Adding new schemas

yannh · May 31, 2024 · 794752b · 794752b
1 parent 6a7aa46
commit 794752b
Show file tree

Hide file tree

Showing 160 changed files with 3,688 additions and 132 deletions.
diff --git a/master-local/_definitions.json b/master-local/_definitions.json
@@ -6690,6 +6690,10 @@
           "$ref": "#/definitions/io.k8s.api.core.v1.ContainerState",
           "description": "State holds details about the container's current condition."
         },
+        "user": {
+          "$ref": "#/definitions/io.k8s.api.core.v1.ContainerUser",
+          "description": "User represents user identity information initially attached to the first process of the container"
+        },
         "volumeMounts": {
           "description": "Status of volume mounts.",
           "items": {
@@ -6713,6 +6717,16 @@
       ],
       "type": "object"
     },
+    "io.k8s.api.core.v1.ContainerUser": {
+      "description": "ContainerUser represents user identity information",
+      "properties": {
+        "linux": {
+          "$ref": "#/definitions/io.k8s.api.core.v1.LinuxContainerUser",
+          "description": "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so."
+        }
+      },
+      "type": "object"
+    },
     "io.k8s.api.core.v1.DaemonEndpoint": {
       "description": "DaemonEndpoint contains information about a single Daemon endpoint.",
       "properties": {
@@ -7998,6 +8012,35 @@
       ],
       "type": "object"
     },
+    "io.k8s.api.core.v1.LinuxContainerUser": {
+      "description": "LinuxContainerUser represents user identity information in Linux containers",
+      "properties": {
+        "gid": {
+          "description": "GID is the primary gid initially attached to the first process in the container",
+          "format": "int64",
+          "type": "integer"
+        },
+        "supplementalGroups": {
+          "description": "SupplementalGroups are the supplemental groups initially attached to the first process in the container",
+          "items": {
+            "format": "int64",
+            "type": "integer"
+          },
+          "type": "array",
+          "x-kubernetes-list-type": "atomic"
+        },
+        "uid": {
+          "description": "UID is the primary uid initially attached to the first process in the container",
+          "format": "int64",
+          "type": "integer"
+        }
+      },
+      "required": [
+        "uid",
+        "gid"
+      ],
+      "type": "object"
+    },
     "io.k8s.api.core.v1.LoadBalancerIngress": {
       "description": "LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.",
       "properties": {
@@ -9632,14 +9675,18 @@
           "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows."
         },
         "supplementalGroups": {
-          "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.",
+          "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified).  If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.",
           "items": {
             "format": "int64",
             "type": "integer"
           },
           "type": "array",
           "x-kubernetes-list-type": "atomic"
         },
+        "supplementalGroupsPolicy": {
+          "description": "Defines how supplemental groups of the first container processes are calculated. Valid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.",
+          "type": "string"
+        },
         "sysctls": {
           "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.",
           "items": {
@@ -9782,7 +9829,7 @@
         },
         "os": {
           "$ref": "#/definitions/io.k8s.api.core.v1.PodOS",
-          "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
+          "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
         },
         "overhead": {
           "additionalProperties": {

diff --git a/master-local/all.json b/master-local/all.json
@@ -660,6 +660,9 @@
     {
       "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.ContainerStatus"
     },
+    {
+      "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.ContainerUser"
+    },
     {
       "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.DaemonEndpoint"
     },
@@ -789,6 +792,9 @@
     {
       "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.LimitRangeSpec"
     },
+    {
+      "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.LinuxContainerUser"
+    },
     {
       "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.LoadBalancerIngress"
     },

diff --git a/master-local/containerstatus-v1.json b/master-local/containerstatus-v1.json
@@ -73,6 +73,10 @@
       "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.ContainerState",
       "description": "State holds details about the container's current condition."
     },
+    "user": {
+      "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.ContainerUser",
+      "description": "User represents user identity information initially attached to the first process of the container"
+    },
     "volumeMounts": {
       "description": "Status of volume mounts.",
       "items": {

diff --git a/master-local/containerstatus.json b/master-local/containerstatus.json
@@ -73,6 +73,10 @@
       "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.ContainerState",
       "description": "State holds details about the container's current condition."
     },
+    "user": {
+      "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.ContainerUser",
+      "description": "User represents user identity information initially attached to the first process of the container"
+    },
     "volumeMounts": {
       "description": "Status of volume mounts.",
       "items": {

