From d8b766ddd46725d75a4f9b91e6321e1460fa32a8 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Thu, 24 Apr 2025 08:57:38 +0800 Subject: [PATCH 1/2] Update config API generator for v1.33 --- genref/config.yaml | 2 +- genref/go.mod | 55 ++++++++++---------- genref/go.sum | 126 +++++++++++++++++++++++---------------------- 3 files changed, 92 insertions(+), 91 deletions(-) diff --git a/genref/config.yaml b/genref/config.yaml index 4634e94979..94e82eb611 100644 --- a/genref/config.yaml +++ b/genref/config.yaml @@ -23,7 +23,7 @@ externalPackages: - match: ^io.Writer$ target: https://pkg.go.dev/io#Writer - match: ^k8s\.io/(api|apimachinery/pkg/apis)/ - target: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#{{- lower .TypeIdentifier -}}-{{- arrIndex .PackageSegments -1 -}}-{{- arrIndex .PackageSegments -2 -}} + target: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#{{- lower .TypeIdentifier -}}-{{- arrIndex .PackageSegments -1 -}}-{{- arrIndex .PackageSegments -2 -}} hideTypePatterns: - "ParseError$" diff --git a/genref/go.mod b/genref/go.mod index a5f19ecb4f..7b15078b2e 100644 --- a/genref/go.mod +++ b/genref/go.mod @@ -1,26 +1,25 @@ module github.com/kubernetes-sigs/reference-docs/genref -go 1.23.0 +go 1.24.0 require ( - github.com/tengqm/kubeconfig v0.0.0-20250410050748-ae61a0c4a14d github.com/yuin/goldmark v1.7.8 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 - k8s.io/api v0.32.0 - k8s.io/apimachinery v0.32.0 - k8s.io/apiserver v0.32.0 - k8s.io/client-go v0.32.0 - k8s.io/cloud-provider v0.32.0 - k8s.io/cluster-bootstrap v0.32.0 - k8s.io/component-base v0.32.0 - k8s.io/controller-manager v0.32.0 + k8s.io/api v0.33.0 + k8s.io/apimachinery v0.33.0 + k8s.io/apiserver v0.33.0 + k8s.io/client-go v0.33.0 + k8s.io/cloud-provider v0.33.0 + k8s.io/cluster-bootstrap v0.33.0 + k8s.io/component-base v0.33.0 + k8s.io/controller-manager v0.33.0 k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 k8s.io/klog/v2 v2.130.1 - k8s.io/kube-controller-manager v0.32.0 - k8s.io/kube-proxy v0.32.0 - k8s.io/kube-scheduler v0.32.0 - k8s.io/kubelet v0.32.0 - k8s.io/metrics v0.32.0 + k8s.io/kube-controller-manager v0.33.0 + k8s.io/kube-proxy v0.33.0 + k8s.io/kube-scheduler v0.33.0 + k8s.io/kubelet v0.33.0 + k8s.io/metrics v0.33.0 sigs.k8s.io/yaml v1.4.0 ) @@ -36,10 +35,8 @@ require ( github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.4 // indirect - github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.6.0 // indirect - github.com/google/gofuzz v1.2.0 // indirect + github.com/google/gnostic-models v0.6.9 // indirect + github.com/google/go-cmp v0.7.0 // indirect github.com/google/uuid v1.6.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -48,19 +45,21 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/tengqm/kubeconfig v0.0.0-20250424004001-34e545f62a22 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/net v0.30.0 // indirect - golang.org/x/oauth2 v0.23.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect - golang.org/x/time v0.7.0 // indirect - google.golang.org/protobuf v1.35.1 // indirect + golang.org/x/net v0.38.0 // indirect + golang.org/x/oauth2 v0.27.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/term v0.30.0 // indirect + golang.org/x/text v0.23.0 // indirect + golang.org/x/time v0.9.0 // indirect + google.golang.org/protobuf v1.36.5 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect ) diff --git a/genref/go.sum b/genref/go.sum index 560deea7d4..c90bef07e4 100644 --- a/genref/go.sum +++ b/genref/go.sum @@ -36,18 +36,14 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= +github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -86,11 +82,10 @@ github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7y github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -98,17 +93,19 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/tengqm/kubeconfig v0.0.0-20241211001720-0c4df2bffc81 h1:ziQTSxqsgYdOVEYDnN6VuQePSh6RdozCQYWXrgeFG3A= -github.com/tengqm/kubeconfig v0.0.0-20241211001720-0c4df2bffc81/go.mod h1:8hfEiqPY5JOPZgrmhZjZ6OcsBc9+WlrA88hLxH7KiVw= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tengqm/kubeconfig v0.0.0-20250410050748-ae61a0c4a14d h1:294xQC3VB1bE/YQo6HOtkcOQTOTuoS1sT0yYVjtVbJo= github.com/tengqm/kubeconfig v0.0.0-20250410050748-ae61a0c4a14d/go.mod h1:8hfEiqPY5JOPZgrmhZjZ6OcsBc9+WlrA88hLxH7KiVw= +github.com/tengqm/kubeconfig v0.0.0-20250424004001-34e545f62a22 h1:cvkB8aKyBLnkwdRZ1eJ9j1ha17wed0zwoPebwKUE+rA= +github.com/tengqm/kubeconfig v0.0.0-20250424004001-34e545f62a22/go.mod h1:8hfEiqPY5JOPZgrmhZjZ6OcsBc9+WlrA88hLxH7KiVw= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -118,6 +115,8 @@ github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic= github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 h1:0SJnXjE4jDClMW6grE0xpNhwpqbPwkBTn8zpVw5C0SI= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01/go.mod h1:TwKQPa5XkCCRC2GRZ5wtfNUTQ2+9/i19mGRijFeJ4BE= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -129,29 +128,29 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= -golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= -golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= +golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= -golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -163,8 +162,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= +google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -177,45 +176,48 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= -k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= -k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= -k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/apiserver v0.32.0 h1:VJ89ZvQZ8p1sLeiWdRJpRD6oLozNZD2+qVSLi+ft5Qs= -k8s.io/apiserver v0.32.0/go.mod