type": "string" }, "type": "array" @@ -21,6 +22,7 @@ "fromCookies": { "description": "List of cookie names from which JWT is expected.", "items": { + "minLength": 1, "type": "string" }, "type": "array" @@ -31,6 +33,7 @@ "properties": { "name": { "description": "The HTTP header name.", + "minLength": 1, "type": "string" }, "prefix": { @@ -49,12 +52,14 @@ "fromParams": { "description": "List of query parameters from which JWT is expected.", "items": { + "minLength": 1, "type": "string" }, "type": "array" }, "issuer": { "description": "Identifies the issuer that issued the JWT.", + "minLength": 1, "type": "string" }, "jwks": { @@ -63,11 +68,27 @@ }, "jwks_uri": { "description": "URL of the provider's public key set to validate signature of the JWT.", - "type": "string" + "maxLength": 2048, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "url must have scheme http:// or https://", + "rule": "url(self).getScheme() in ['http', 'https']" + } + ] }, "jwksUri": { "description": "URL of the provider's public key set to validate signature of the JWT.", - "type": "string" + "maxLength": 2048, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "url must have scheme http:// or https://", + "rule": "url(self).getScheme() in ['http', 'https']" + } + ] }, "outputClaimToHeaders": { "description": "This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.", @@ -75,13 +96,20 @@ "properties": { "claim": { "description": "The name of the claim to be copied from.", + "minLength": 1, "type": "string" }, "header": { "description": "The name of the header to be created.", + "minLength": 1, + "pattern": "^[-_A-Za-z0-9]+$", "type": "string" } }, + "required": [ + "header", + "claim" + ], "type": "object", "additionalProperties": false }, @@ -93,15 +121,28 @@ }, "timeout": { "description": "The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, will spend waiting for the JWKS to be fetched.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "required": [ "issuer" ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of jwks or jwksUri can be set", + "rule": "(has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1" + } + ], "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "selector": { @@ -109,10 +150,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -122,22 +181,45 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, "targetRefs": { @@ -146,33 +228,152 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, + "maxItems": 16, "type": "array" } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or selector can be set", + "rule": "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/security.istio.io/requestauthentication_v1beta1.json b/security.istio.io/requestauthentication_v1beta1.json index f75df0ea..4ac20a76 100644 --- a/security.istio.io/requestauthentication_v1beta1.json +++ b/security.istio.io/requestauthentication_v1beta1.json @@ -10,6 +10,7 @@ "audiences": { "description": "The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) that are allowed to access.", "items": { + "minLength": 1, "type": "string" }, "type": "array" @@ -21,6 +22,7 @@ "fromCookies": { "description": "List of cookie names from which JWT is expected.", "items": { + "minLength": 1, "type": "string" }, "type": "array" @@ -31,6 +33,7 @@ "properties": { "name": { "description": "The HTTP header name.", + "minLength": 1, "type": "string" }, "prefix": { @@ -49,12 +52,14 @@ "fromParams": { "description": "List of query parameters from which JWT is expected.", "items": { + "minLength": 1, "type": "string" }, "type": "array" }, "issuer": { "description": "Identifies the issuer that issued the JWT.", + "minLength": 1, "type": "string" }, "jwks": { @@ -63,11 +68,27 @@ }, "jwks_uri": { "description": "URL of the provider's public key set to validate signature of the JWT.", - "type": "string" + "maxLength": 2048, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "url must have scheme http:// or https://", + "rule": "url(self).getScheme() in ['http', 'https']" + } + ] }, "jwksUri": { "description": "URL of the provider's public key set to validate signature of the JWT.", - "type": "string" + "maxLength": 2048, + "minLength": 1, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "url must have scheme http:// or https://", + "rule": "url(self).getScheme() in ['http', 'https']" + } + ] }, "outputClaimToHeaders": { "description": "This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.", @@ -75,13 +96,20 @@ "properties": { "claim": { "description": "The name of the claim to be copied from.", + "minLength": 1, "type": "string" }, "header": { "description": "The name of the header to be created.", + "minLength": 1, + "pattern": "^[-_A-Za-z0-9]+$", "type": "string" } }, + "required": [ + "header", + "claim" + ], "type": "object", "additionalProperties": false }, @@ -93,15 +121,28 @@ }, "timeout": { "description": "The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, will spend waiting for the JWKS to be fetched.