diff --git a/master-local/containeruser-v1.json b/master-local/containeruser-v1.json
@@ -0,0 +1,11 @@
+{
+  "description": "ContainerUser represents user identity information",
+  "properties": {
+    "linux": {
+      "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.LinuxContainerUser",
+      "description": "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so."
+    }
+  },
+  "type": "object",
+  "$schema": "http://json-schema.org/schema#"
+}
diff --git a/master-local/containeruser.json b/master-local/containeruser.json
@@ -0,0 +1,11 @@
+{
+  "description": "ContainerUser represents user identity information",
+  "properties": {
+    "linux": {
+      "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.LinuxContainerUser",
+      "description": "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so."
+    }
+  },
+  "type": "object",
+  "$schema": "http://json-schema.org/schema#"
+}
diff --git a/master-local/linuxcontaineruser-v1.json b/master-local/linuxcontaineruser-v1.json
@@ -0,0 +1,42 @@
+{
+  "description": "LinuxContainerUser represents user identity information in Linux containers",
+  "properties": {
+    "gid": {
+      "description": "GID is the primary gid initially attached to the first process in the container",
+      "format": "int64",
+      "type": [
+        "integer",
+        "null"
+      ]
+    },
+    "supplementalGroups": {
+      "description": "SupplementalGroups are the supplemental groups initially attached to the first process in the container",
+      "items": {
+        "format": "int64",
+        "type": [
+          "integer",
+          "null"
+        ]
+      },
+      "type": [
+        "array",
+        "null"
+      ],
+      "x-kubernetes-list-type": "atomic"
+    },
+    "uid": {
+      "description": "UID is the primary uid initially attached to the first process in the container",
+      "format": "int64",
+      "type": [
+        "integer",
+        "null"
+      ]
+    }
+  },
+  "required": [
+    "uid",
+    "gid"
+  ],
+  "type": "object",
+  "$schema": "http://json-schema.org/schema#"
+}
diff --git a/master-local/linuxcontaineruser.json b/master-local/linuxcontaineruser.json
@@ -0,0 +1,42 @@
+{
+  "description": "LinuxContainerUser represents user identity information in Linux containers",
+  "properties": {
+    "gid": {
+      "description": "GID is the primary gid initially attached to the first process in the container",
+      "format": "int64",
+      "type": [
+        "integer",
+        "null"
+      ]
+    },
+    "supplementalGroups": {
+      "description": "SupplementalGroups are the supplemental groups initially attached to the first process in the container",
+      "items": {
+        "format": "int64",
+        "type": [
+          "integer",
+          "null"
+        ]
+      },
+      "type": [
+        "array",
+        "null"
+      ],
+      "x-kubernetes-list-type": "atomic"
+    },
+    "uid": {
+      "description": "UID is the primary uid initially attached to the first process in the container",
+      "format": "int64",
+      "type": [
+        "integer",
+        "null"
+      ]
+    }
+  },
+  "required": [
+    "uid",
+    "gid"
+  ],
+  "type": "object",
+  "$schema": "http://json-schema.org/schema#"
+}
diff --git a/master-local/podsecuritycontext-v1.json b/master-local/podsecuritycontext-v1.json
@@ -52,7 +52,7 @@
       "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows."
     },
     "supplementalGroups": {
-      "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.",
+      "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified).  If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.",
       "items": {
         "format": "int64",
         "type": [
@@ -66,6 +66,13 @@
       ],
       "x-kubernetes-list-type": "atomic"
     },
+    "supplementalGroupsPolicy": {
+      "description": "Defines how supplemental groups of the first container processes are calculated. Valid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.",
+      "type": [
+        "string",
+        "null"
+      ]
+    },
     "sysctls": {
       "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.",
       "items": {

diff --git a/master-local/podsecuritycontext.json b/master-local/podsecuritycontext.json
@@ -52,7 +52,7 @@
       "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows."
     },
     "supplementalGroups": {
-      "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.",
+      "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified).  If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.",
       "items": {
         "format": "int64",
         "type": [
@@ -66,6 +66,13 @@
       ],
       "x-kubernetes-list-type": "atomic"
     },
+    "supplementalGroupsPolicy": {
+      "description": "Defines how supplemental groups of the first container processes are calculated. Valid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.",
+      "type": [
+        "string",
+        "null"
+      ]
+    },
     "sysctls": {
       "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.",
       "items": {

diff --git a/master-local/podspec-v1.json b/master-local/podspec-v1.json
@@ -176,7 +176,7 @@
     },
     "os": {
       "$ref": "_definitions.json#/definitions/io.k8s.api.core.v1.PodOS",
-      "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
+      "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
     },
     "overhead": {
       "additionalProperties": {