h1:HFh+dM1/BE/Hm4bS4nTXHVfN6Z6tFIZPi649n83b4Ag= -k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= -k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= -k8s.io/cloud-provider v0.32.0 h1:QXYJGmwME2q2rprymbmw2GroMChQYc/MWN6l/I4Kgp8= -k8s.io/cloud-provider v0.32.0/go.mod h1:cz3gVodkhgwi2ugj/JUPglIruLSdDaThxawuDyCHfr8= -k8s.io/cluster-bootstrap v0.32.0 h1:xfaL0a5MfX3CfZlbUDN1EaSkDAOYIshOiWGIo7n/2Dc= -k8s.io/cluster-bootstrap v0.32.0/go.mod h1:DgKZNB6DhBsEf8bp7RqMqGFGR4jq2JGcmyQgssAb5/I= -k8s.io/component-base v0.32.0 h1:d6cWHZkCiiep41ObYQS6IcgzOUQUNpywm39KVYaUqzU= -k8s.io/component-base v0.32.0/go.mod h1:JLG2W5TUxUu5uDyKiH2R/7NnxJo1HlPoRIIbVLkK5eM= -k8s.io/controller-manager v0.32.0 h1:tpQl1rvH4huFB6Avl1nhowZHtZoCNWqn6OYdZPl7Ybc= -k8s.io/controller-manager v0.32.0/go.mod h1:JRuYnYCkKj3NgBTy+KNQKIUm/lJRoDAvGbfdEmk9LhY= +k8s.io/api v0.33.0 h1:yTgZVn1XEe6opVpP1FylmNrIFWuDqe2H0V8CT5gxfIU= +k8s.io/api v0.33.0/go.mod h1:CTO61ECK/KU7haa3qq8sarQ0biLq2ju405IZAd9zsiM= +k8s.io/apimachinery v0.33.0 h1:1a6kHrJxb2hs4t8EE5wuR/WxKDwGN1FKH3JvDtA0CIQ= +k8s.io/apimachinery v0.33.0/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= +k8s.io/apiserver v0.33.0 h1:QqcM6c+qEEjkOODHppFXRiw/cE2zP85704YrQ9YaBbc= +k8s.io/apiserver v0.33.0/go.mod h1:EixYOit0YTxt8zrO2kBU7ixAtxFce9gKGq367nFmqI8= +k8s.io/client-go v0.33.0 h1:UASR0sAYVUzs2kYuKn/ZakZlcs2bEHaizrrHUZg0G98= +k8s.io/client-go v0.33.0/go.mod h1:kGkd+l/gNGg8GYWAPr0xF1rRKvVWvzh9vmZAMXtaKOg= +k8s.io/cloud-provider v0.33.0 h1:nVU2Q9QK7O50yaNx+pE61oDPqflsSsKygN43f5js9+I= +k8s.io/cloud-provider v0.33.0/go.mod h1:2reyEBbsimZJKHF325vxLBD5fcJGNeJHeLjJ+jGM8Qg= +k8s.io/cluster-bootstrap v0.33.0 h1:a1njmBk8ha+TNK8HqfLkuMyC6Q9qvnm5eZzBLpwEW/A= +k8s.io/cluster-bootstrap v0.33.0/go.mod h1:YL0riHER19bZOT5Pdpl1ynbypadaEoWfg3Ywnl0Pb5s= +k8s.io/component-base v0.33.0 h1:Ot4PyJI+0JAD9covDhwLp9UNkUja209OzsJ4FzScBNk= +k8s.io/component-base v0.33.0/go.mod h1:aXYZLbw3kihdkOPMDhWbjGCO6sg+luw554KP51t8qCU= +k8s.io/controller-manager v0.33.0 h1:O9LnTjffOe62d66gMcKLuPXsBjY5sqETWEIzg+DVL8w= +k8s.io/controller-manager v0.33.0/go.mod h1:vQwAQnroav4+UyE2acW1Rj6CSsHPzr2/018kgRLYqlI= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-controller-manager v0.32.0 h1:GXQz5GtyvtyFRFpIZmPUgdLPyrvVKNA72JHAW5jLIL0= -k8s.io/kube-controller-manager v0.32.0/go.mod h1:9Z9qDFMJJv5RikzQdGSjq4J+qMm8Kg1bR+kEs/+COQA= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= -k8s.io/kube-proxy v0.32.0 h1:gpJjVwewV/DHarOJn0acGJB9liaWaOllsv+jmQt612k= -k8s.io/kube-proxy v0.32.0/go.mod h1:Xs7SJ3x0liTvHhq/u48Vjj31/Atg5S4fHSzMmB8suEU= -k8s.io/kube-scheduler v0.32.0 h1:FCsF/3TPvR51ptx/gLUrqcoKqAMhQKrydYCJzPz9VGM= -k8s.io/kube-scheduler v0.32.0/go.mod h1:yof3vmyx70TWoQ6XZruYEGIUT/r0H/ELGdnWiqPF5EE= -k8s.io/kubelet v0.32.0 h1:uLyiKlz195Wo4an/K2tyge8o3QHx0ZkhVN3pevvp59A= -k8s.io/kubelet v0.32.0/go.mod h1:lAwuVZT/Hm7EdLn0jW2D+WdrJoorjJL2rVSdhOFnegw= -k8s.io/metrics v0.32.0 h1:70qJ3ZS/9DrtH0UA0NVBI6gW2ip2GAn9e7NtoKERpns= -k8s.io/metrics v0.32.0/go.mod h1:skdg9pDjVjCPIQqmc5rBzDL4noY64ORhKu9KCPv1+QI= +k8s.io/kube-controller-manager v0.33.0 h1:wzd/I2N7X2UU2h3248pyKbyiu4YMGuzWgyRc72YnrWQ= +k8s.io/kube-controller-manager v0.33.0/go.mod h1:NtTfXq9CQr1zMgAeIQJjF/Ct2p5K0eP0FhNoD6ePKUU= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= +k8s.io/kube-proxy v0.33.0 h1:Sayf1JKu5toDhJeDYCNcucSyyqnHdMHU/JcFi5g2008= +k8s.io/kube-proxy v0.33.0/go.mod h1:C0ZiTrHD2A3yL830p4/6bgUD2h5Mh5DfPwgL/JYXS3M= +k8s.io/kube-scheduler v0.33.0 h1:G5psn7ynB5Vjfo0ia8uz32Gv46TRa5RgTq4PTm+yjR0= +k8s.io/kube-scheduler v0.33.0/go.mod h1:I+0aqwJ3G9f9pyfKfoN5b0uP9M6MinNpxXRlCXkM17E= +k8s.io/kubelet v0.33.0 h1:4pJA2Ge6Rp0kDNV76KH7pTBiaV2T1a1874QHMcubuSU= +k8s.io/kubelet v0.33.0/go.mod h1:iDnxbJQMy9DUNaML5L/WUlt3uJtNLWh7ZAe0JSp4Yi0= +k8s.io/metrics v0.33.0 h1:sKe5sC9qb1RakMhs8LWYNuN2ne6OTCWexj8Jos3rO2Y= +k8s.io/metrics v0.33.0/go.mod h1:XewckTFXmE2AJiP7PT3EXaY7hi7bler3t2ZLyOdQYzU= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= -sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= -sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= +sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From c591a4100078ad8b52cfc9bea7cc88de2d9c8fa8 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Thu, 24 Apr 2025 08:57:55 +0800 Subject: [PATCH 2/2] Generated files --- genref/output/md/apiserver-admission.v1.md | 4 +- genref/output/md/apiserver-audit.v1.md | 16 +- genref/output/md/apiserver-config.v1alpha1.md | 4 +- genref/output/md/apiserver-config.v1beta1.md | 4 +- .../output/md/apiserver-resourcequota.v1.md | 2 +- genref/output/md/client-authentication.v1.md | 2 +- .../md/client-authentication.v1beta1.md | 2 +- genref/output/md/custom-metrics.v1beta2.md | 8 +- genref/output/md/external-metrics.v1beta1.md | 4 +- genref/output/md/imagepolicy.v1alpha1.md | 2 +- ...kube-controller-manager-config.v1alpha1.md | 6 + .../output/md/kube-proxy-config.v1alpha1.md | 6 +- genref/output/md/kube-scheduler-config.v1.md | 12 +- genref/output/md/kubeadm-config.v1beta3.md | 8 +- genref/output/md/kubeadm-config.v1beta4.md | 22 ++- genref/output/md/kubelet-config.v1.md | 93 ++++++++- genref/output/md/kubelet-config.v1alpha1.md | 169 ++++++++++++++++- genref/output/md/kubelet-config.v1beta1.md | 126 ++++++++++++- .../md/kubelet-credentialprovider.v1.md | 20 ++ genref/output/md/kubelet-stats.v1alpha1.md | 177 +++++++++++++++++- genref/output/md/metrics.v1beta1.md | 16 +- 21 files changed, 630 insertions(+), 73 deletions(-) diff --git a/genref/output/md/apiserver-admission.v1.md b/genref/output/md/apiserver-admission.v1.md index 25021cea9c..9d22a768f2 100644 --- a/genref/output/md/apiserver-admission.v1.md +++ b/genref/output/md/apiserver-admission.v1.md @@ -152,7 +152,7 @@ requested. e.g. a patch can result in either a CREATE or UPDATE Operation.

