diff --git a/api/api-rules/violation_exceptions.list b/api/api-rules/violation_exceptions.list index 27a1760629b..4c7b5a8e634 100644 --- a/api/api-rules/violation_exceptions.list +++ b/api/api-rules/violation_exceptions.list @@ -1,19 +1,3 @@ -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,DaemonSetStatus,Conditions -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,DeploymentStatus,Conditions -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,HTTPIngressRuleValue,Paths -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,IPBlock,Except -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,IngressLoadBalancerStatus,Ingress -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,IngressSpec,Rules -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,IngressSpec,TLS -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,IngressTLS,Hosts -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicyEgressRule,Ports -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicyEgressRule,To -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicyIngressRule,From -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicyIngressRule,Ports -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicySpec,Egress -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicySpec,Ingress -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicySpec,PolicyTypes -API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,ReplicaSetStatus,Conditions API rule violation: list_type_missing,k8s.io/api/imagepolicy/v1alpha1,ImageReviewSpec,Containers API rule violation: list_type_missing,k8s.io/api/networking/v1,IPBlock,Except API rule violation: list_type_missing,k8s.io/api/networking/v1,IngressLoadBalancerStatus,Ingress diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 539a1ef2aa4..dec784ec261 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -31892,6 +31892,10 @@ func schema_k8sio_api_extensions_v1beta1_DaemonSetStatus(ref common.ReferenceCal "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", "x-kubernetes-patch-merge-key": "type", "x-kubernetes-patch-strategy": "merge", }, @@ -32300,6 +32304,10 @@ func schema_k8sio_api_extensions_v1beta1_DeploymentStatus(ref common.ReferenceCa "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", "x-kubernetes-patch-merge-key": "type", "x-kubernetes-patch-strategy": "merge", }, @@ -32405,6 +32413,11 @@ func schema_k8sio_api_extensions_v1beta1_HTTPIngressRuleValue(ref common.Referen Type: []string{"object"}, Properties: map[string]spec.Schema{ "paths": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "A collection of paths that map requests to backends.", Type: []string{"array"}, @@ -32443,6 +32456,11 @@ func schema_k8sio_api_extensions_v1beta1_IPBlock(ref common.ReferenceCallback) c }, }, "except": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.0/24\" or \"2001:db8::/64\" Except values will be rejected if they are outside the CIDR range", Type: []string{"array"}, @@ -32655,6 +32673,11 @@ func schema_k8sio_api_extensions_v1beta1_IngressLoadBalancerStatus(ref common.Re Type: []string{"object"}, Properties: map[string]spec.Schema{ "ingress": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "Ingress is a list containing ingress points for the load-balancer.", Type: []string{"array"}, @@ -32784,6 +32807,11 @@ func schema_k8sio_api_extensions_v1beta1_IngressSpec(ref common.ReferenceCallbac }, }, "tls": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.", Type: []string{"array"}, @@ -32798,6 +32826,11 @@ func schema_k8sio_api_extensions_v1beta1_IngressSpec(ref common.ReferenceCallbac }, }, "rules": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.", Type: []string{"array"}, @@ -32849,6 +32882,11 @@ func schema_k8sio_api_extensions_v1beta1_IngressTLS(ref common.ReferenceCallback Type: []string{"object"}, Properties: map[string]spec.Schema{ "hosts": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.", Type: []string{"array"}, @@ -32927,6 +32965,11 @@ func schema_k8sio_api_extensions_v1beta1_NetworkPolicyEgressRule(ref common.Refe Type: []string{"object"}, Properties: map[string]spec.Schema{ "ports": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", Type: []string{"array"}, @@ -32941,6 +32984,11 @@ func schema_k8sio_api_extensions_v1beta1_NetworkPolicyEgressRule(ref common.Refe }, }, "to": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", Type: []string{"array"}, @@ -32970,6 +33018,11 @@ func schema_k8sio_api_extensions_v1beta1_NetworkPolicyIngressRule(ref common.Ref Type: []string{"object"}, Properties: map[string]spec.Schema{ "ports": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", Type: []string{"array"}, @@ -32984,6 +33037,11 @@ func schema_k8sio_api_extensions_v1beta1_NetworkPolicyIngressRule(ref common.Ref }, }, "from": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.", Type: []string{"array"}, @@ -33140,6 +33198,11 @@ func schema_k8sio_api_extensions_v1beta1_NetworkPolicySpec(ref common.ReferenceC }, }, "ingress": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default).", Type: []string{"array"}, @@ -33154,6 +33217,11 @@ func schema_k8sio_api_extensions_v1beta1_NetworkPolicySpec(ref common.ReferenceC }, }, "egress": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8", Type: []string{"array"}, @@ -33168,6 +33236,11 @@ func schema_k8sio_api_extensions_v1beta1_NetworkPolicySpec(ref