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "required": [ "issuer" ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of jwks or jwksUri can be set", + "rule": "(has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1" + } + ], "additionalProperties": false }, + "maxItems": 4096, "type": "array" }, "selector": { @@ -109,10 +150,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -122,22 +181,45 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, "targetRefs": { @@ -146,33 +228,152 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, + "maxItems": 16, "type": "array" } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or selector can be set", + "rule": "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/telemetry.istio.io/telemetry_v1.json b/telemetry.istio.io/telemetry_v1.json index 7b88d691..79864df9 100644 --- a/telemetry.istio.io/telemetry_v1.json +++ b/telemetry.istio.io/telemetry_v1.json @@ -200,7 +200,13 @@ }, "reportingInterval": { "description": "Optional.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -213,10 +219,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -226,22 +250,45 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, "targetRefs": { @@ -250,24 +297,48 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, + "maxItems": 16, "type": "array" }, "tracing": { @@ -434,11 +505,106 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or selector can be set", + "rule": "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/telemetry.istio.io/telemetry_v1alpha1.json b/telemetry.istio.io/telemetry_v1alpha1.json index 7b88d691..79864df9 100644 --- a/telemetry.istio.io/telemetry_v1alpha1.json +++ b/telemetry.istio.io/telemetry_v1alpha1.json @@ -200,7 +200,13 @@ }, "reportingInterval": { "description": "Optional.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -213,10 +219,28 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains('*')" + } + ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "type": "object" + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains('*'))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -226,22 +250,45 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, "targetRefs": { @@ -250,24 +297,48 @@ "properties": { "group": { "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] } }, + "required": [ + "kind", + "name" + ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway", + "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" + } + ], "additionalProperties": false }, + "maxItems": 16, "type": "array" }, "tracing": { @@ -434,11 +505,106 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or selector can be set", + "rule": "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Reconciled Condition refers.", + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "additionalProperties": false } }, "type": "object" diff --git a/velero.io/backuprepository_v1.json b/velero.io/backuprepository_v1.json index d874103a..6b6e12b5 100644 --- a/velero.io/backuprepository_v1.json +++ b/velero.io/backuprepository_v1.json @@ -22,6 +22,14 @@ "description": "MaintenanceFrequency is how often maintenance should be run.", "type": "string" }, + "repositoryConfig": { + "additionalProperties": { + "type": "string" + }, + "description": "RepositoryConfig is for repository-specific configuration fields.", + "nullable": true, + "type": "object" + }, "repositoryType": { "description": "RepositoryType indicates the type of the backend repository", "enum": [ diff --git a/vpcresources.k8s.aws/cninode_v1alpha1.json b/vpcresources.k8s.aws/cninode_v1alpha1.json index ded132ea..9e9bfc7b 100644 --- a/vpcresources.k8s.aws/cninode_v1alpha1.json +++ b/vpcresources.k8s.aws/cninode_v1alpha1.json @@ -1,18 +1,18 @@ { "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "Important: Run \"make\" to regenerate code after modifying this file CNINodeSpec defines the desired state of CNINode", + "description": "Important: Run \"make\" to regenerate code after modifying this file\nCNINodeSpec defines the desired state of CNINode", "properties": { "features": { "items": { diff --git a/vpcresources.k8s.aws/securitygrouppolicy_v1beta1.json b/vpcresources.k8s.aws/securitygrouppolicy_v1beta1.json index 0f8c6c45..ca5c29a0 100644 --- a/vpcresources.k8s.aws/securitygrouppolicy_v1beta1.json +++ b/vpcresources.k8s.aws/securitygrouppolicy_v1beta1.json @@ -2,11 +2,11 @@ "description": "Custom Resource Definition for applying security groups to pods", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,23 +16,23 @@ "description": "SecurityGroupPolicySpec defines the desired state of SecurityGroupPolicy", "properties": { "podSelector": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + "description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -52,11 +52,12 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "securityGroups": { @@ -76,23 +77,23 @@ "additionalProperties": false }, "serviceAccountSelector": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + "description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -112,11 +113,12 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false } },