userInfo [Required]
-authentication/v1.UserInfo +authentication/v1.UserInfo

UserInfo is information about the requesting user

@@ -226,7 +226,7 @@ This must be copied over from the corresponding AdmissionRequest.

status
-meta/v1.Status +meta/v1.Status

Result contains extra details into why an admission request was denied. diff --git a/genref/output/md/apiserver-audit.v1.md b/genref/output/md/apiserver-audit.v1.md index 64704c55ec..b35b2d5b1d 100644 --- a/genref/output/md/apiserver-audit.v1.md +++ b/genref/output/md/apiserver-audit.v1.md @@ -71,14 +71,14 @@ For non-resource requests, this is the lower-cased HTTP method.

user [Required]
-authentication/v1.UserInfo +authentication/v1.UserInfo

Authenticated user information.

impersonatedUser
-authentication/v1.UserInfo +authentication/v1.UserInfo

Impersonated user information.

@@ -116,7 +116,7 @@ Does not apply for List-type requests, or non-resource requests.

responseStatus
-meta/v1.Status +meta/v1.Status

The response status, populated even when the ResponseObject is not a Status type. @@ -144,14 +144,14 @@ at Response Level.

requestReceivedTimestamp
-meta/v1.MicroTime +meta/v1.MicroTime

Time the request reached the apiserver.

stageTimestamp
-meta/v1.MicroTime +meta/v1.MicroTime

Time the request reached current audit stage.

@@ -188,7 +188,7 @@ should be short. Annotations are included in the Metadata level.

metadata
-meta/v1.ListMeta +meta/v1.ListMeta No description provided. @@ -223,7 +223,7 @@ categories are logged.

metadata
-meta/v1.ObjectMeta +meta/v1.ObjectMeta

ObjectMeta is included for interoperability with API infrastructure.

@@ -278,7 +278,7 @@ in a rule will override the global default.

metadata
-meta/v1.ListMeta +meta/v1.ListMeta No description provided. diff --git a/genref/output/md/apiserver-config.v1alpha1.md b/genref/output/md/apiserver-config.v1alpha1.md index 1f870d351b..4f799a4646 100644 --- a/genref/output/md/apiserver-config.v1alpha1.md +++ b/genref/output/md/apiserver-config.v1alpha1.md @@ -400,7 +400,9 @@ If username.expression is set, the expression must produce a string value. If username.expression uses 'claims.email', then 'claims.email_verified' must be used in username.expression or extra[].valueExpression or claimValidationRules[].expression. An example claim validation rule expression that matches the validation automatically -applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true)'.

+applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true) == true'. By explicitly comparing +the value to true, we let type-checking see the result will be a boolean, and to make sure a non-boolean email_verified +claim will be caught at runtime.

In the flag based approach, the --oidc-username-claim and --oidc-username-prefix are optional. If --oidc-username-claim is not set, the default value is "sub". For the authentication config, there is no defaulting for claim or prefix. The claim and prefix must be set explicitly. For claim, if --oidc-username-claim was not set with legacy flag approach, configure username.claim="sub" in the authentication config. diff --git a/genref/output/md/apiserver-config.v1beta1.md b/genref/output/md/apiserver-config.v1beta1.md index 7a14460dd5..4fc8e4b566 100644 --- a/genref/output/md/apiserver-config.v1beta1.md +++ b/genref/output/md/apiserver-config.v1beta1.md @@ -333,7 +333,9 @@ If username.expression is set, the expression must produce a string value. If username.expression uses 'claims.email', then 'claims.email_verified' must be used in username.expression or extra[].valueExpression or claimValidationRules[].expression. An example claim validation rule expression that matches the validation automatically -applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true)'.

+applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true) == true'. By explicitly comparing +the value to true, we let type-checking see the result will be a boolean, and to make sure a non-boolean email_verified +claim will be caught at runtime.

In the flag based approach, the --oidc-username-claim and --oidc-username-prefix are optional. If --oidc-username-claim is not set, the default value is "sub". For the authentication config, there is no defaulting for claim or prefix. The claim and prefix must be set explicitly. For claim, if --oidc-username-claim was not set with legacy flag approach, configure username.claim="sub" in the authentication config. diff --git a/genref/output/md/apiserver-resourcequota.v1.md b/genref/output/md/apiserver-resourcequota.v1.md index 27aa0686dc..477b7863f5 100644 --- a/genref/output/md/apiserver-resourcequota.v1.md +++ b/genref/output/md/apiserver-resourcequota.v1.md @@ -89,7 +89,7 @@ with any storage class, the list would include matchScopes
-[]core/v1.ScopedResourceSelectorRequirement +[]core/v1.ScopedResourceSelectorRequirement

For each intercepted request, the quota system will figure out if the input object diff --git a/genref/output/md/client-authentication.v1.md b/genref/output/md/client-authentication.v1.md index 43d8fcd412..4ecd885a91 100644 --- a/genref/output/md/client-authentication.v1.md +++ b/genref/output/md/client-authentication.v1.md @@ -205,7 +205,7 @@ itself should at least be protected via file permissions.