common.ReferenceC }, }, "policyTypes": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "List of rule types that the NetworkPolicy relates to. Valid options are [\"Ingress\"], [\"Egress\"], or [\"Ingress\", \"Egress\"]. If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ \"Egress\" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include \"Egress\" (since such a policy would not include an Egress section and would otherwise default to just [ \"Ingress\" ]). This field is beta-level in 1.8", Type: []string{"array"}, @@ -33432,6 +33505,10 @@ func schema_k8sio_api_extensions_v1beta1_ReplicaSetStatus(ref common.ReferenceCa "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", "x-kubernetes-patch-merge-key": "type", "x-kubernetes-patch-strategy": "merge", }, diff --git a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto index 3f2549681ec..60effc8f711 100644 --- a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto @@ -176,6 +176,8 @@ message DaemonSetStatus { // +optional // +patchMergeKey=type // +patchStrategy=merge + // +listType=map + // +listMapKey=type repeated DaemonSetCondition conditions = 10; } @@ -343,6 +345,8 @@ message DeploymentStatus { // Represents the latest available observations of a deployment's current state. // +patchMergeKey=type // +patchStrategy=merge + // +listType=map + // +listMapKey=type repeated DeploymentCondition conditions = 6; // Count of hash collisions for the Deployment. The Deployment controller uses this @@ -406,6 +410,7 @@ message HTTPIngressPath { // or '#'. message HTTPIngressRuleValue { // A collection of paths that map requests to backends. + // +listType=atomic repeated HTTPIngressPath paths = 1; } @@ -422,6 +427,7 @@ message IPBlock { // Valid examples are "192.168.1.0/24" or "2001:db8::/64" // Except values will be rejected if they are outside the CIDR range // +optional + // +listType=atomic repeated string except = 2; } @@ -495,6 +501,7 @@ message IngressLoadBalancerIngress { message IngressLoadBalancerStatus { // Ingress is a list containing ingress points for the load-balancer. // +optional + // +listType=atomic repeated IngressLoadBalancerIngress ingress = 1; } @@ -602,11 +609,13 @@ message IngressSpec { // through the SNI TLS extension, if the ingress controller fulfilling the // ingress supports SNI. // +optional + // +listType=atomic repeated IngressTLS tls = 2; // A list of host rules used to configure the Ingress. If unspecified, or // no rule matches, all traffic is sent to the default backend. // +optional + // +listType=atomic repeated IngressRule rules = 3; } @@ -624,6 +633,7 @@ message IngressTLS { // wildcard host setting for the loadbalancer controller fulfilling this // Ingress, if left unspecified. // +optional + // +listType=atomic repeated string hosts = 1; // SecretName is the name of the secret used to terminate SSL traffic on 443. @@ -659,6 +669,7 @@ message NetworkPolicyEgressRule { // If this field is present and contains at least one item, then this rule allows // traffic only if the traffic matches at least one port in the list. // +optional + // +listType=atomic repeated NetworkPolicyPort ports = 1; // List of destinations for outgoing traffic of pods selected for this rule. @@ -667,6 +678,7 @@ message NetworkPolicyEgressRule { // destination). If this field is present and contains at least one item, this rule // allows traffic only if the traffic matches at least one item in the to list. // +optional + // +listType=atomic repeated NetworkPolicyPeer to = 2; } @@ -679,6 +691,7 @@ message NetworkPolicyIngressRule { // If this field is present and contains at least one item, then this rule allows traffic // only if the traffic matches at least one port in the list. // +optional + // +listType=atomic repeated NetworkPolicyPort ports = 1; // List of sources which should be able to access the pods selected for this rule. @@ -687,6 +700,7 @@ message NetworkPolicyIngressRule { // If this field is present and contains at least one item, this rule allows traffic only if the // traffic matches at least one item in the from list. // +optional + // +listType=atomic repeated NetworkPolicyPeer from = 2; } @@ -767,6 +781,7 @@ message NetworkPolicySpec { // If this field is empty then this NetworkPolicy does not allow any traffic // (and serves solely to ensure that the pods it selects are isolated by default). // +optional + // +listType=atomic repeated NetworkPolicyIngressRule ingress = 2; // List of egress rules to be applied to the selected pods. Outgoing traffic is @@ -777,6 +792,7 @@ message NetworkPolicySpec { // solely to ensure that the pods it selects are isolated by default). // This field is beta-level in 1.8 // +optional + // +listType=atomic repeated NetworkPolicyEgressRule egress = 3; // List of rule types that the NetworkPolicy relates to. @@ -790,6 +806,7 @@ message NetworkPolicySpec { // an Egress section and would otherwise default to just [ "Ingress" ]). // This field is beta-level in 1.8 // +optional + // +listType=atomic repeated string policyTypes = 4; } @@ -905,6 +922,8 @@ message ReplicaSetStatus { // +optional // +patchMergeKey=type // +patchStrategy=merge + // +listType=map + // +listMapKey=type repeated ReplicaSetCondition conditions = 6; } diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types.go b/staging/src/k8s.io/api/extensions/v1beta1/types.go index 70b349f654b..cc2deadac0a 