expirationTimestamp
-meta/v1.Time +meta/v1.Time

ExpirationTimestamp indicates a time when the provided credentials expire.

diff --git a/genref/output/md/client-authentication.v1beta1.md b/genref/output/md/client-authentication.v1beta1.md index 623a8cfa96..b7c37663cd 100644 --- a/genref/output/md/client-authentication.v1beta1.md +++ b/genref/output/md/client-authentication.v1beta1.md @@ -205,7 +205,7 @@ itself should at least be protected via file permissions.

expirationTimestamp
-meta/v1.Time +meta/v1.Time

ExpirationTimestamp indicates a time when the provided credentials expire.

diff --git a/genref/output/md/custom-metrics.v1beta2.md b/genref/output/md/custom-metrics.v1beta2.md index 0dbfa326e0..4fd879b4d7 100644 --- a/genref/output/md/custom-metrics.v1beta2.md +++ b/genref/output/md/custom-metrics.v1beta2.md @@ -68,7 +68,7 @@ Defaults to everything.

describedObject [Required]
-core/v1.ObjectReference +core/v1.ObjectReference

a reference to the described object

@@ -81,7 +81,7 @@ Defaults to everything.

No description provided. timestamp [Required]
-meta/v1.Time +meta/v1.Time

indicates the time at which the metrics were produced

@@ -123,7 +123,7 @@ non-calculated instantaneous metrics).

metadata [Required]
-meta/v1.ListMeta +meta/v1.ListMeta No description provided. @@ -162,7 +162,7 @@ non-calculated instantaneous metrics).

selector
-meta/v1.LabelSelector +meta/v1.LabelSelector

selector represents the label selector that could be used to select diff --git a/genref/output/md/external-metrics.v1beta1.md b/genref/output/md/external-metrics.v1beta1.md index 714dbc0324..8209a7d07e 100644 --- a/genref/output/md/external-metrics.v1beta1.md +++ b/genref/output/md/external-metrics.v1beta1.md @@ -50,7 +50,7 @@ For one metric there can be multiple values with different sets of labels.

timestamp [Required]
-meta/v1.Time +meta/v1.Time

indicates the time at which the metrics were produced

@@ -92,7 +92,7 @@ non-calculated instantaneous metrics).

metadata [Required]
-meta/v1.ListMeta +meta/v1.ListMeta No description provided. diff --git a/genref/output/md/imagepolicy.v1alpha1.md b/genref/output/md/imagepolicy.v1alpha1.md index a4799222ea..34045181fa 100644 --- a/genref/output/md/imagepolicy.v1alpha1.md +++ b/genref/output/md/imagepolicy.v1alpha1.md @@ -28,7 +28,7 @@ auto_generated: true metadata
-meta/v1.ObjectMeta +meta/v1.ObjectMeta

Standard object's metadata. diff --git a/genref/output/md/kube-controller-manager-config.v1alpha1.md b/genref/output/md/kube-controller-manager-config.v1alpha1.md index b993e25039..9468e33452 100644 --- a/genref/output/md/kube-controller-manager-config.v1alpha1.md +++ b/genref/output/md/kube-controller-manager-config.v1alpha1.md @@ -21,6 +21,8 @@ auto_generated: true **Appears in:** +- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1-KubeSchedulerConfiguration) + - [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration) @@ -77,6 +79,8 @@ client.

**Appears in:** +- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1-KubeSchedulerConfiguration) + - [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration) @@ -111,6 +115,8 @@ enableProfiling is true.

**Appears in:** +- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1-KubeSchedulerConfiguration) + - [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration) diff --git a/genref/output/md/kube-proxy-config.v1alpha1.md b/genref/output/md/kube-proxy-config.v1alpha1.md index 40ca1eaff5..c4dd58c43d 100644 --- a/genref/output/md/kube-proxy-config.v1alpha1.md +++ b/genref/output/md/kube-proxy-config.v1alpha1.md @@ -1113,9 +1113,9 @@ Windows

ProxyMode represents modes used by the Kubernetes proxy server.

-

Currently, two modes of proxy are available on Linux platforms: 'iptables' and 'ipvs'. -One mode of proxy is available on Windows platforms: 'kernelspace'.

-

If the proxy mode is unspecified, the best-available proxy mode will be used (currently this +

Three modes of proxy are available on Linux platforms: iptables, ipvs, and +nftables. One mode of proxy is available on Windows platforms: kernelspace.

+

If the proxy mode is unspecified, a default proxy mode will be used (currently this is iptables on Linux and kernelspace on Windows). If the selected proxy mode cannot be used (due to lack of kernel support, missing userspace components, etc) then kube-proxy will exit with an error.

diff --git a/genref/output/md/kube-scheduler-config.v1.md b/genref/output/md/kube-scheduler-config.v1.md index db57085dae..5c582b837a 100644 --- a/genref/output/md/kube-scheduler-config.v1.md +++ b/genref/output/md/kube-scheduler-config.v1.md @@ -396,7 +396,7 @@ Defaults to false.

addedAffinity
-core/v1.NodeAffinity +core/v1.NodeAffinity

AddedAffinity is applied to all Pods additionally to the NodeAffinity @@ -495,7 +495,7 @@ The default strategy is LeastAllocated with an equal "cpu" and "m defaultConstraints
-[]core/v1.TopologySpreadConstraint +[]core/v1.TopologySpreadConstraint

DefaultConstraints defines topology spread constraints to be applied to @@ -552,16 +552,16 @@ If this value is nil, the default value (600) will be used.

Shape specifies the points defining the score function shape, which is -used to score nodes based on the utilization of statically provisioned -PVs. The utilization is calculated by dividing the total requested +used to score nodes based on the utilization of provisioned PVs. +The utilization is calculated by dividing the total requested storage of the pod by the total capacity of feasible PVs on each node. Each point contains utilization (ranges from 0 to 100) and its associated score (ranges from 0 to 10). You can turn the priority by specifying different scores for different utilization numbers. The default shape points are:

    -
  1. 0 for 0 utilization
    2. -
  2. 10 for 100 utilization +
  3. 10 for 0 utilization
    4. +
  4. 0 for 100 utilization All points must be sorted in increasing order by utilization.
diff --git a/genref/output/md/kubeadm-config.v1beta3.md b/genref/output/md/kubeadm-config.v1beta3.md index ed8bc42429..2605424d68 100644 --- a/genref/output/md/kubeadm-config.v1beta3.md +++ b/genref/output/md/kubeadm-config.v1beta3.md @@ -307,7 +307,7 @@ for, so other administrators can know its purpose.

expires
-meta/v1.Time +meta/v1.Time

expires specifies the timestamp when this token expires. Defaults to being set @@ -1038,7 +1038,7 @@ file from which to load cluster information.

pathType
-core/v1.HostPathType +core/v1.HostPathType

pathType is the type of the hostPath.

@@ -1262,7 +1262,7 @@ This information will be annotated to the Node API object, for later re-use.

taints [Required]
-[]core/v1.Taint +[]core/v1.Taint

taints specifies the taints the Node API object should be registered with. @@ -1294,7 +1294,7 @@ Value all ignores errors from all checks.

imagePullPolicy
-core/v1.PullPolicy +core/v1.PullPolicy

imagePullPolicy specifies the policy for image pulling during kubeadm "init" and diff --git a/genref/output/md/kubeadm-config.v1beta4.md b/genref/output/md/kubeadm-config.v1beta4.md index 6826b644e4..c93454245b 100644 --- a/genref/output/md/kubeadm-config.v1beta4.md +++ b/genref/output/md/kubeadm-config.v1beta4.md @@ -8,6 +8,12 @@ auto_generated: true

Package v1beta4 defines the v1beta4 version of the kubeadm configuration file format. This version improves on the v1beta3 format by fixing some minor issues and adding a few new fields.

A list of changes since v1beta3:

+

v1.33:

+ +

v1.31:

Basics

-

The preferred way to configure kubeadm is to pass an YAML configuration file with +

The preferred way to configure kubeadm is to pass a YAML configuration file with the --config option. Some of the configuration options defined in the kubeadm config file are also available as command line flags, but only the most common/simple use case are supported with this approach.

@@ -387,7 +393,7 @@ for, so other administrators can know its purpose.

expires
-meta/v1.Time +meta/v1.Time

expires specifies the timestamp when this token expires. Defaults to being set @@ -1237,7 +1243,7 @@ does not contain any other authentication information.

EnvVar [Required]
-core/v1.EnvVar +core/v1.EnvVar (Members of EnvVar are embedded into this type.) No description provided. @@ -1404,7 +1410,7 @@ file from which to load cluster information.

pathType
-core/v1.HostPathType +core/v1.HostPathType

pathType is the type of the hostPath.

@@ -1639,7 +1645,7 @@ This information will be annotated to the Node API object, for later re-use.

taints [Required]
-[]core/v1.Taint +[]core/v1.Taint

taints specifies the taints the Node API object should be registered with. @@ -1672,7 +1678,7 @@ Value 'all' ignores errors from all checks.

imagePullPolicy
-core/v1.PullPolicy +core/v1.PullPolicy

imagePullPolicy specifies the policy for image pulling during kubeadm init and @@ -1949,7 +1955,7 @@ NOTE: This field is currently ignored for kubeadm upgrade apply, bu imagePullPolicy
-core/v1.PullPolicy +core/v1.PullPolicy

imagePullPolicy specifies the policy for image pulling during kubeadm upgrade apply operations. @@ -2064,7 +2070,7 @@ The list of phases can be obtained with the kubeadm upgrade node phase --h imagePullPolicy
-core/v1.PullPolicy +core/v1.PullPolicy

imagePullPolicy specifies the policy for image pulling during kubeadm upgrade node operations. diff --git a/genref/output/md/kubelet-config.v1.md b/genref/output/md/kubelet-config.v1.md index 83dbc993f1..56de1c5146 100644 --- a/genref/output/md/kubelet-config.v1.md +++ b/genref/output/md/kubelet-config.v1.md @@ -37,7 +37,7 @@ each provider as specified by the CredentialProvider type.

Multiple providers may match against a single image, in which case credentials from all providers will be returned to the kubelet. If multiple providers are called for a single image, the results are combined. If providers return overlapping -auth keys, the value from the provider earlier in this list is used.

+auth keys, the value from the provider earlier in this list is attempted first.

@@ -66,7 +66,8 @@ invoked when an image being pulled matches the images handled by the plugin (see

name is the required name of the credential provider. It must match the name of the provider executable as seen by the kubelet. The executable must be in the kubelet's -bin directory (set by the --image-credential-provider-bin-dir flag).

+bin directory (set by the --image-credential-provider-bin-dir flag). +Required to be unique across all providers.

matchImages [Required]
@@ -134,6 +135,29 @@ are unioned with the host's environment, as well as variables client-go uses to pass argument to the plugin.

+tokenAttributes
+ServiceAccountTokenAttributes + + +

tokenAttributes is the configuration for the service account token that will be passed to the plugin. +The credential provider opts in to using service account tokens for image pull by setting this field. +When this field is set, kubelet will generate a service account token bound to the pod for which the +image is being pulled and pass to the plugin as part of CredentialProviderRequest along with other +attributes required by the plugin.

+

The service account metadata and token attributes will be used as a dimension to cache +the credentials in kubelet. The cache key is generated by combining the service account metadata +(namespace, name, UID, and annotations key+value for the keys defined in +serviceAccountTokenAttribute.requiredServiceAccountAnnotationKeys and serviceAccountTokenAttribute.optionalServiceAccountAnnotationKeys). +The pod metadata (namespace, name, UID) that are in the service account token are not used as a dimension +to cache the credentials in kubelet. This means workloads that are using the same service account +could end up using the same credentials for image pull. For plugins that don't want this behavior, or +plugins that operate in pass-through mode; i.e., they return the service account token as-is, they +can set the credentialProviderResponse.cacheDuration to 0. This will disable the caching of +credentials in kubelet and the plugin will be invoked for every image pull. This does result in +token generation overhead for every image pull, but it is the only way to ensure that the +credentials are not shared across pods (even if they are using the same service account).

+ + @@ -168,4 +192,69 @@ credential plugin.

+ +## `ServiceAccountTokenAttributes` {#kubelet-config-k8s-io-v1-ServiceAccountTokenAttributes} + + +**Appears in:** + +- [CredentialProvider](#kubelet-config-k8s-io-v1-CredentialProvider) + + +

ServiceAccountTokenAttributes is the configuration for the service account token that will be passed to the plugin.

+ + + + + + + + + + + + + + + + + + + + +
FieldDescription
serviceAccountTokenAudience [Required]
+string +		 +

serviceAccountTokenAudience is the intended audience for the projected service account token.

+
requireServiceAccount [Required]
+bool +		 +

requireServiceAccount indicates whether the plugin requires the pod to have a service account. +If set to true, kubelet will only invoke the plugin if the pod has a service account. +If set to false, kubelet will invoke the plugin even if the pod does not have a service account +and will not include a token in the CredentialProviderRequest in that scenario. This is useful for plugins that +are used to pull images for pods without service accounts (e.g., static pods).

+
requiredServiceAccountAnnotationKeys
+[]string +		 +

requiredServiceAccountAnnotationKeys is the list of annotation keys that the plugin is interested in +and that are required to be present in the service account. +The keys defined in this list will be extracted from the corresponding service account and passed +to the plugin as part of the CredentialProviderRequest. If any of the keys defined in this list +are not present in the service account, kubelet will not invoke the plugin and will return an error. +This field is optional and may be empty. Plugins may use this field to extract +additional information required to fetch credentials or allow workloads to opt in to +using service account tokens for image pull. +If non-empty, requireServiceAccount must be set to true.