100644 --- a/staging/src/k8s.io/api/extensions/v1beta1/types.go +++ b/staging/src/k8s.io/api/extensions/v1beta1/types.go @@ -270,6 +270,8 @@ type DeploymentStatus struct { // Represents the latest available observations of a deployment's current state. // +patchMergeKey=type // +patchStrategy=merge + // +listType=map + // +listMapKey=type Conditions []DeploymentCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"` // Count of hash collisions for the Deployment. The Deployment controller uses this @@ -490,6 +492,8 @@ type DaemonSetStatus struct { // +optional // +patchMergeKey=type // +patchStrategy=merge + // +listType=map + // +listMapKey=type Conditions []DaemonSetCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,10,rep,name=conditions"` } @@ -652,11 +656,13 @@ type IngressSpec struct { // through the SNI TLS extension, if the ingress controller fulfilling the // ingress supports SNI. // +optional + // +listType=atomic TLS []IngressTLS `json:"tls,omitempty" protobuf:"bytes,2,rep,name=tls"` // A list of host rules used to configure the Ingress. If unspecified, or // no rule matches, all traffic is sent to the default backend. // +optional + // +listType=atomic Rules []IngressRule `json:"rules,omitempty" protobuf:"bytes,3,rep,name=rules"` // TODO: Add the ability to specify load-balancer IP through claims } @@ -668,6 +674,7 @@ type IngressTLS struct { // wildcard host setting for the loadbalancer controller fulfilling this // Ingress, if left unspecified. // +optional + // +listType=atomic Hosts []string `json:"hosts,omitempty" protobuf:"bytes,1,rep,name=hosts"` // SecretName is the name of the secret used to terminate SSL traffic on 443. // Field is left optional to allow SSL routing based on SNI hostname alone. @@ -690,6 +697,7 @@ type IngressStatus struct { type IngressLoadBalancerStatus struct { // Ingress is a list containing ingress points for the load-balancer. // +optional + // +listType=atomic Ingress []IngressLoadBalancerIngress `json:"ingress,omitempty" protobuf:"bytes,1,rep,name=ingress"` } @@ -797,6 +805,7 @@ type IngressRuleValue struct { // or '#'. type HTTPIngressRuleValue struct { // A collection of paths that map requests to backends. + // +listType=atomic Paths []HTTPIngressPath `json:"paths" protobuf:"bytes,1,rep,name=paths"` // TODO: Consider adding fields for ingress-type specific global // options usable by a loadbalancer, like http keep-alive. @@ -991,6 +1000,8 @@ type ReplicaSetStatus struct { // +optional // +patchMergeKey=type // +patchStrategy=merge + // +listType=map + // +listMapKey=type Conditions []ReplicaSetCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"` } @@ -1076,6 +1087,7 @@ type NetworkPolicySpec struct { // If this field is empty then this NetworkPolicy does not allow any traffic // (and serves solely to ensure that the pods it selects are isolated by default). // +optional + // +listType=atomic Ingress []NetworkPolicyIngressRule `json:"ingress,omitempty" protobuf:"bytes,2,rep,name=ingress"` // List of egress rules to be applied to the selected pods. Outgoing traffic is @@ -1086,6 +1098,7 @@ type NetworkPolicySpec struct { // solely to ensure that the pods it selects are isolated by default). // This field is beta-level in 1.8 // +optional + // +listType=atomic Egress []NetworkPolicyEgressRule `json:"egress,omitempty" protobuf:"bytes,3,rep,name=egress"` // List of rule types that the NetworkPolicy relates to. @@ -1099,6 +1112,7 @@ type NetworkPolicySpec struct { // an Egress section and would otherwise default to just [ "Ingress" ]). // This field is beta-level in 1.8 // +optional + // +listType=atomic PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"` } @@ -1111,6 +1125,7 @@ type NetworkPolicyIngressRule struct { // If this field is present and contains at least one item, then this rule allows traffic // only if the traffic matches at least one port in the list. // +optional + // +listType=atomic Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"` // List of sources which should be able to access the pods selected for this rule. @@ -1119,6 +1134,7 @@ type NetworkPolicyIngressRule struct { // If this field is present and contains at least one item, this rule allows traffic only if the // traffic matches at least one item in the from list. // +optional + // +listType=atomic From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"` } @@ -1133,6 +1149,7 @@ type NetworkPolicyEgressRule struct { // If this field is present and contains at least one item, then this rule allows // traffic only if the traffic matches at least one port in the list. // +optional + // +listType=atomic Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"` // List of destinations for outgoing traffic of pods selected for this rule. @@ -1141,6 +1158,7 @@ type NetworkPolicyEgressRule struct { // destination). If this field is present and contains at least one item, this rule // allows traffic only if the traffic matches at least one item in the to list. // +optional + // +listType=atomic To []NetworkPolicyPeer `json:"to,omitempty" protobuf:"bytes,2,rep,name=to"` } @@ -1178,6 +1196,7 @@ type IPBlock struct { // Valid examples are "192.168.1.0/24" or "2001:db8::/64" // Except values will be rejected if they are outside the CIDR range // +optional + // +listType=atomic Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"` }