+
optionalServiceAccountAnnotationKeys
+[]string +		 +

optionalServiceAccountAnnotationKeys is the list of annotation keys that the plugin is interested in +and that are optional to be present in the service account. +The keys defined in this list will be extracted from the corresponding service account and passed +to the plugin as part of the CredentialProviderRequest. The plugin is responsible for validating +the existence of annotations and their values. +This field is optional and may be empty. Plugins may use this field to extract +additional information required to fetch credentials.

+
\ No newline at end of file diff --git a/genref/output/md/kubelet-config.v1alpha1.md b/genref/output/md/kubelet-config.v1alpha1.md index 99602ebcee..12647cc323 100644 --- a/genref/output/md/kubelet-config.v1alpha1.md +++ b/genref/output/md/kubelet-config.v1alpha1.md @@ -10,6 +10,8 @@ auto_generated: true - [CredentialProviderConfig](#kubelet-config-k8s-io-v1alpha1-CredentialProviderConfig) +- [ImagePullIntent](#kubelet-config-k8s-io-v1alpha1-ImagePullIntent) +- [ImagePulledRecord](#kubelet-config-k8s-io-v1alpha1-ImagePulledRecord) ## `CredentialProviderConfig` {#kubelet-config-k8s-io-v1alpha1-CredentialProviderConfig} @@ -37,7 +39,87 @@ each provider as specified by the CredentialProvider type.

Multiple providers may match against a single image, in which case credentials from all providers will be returned to the kubelet. If multiple providers are called for a single image, the results are combined. If providers return overlapping -auth keys, the value from the provider earlier in this list is used.

+auth keys, the value from the provider earlier in this list is attempted first.

+ + + + + +## `ImagePullIntent` {#kubelet-config-k8s-io-v1alpha1-ImagePullIntent} + + + +

ImagePullIntent is a record of the kubelet attempting to pull an image.

+ + + + + + + + + + + + + + +
FieldDescription
apiVersion
string		kubelet.config.k8s.io/v1alpha1
kind
string		ImagePullIntent
image [Required]
+string +		 +

Image is the image spec from a Container's image field. +The filename is a SHA-256 hash of this value. This is to avoid filename-unsafe +characters like ':' and '/'.

+
+ +## `ImagePulledRecord` {#kubelet-config-k8s-io-v1alpha1-ImagePulledRecord} + + + +

ImagePullRecord is a record of an image that was pulled by the kubelet.

+

If there are no records in the kubernetesSecrets field and both nodeWideCredentials +and anonymous are false, credentials must be re-checked the next time an +image represented by this record is being requested.

+ + + + + + + + + + + + + + + + + + @@ -66,7 +148,8 @@ invoked when an image being pulled matches the images handled by the plugin (see
FieldDescription
apiVersion
string		kubelet.config.k8s.io/v1alpha1
kind
string		ImagePulledRecord
lastUpdatedTime [Required]
+meta/v1.Time +		 +

LastUpdatedTime is the time of the last update to this record

+
imageRef [Required]
+string +		 +

ImageRef is a reference to the image represented by this file as received +from the CRI. +The filename is a SHA-256 hash of this value. This is to avoid filename-unsafe +characters like ':' and '/'.

+
credentialMapping [Required]
+map[string]ImagePullCredentials +		 +

CredentialMapping maps image to the set of credentials that it was +previously pulled with. +image in this case is the content of a pod's container image field that's +got its tag/digest removed.

+

Example: +Container requests the hello-world:latest@sha256:91fb4b041da273d5a3273b6d587d62d518300a6ad268b28628f74997b93171b2 image: +"credentialMapping": { +"hello-world": { "nodePodsAccessible": true } +}

name is the required name of the credential provider. It must match the name of the provider executable as seen by the kubelet. The executable must be in the kubelet's -bin directory (set by the --image-credential-provider-bin-dir flag).

+bin directory (set by the --image-credential-provider-bin-dir flag). +Required to be unique across all providers.
matchImages [Required]
@@ -168,4 +251,86 @@ credential plugin.
+ +## `ImagePullCredentials` {#kubelet-config-k8s-io-v1alpha1-ImagePullCredentials} + + +**Appears in:** + +- [ImagePulledRecord](#kubelet-config-k8s-io-v1alpha1-ImagePulledRecord) + + +

ImagePullCredentials describe credentials that can be used to pull an image.

+ + + + + + + + + + + + + + +
FieldDescription
kubernetesSecrets
+[]ImagePullSecret +		 +

KuberneteSecretCoordinates is an index of coordinates of all the kubernetes +secrets that were used to pull the image.

+
nodePodsAccessible
+bool +		 +

NodePodsAccessible is a flag denoting the pull credentials are accessible +by all the pods on the node, or that no credentials are needed for the pull.

+

If true, it is mutually exclusive with the kubernetesSecrets field.

+
+ +## `ImagePullSecret` {#kubelet-config-k8s-io-v1alpha1-ImagePullSecret} + + +**Appears in:** + +- [ImagePullCredentials](#kubelet-config-k8s-io-v1alpha1-ImagePullCredentials) + + +

ImagePullSecret is a representation of a Kubernetes secret object coordinates along +with a credential hash of the pull secret credentials this object contains.

+ + + + + + + + + + + + + + + + + + + + +
FieldDescription
uid [Required]
+string +		 + No description provided.
namespace [Required]
+string +		 + No description provided.
name [Required]
+string +		 + No description provided.
credentialHash [Required]
+string +		 +

CredentialHash is a SHA-256 retrieved by hashing the image pull credentials +content of the secret specified by the UID/Namespace/Name coordinates.

+
\ No newline at end of file diff --git a/genref/output/md/kubelet-config.v1beta1.md b/genref/output/md/kubelet-config.v1beta1.md index 34fdcbbf91..c0366d3bb9 100644 --- a/genref/output/md/kubelet-config.v1beta1.md +++ b/genref/output/md/kubelet-config.v1beta1.md @@ -373,7 +373,7 @@ each provider as specified by the CredentialProvider type.

Multiple providers may match against a single image, in which case credentials from all providers will be returned to the kubelet. If multiple providers are called for a single image, the results are combined. If providers return overlapping -auth keys, the value from the provider earlier in this list is used.

+auth keys, the value from the provider earlier in this list is attempted first.

@@ -600,6 +600,49 @@ Only used if registryPullQPS is greater than 0. Default: 10

+imagePullCredentialsVerificationPolicy
+ImagePullCredentialsVerificationPolicy + + +

imagePullCredentialsVerificationPolicy determines how credentials should be +verified when pod requests an image that is already present on the node:

+
    +
  • NeverVerify +
      +
    • anyone on a node can use any image present on the node
      • +
    +
    • +
  • NeverVerifyPreloadedImages +
      +
    • images that were pulled to the node by something else than the kubelet +can be used without reverifying pull credentials
      • +
    +
    • +
  • NeverVerifyAllowlistedImages +
      +
    • like "NeverVerifyPreloadedImages" but only node images from +preloadedImagesVerificationAllowlist don't require reverification
      • +
    +
    • +
  • AlwaysVerify +
      +
    • all images require credential reverification
      • +
    +
    • +
+ + +preloadedImagesVerificationAllowlist
+[]string + + +

preloadedImagesVerificationAllowlist specifies a list of images that are +exempted from credential reverification for the "NeverVerifyAllowlistedImages" +imagePullCredentialsVerificationPolicy. +The list accepts a full path segment wildcard suffix "/*". +Only use image specs without an image tag or digest.

+ + eventRecordQPS
int32 @@ -836,7 +879,6 @@ Default: "cgroupfs"

cpuManagerPolicy is the name of the policy to use. -Requires the CPUManager feature gate to be enabled. Default: "None"

@@ -859,7 +901,6 @@ On cgroup v2 linux, null / absent, true and false are allowed. The default value

cpuManagerPolicyOptions is a set of key=value which allows to set extra options to fine tune the behaviour of the cpu manager policies. -Requires both the "CPUManager" and "CPUManagerPolicyOptions" feature gates to be enabled. Default: nil

@@ -868,7 +909,6 @@ Default: nil

cpuManagerReconcilePeriod is the reconciliation period for the CPU Manager. -Requires the CPUManager feature gate to be enabled. Default: "10s"

@@ -1128,6 +1168,7 @@ Default: nil

evictionPressureTransitionPeriod is the duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. +A duration of 0s will be converted to the default value of 5m Default: "5m"

@@ -1152,6 +1193,20 @@ For example: {"imagefs.available": "2Gi"}. Default: nil

+mergeDefaultEvictionSettings
+bool + + +

mergeDefaultEvictionSettings indicates that defaults for the evictionHard, evictionSoft, evictionSoftGracePeriod, and evictionMinimumReclaim +fields should be merged into values specified for those fields in this configuration. +Signals specified in this configuration take precedence. +Signals not specified in this configuration inherit their defaults. +If false, and if any signal is specified in this configuration then other signals that +are not specified in this configuration will be set to 0. +It applies to merging the fields for which the default exists, and currently only evictionHard has default values. +Default: false

+ + podsPerCore
int32 @@ -1439,6 +1494,8 @@ Default: true

enableSystemLogQuery enables the node log query feature on the /logs endpoint. EnableSystemLogHandler has to be enabled in addition for this feature to work. +Enabling this feature has security implications. The recommendation is to enable it on a need basis for debugging +purposes and disabling otherwise. Default: false

@@ -1567,7 +1624,7 @@ Default: 0.9

registerWithTaints
-[]core/v1.Taint +[]core/v1.Taint

registerWithTaints are an array of taints to add to a node object when @@ -1637,6 +1694,13 @@ option is explicitly enabled. Default: false

+userNamespaces
+UserNamespaces + + +

UserNamespaces contains User Namespace configurations.

+ + @@ -1658,7 +1722,7 @@ It exists in the kubeletconfig API group because it is classified as a versioned source
-core/v1.NodeConfigSource +core/v1.NodeConfigSource

source is the source that we are serializing.

@@ -1716,7 +1780,8 @@ invoked when an image being pulled matches the images handled by the plugin (see

name is the required name of the credential provider. It must match the name of the provider executable as seen by the kubelet. The executable must be in the kubelet's -bin directory (set by the --image-credential-provider-bin-dir flag).

+bin directory (set by the --image-credential-provider-bin-dir flag). +Required to be unique across all providers.

matchImages [Required]
@@ -1819,6 +1884,21 @@ credential plugin.

+## `ImagePullCredentialsVerificationPolicy` {#kubelet-config-k8s-io-v1beta1-ImagePullCredentialsVerificationPolicy} + +(Alias of `string`) + +**Appears in:** + +- [KubeletConfiguration](#kubelet-config-k8s-io-v1beta1-KubeletConfiguration) + + +

ImagePullCredentialsVerificationPolicy is an enum for the policy that is enforced +when pod is requesting an image that appears on the system

+ + + + ## `KubeletAnonymousAuthentication` {#kubelet-config-k8s-io-v1beta1-KubeletAnonymousAuthentication} @@ -2045,7 +2125,7 @@ and groups corresponding to the Organization in the client certificate.

No description provided. limits [Required]
-core/v1.ResourceList +core/v1.ResourceList No description provided. @@ -2126,4 +2206,34 @@ managers (secret, configmap) are discovering object changes.

+ +## `UserNamespaces` {#kubelet-config-k8s-io-v1beta1-UserNamespaces} + + +**Appears in:** + +- [KubeletConfiguration](#kubelet-config-k8s-io-v1beta1-KubeletConfiguration) + + +

UserNamespaces contains User Namespace configurations.

+ + + + + + + + + + + +
FieldDescription
idsPerPod
+int64 +		 +

IDsPerPod is the mapping length of UIDs and GIDs. +The length must be a multiple of 65536, and must be less than 1<<32. +On non-linux such as windows, only null / absent is allowed.

+

Changing the value may require recreating all containers on the node.

+

Default: 65536

+
\ No newline at end of file diff --git a/genref/output/md/kubelet-credentialprovider.v1.md b/genref/output/md/kubelet-credentialprovider.v1.md index 8575b92303..b1e4cd7e51 100644 --- a/genref/output/md/kubelet-credentialprovider.v1.md +++ b/genref/output/md/kubelet-credentialprovider.v1.md @@ -39,6 +39,26 @@ credential provider plugin request. Plugins may optionally parse the image to extract any information required to fetch credentials.

+serviceAccountToken [Required]
+string + + +

serviceAccountToken is the service account token bound to the pod for which +the image is being pulled. This token is only sent to the plugin if the +tokenAttributes.serviceAccountTokenAudience field is configured in the kubelet's credential +provider configuration.

+ + +serviceAccountAnnotations [Required]
+map[string]string + + +

serviceAccountAnnotations is a map of annotations on the service account bound to the +pod for which the image is being pulled. The list of annotations in the service account +that need to be passed to the plugin is configured in the kubelet's credential provider +configuration.

+ + diff --git a/genref/output/md/kubelet-stats.v1alpha1.md b/genref/output/md/kubelet-stats.v1alpha1.md index ab2ac680c7..ce13c4040e 100644 --- a/genref/output/md/kubelet-stats.v1alpha1.md +++ b/genref/output/md/kubelet-stats.v1alpha1.md @@ -93,7 +93,7 @@ the accelerator was actively processing.

time [Required]
-meta/v1.Time +meta/v1.Time

The time at which these stats were updated.

@@ -114,6 +114,13 @@ The "core" unit can be interpreted as CPU core-nanoseconds per second.

Cumulative CPU usage (sum of all cores) since object creation.

+psi
+PSIStats + + +

CPU PSI stats.

+ + @@ -143,7 +150,7 @@ The "core" unit can be interpreted as CPU core-nanoseconds per second. startTime [Required]
-meta/v1.Time +meta/v1.Time

The time at which data collection for this container was (re)started.

@@ -163,6 +170,13 @@ The "core" unit can be interpreted as CPU core-nanoseconds per second.

Stats pertaining to memory (RAM) resources.

+io
+IOStats + + +

Stats pertaining to IO resources.

+ + accelerators [Required]
[]AcceleratorStats @@ -228,7 +242,7 @@ Logs.UsedBytes is the number of bytes used for the container logs.

time [Required]
-meta/v1.Time +meta/v1.Time

The time at which these stats were updated.

@@ -283,6 +297,43 @@ e.g. For ContainerStats.Rootfs, this is the inodes used only by that container, +## `IOStats` {#IOStats} + + +**Appears in:** + +- [ContainerStats](#ContainerStats) + +- [NodeStats](#NodeStats) + +- [PodStats](#PodStats) + + +

IOStats contains data about IO usage.

+ + + + + + + + + + + + + + +
FieldDescription
time [Required]
+meta/v1.Time +		 +

The time at which these stats were updated.

+
psi
+PSIStats +		 +

IO PSI stats.

+
+ ## `InterfaceStats` {#InterfaceStats} @@ -358,7 +409,7 @@ e.g. For ContainerStats.Rootfs, this is the inodes used only by that container, time [Required]
-meta/v1.Time +meta/v1.Time

The time at which these stats were updated.

@@ -409,6 +460,13 @@ hugepages).

Cumulative number of major page faults.

+psi
+PSIStats + + +

Memory PSI stats.

+ + @@ -431,7 +489,7 @@ hugepages).

time [Required]
-meta/v1.Time +meta/v1.Time

The time at which these stats were updated.

@@ -485,7 +543,7 @@ The system containers are named according to the SystemContainer* constants.

startTime [Required]
-meta/v1.Time +meta/v1.Time

The time at which data collection for the node-scoped (i.e. aggregate) stats was (re)started.

@@ -505,6 +563,13 @@ The system containers are named according to the SystemContainer* constants.

Stats pertaining to memory (RAM) resources.

+io
+IOStats + + +

Stats pertaining to IO resources.

+ + network
NetworkStats @@ -544,6 +609,91 @@ NodeFs.Used is the total bytes used on the filesystem.

+## `PSIData` {#PSIData} + + +**Appears in:** + +- [PSIStats](#PSIStats) + + +

PSI data for an individual resource.

+ + + + + + + + + + + + + + + + + + + + +
FieldDescription
total [Required]
+uint64 +		 +

Total time duration for tasks in the cgroup have waited due to congestion. +Unit: nanoseconds.

+
avg10 [Required]
+float64 +		 +

The average (in %) tasks have waited due to congestion over a 10 second window.

+
avg60 [Required]
+float64 +		 +

The average (in %) tasks have waited due to congestion over a 60 second window.

+
avg300 [Required]
+float64 +		 +

The average (in %) tasks have waited due to congestion over a 300 second window.

+
+ +## `PSIStats` {#PSIStats} + + +**Appears in:** + +- [CPUStats](#CPUStats) + +- [IOStats](#IOStats) + +- [MemoryStats](#MemoryStats) + + +

PSI statistics for an individual resource.

+ + + + + + + + + + + + + + +
FieldDescription
full [Required]
+PSIData +		 +

PSI data for all tasks in the cgroup.

+
some [Required]
+PSIData +		 +

PSI data for some tasks in the cgroup.

+
+ ## `PVCReference` {#PVCReference} @@ -636,7 +786,7 @@ NodeFs.Used is the total bytes used on the filesystem.

startTime [Required]
-meta/v1.Time +meta/v1.Time

The time at which data collection for the pod-scoped (e.g. network) stats was (re)started.

@@ -663,6 +813,13 @@ NodeFs.Used is the total bytes used on the filesystem.

Stats pertaining to memory (RAM) resources consumed by pod cgroup (which includes all containers' resource usage and pod overhead).

+io
+IOStats + + +

Stats pertaining to IO resources consumed by pod cgroup (which includes all containers' resource usage and pod overhead).

+ + network
NetworkStats @@ -745,7 +902,7 @@ VolumeStats.UsedBytes is the number of bytes used by the Volume

time [Required]
-meta/v1.Time +meta/v1.Time No description provided. @@ -827,7 +984,7 @@ Usage here refers to the total number of bytes occupied by the writeable layer o time [Required]
-meta/v1.Time +meta/v1.Time

The time at which these stats were updated.

@@ -874,7 +1031,7 @@ If swap limit is undefined, this value is omitted.

No description provided. time [Required]
-meta/v1.Time +meta/v1.Time

The time at which these stats were updated.

diff --git a/genref/output/md/metrics.v1beta1.md b/genref/output/md/metrics.v1beta1.md index 3b37172834..58bd7c0f0f 100644 --- a/genref/output/md/metrics.v1beta1.md +++ b/genref/output/md/metrics.v1beta1.md @@ -36,7 +36,7 @@ auto_generated: true metadata
-meta/v1.ObjectMeta +meta/v1.ObjectMeta

Standard object's metadata. @@ -44,7 +44,7 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- Refer to the Kubernetes API documentation for the fields of the metadata field. timestamp [Required]
-meta/v1.Time +meta/v1.Time

The following fields define time interval from which metrics were @@ -58,7 +58,7 @@ collected from the interval [Timestamp-Window, Timestamp].

No description provided. usage [Required]
-core/v1.ResourceList +core/v1.ResourceList

The memory usage is the memory working set.

@@ -83,7 +83,7 @@ collected from the interval [Timestamp-Window, Timestamp].

metadata [Required]
-meta/v1.ListMeta +meta/v1.ListMeta

Standard list metadata. @@ -120,7 +120,7 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- metadata
-meta/v1.ObjectMeta +meta/v1.ObjectMeta

Standard object's metadata. @@ -128,7 +128,7 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- Refer to the Kubernetes API documentation for the fields of the metadata field. timestamp [Required]
-meta/v1.Time +meta/v1.Time

The following fields define time interval from which metrics were @@ -167,7 +167,7 @@ collected from the interval [Timestamp-Window, Timestamp].

metadata [Required]
-meta/v1.ListMeta +meta/v1.ListMeta

Standard list metadata. @@ -208,7 +208,7 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- usage [Required]
-core/v1.ResourceList +core/v1.ResourceList

The memory usage is the memory working set.