diff --git a/glide.lock b/glide.lock index a8ccf620ade..80b9068c8c2 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: a29f2b5f7c3f859a271de51fbe7a4d5db1fb18b1246e854ccb1899e566331d80 -updated: 2019-05-14T12:30:40.800373111+02:00 +hash: e0938148d5f73e0843413a4b5978fc1e04e0684ede60bd7792316ab09dfd3ac1 +updated: 2019-06-13T15:44:18.894535901+02:00 imports: - name: github.com/davecgh/go-spew version: 782f4967f2dc4564575ca782fe2d04090b5faca8 @@ -125,6 +125,10 @@ imports: version: 51747d6e00da1fc578d5a333a93bb2abcbce7a95 - name: k8s.io/klog version: 8e90cee79f823779174776412c13478955131846 +- name: k8s.io/kubelet + version: f6da02f583256d1a15cc44a101c80bfa2080a46f + subpackages: + - config/v1beta1 - name: sigs.k8s.io/yaml version: fd68e9863619f6ec2fdd8625fe1f02e7c877e480 testImports: [] diff --git a/glide.yaml b/glide.yaml index dbc004e3b52..c745a0a72d2 100644 --- a/glide.yaml +++ b/glide.yaml @@ -13,6 +13,8 @@ import: version: kubernetes-1.14.0 - package: k8s.io/api version: kubernetes-1.14.0 +- package: k8s.io/kubelet + version: kubernetes-1.14.0 # required for generator. this is the level origin uses - package: gonum.org/v1/gonum diff --git a/hack/update-deepcopy.sh b/hack/update-deepcopy.sh index b9a2a21ba34..b978c3b332f 100755 --- a/hack/update-deepcopy.sh +++ b/hack/update-deepcopy.sh @@ -10,7 +10,7 @@ verify="${VERIFY:-}" ${CODEGEN_PKG}/generate-groups.sh "deepcopy" \ github.com/openshift/api/generated \ github.com/openshift/api \ - "apps:v1 authorization:v1 build:v1 config:v1 console:v1 image:v1,docker10,dockerpre012 kubecontrolplane:v1 legacyconfig:v1 network:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 osin:v1 project:v1 quota:v1 route:v1 security:v1 servicecertsigner:v1alpha1 template:v1 user:v1 webconsole:v1" \ + "apps:v1 authorization:v1 build:v1 config:v1 console:v1 image:v1,docker10,dockerpre012 kubecontrolplane:v1 legacyconfig:v1 machineconfiguration:v1 network:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 osin:v1 project:v1 quota:v1 route:v1 security:v1 servicecertsigner:v1alpha1 template:v1 user:v1 webconsole:v1" \ --go-header-file ${SCRIPT_ROOT}/hack/empty.txt \ ${verify} diff --git a/install.go b/install.go index 3fc1729a821..84795ccfd65 100644 --- a/install.go +++ b/install.go @@ -39,6 +39,7 @@ import ( "github.com/openshift/api/config" "github.com/openshift/api/image" "github.com/openshift/api/kubecontrolplane" + "github.com/openshift/api/machineconfiguration" "github.com/openshift/api/network" "github.com/openshift/api/oauth" "github.com/openshift/api/openshiftcontrolplane" @@ -65,6 +66,7 @@ var ( config.Install, image.Install, kubecontrolplane.Install, + machineconfiguration.Install, network.Install, oauth.Install, openshiftcontrolplane.Install, diff --git a/machineconfiguration/OWNERS b/machineconfiguration/OWNERS new file mode 100644 index 00000000000..03a8f370b49 --- /dev/null +++ b/machineconfiguration/OWNERS @@ -0,0 +1,7 @@ +reviewers: + - cgwalters + - ericavonb + - kikisdeliveryservice + - LorbusChris + - runcom + - sinnykumari diff --git a/machineconfiguration/install.go b/machineconfiguration/install.go new file mode 100644 index 00000000000..1be805eb263 --- /dev/null +++ b/machineconfiguration/install.go @@ -0,0 +1,25 @@ +package machineconfiguration + +import ( + machineconfigurationv1 "github.com/openshift/api/machineconfiguration/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const ( + GroupName = "machineconfiguration.openshift.io" +) + +var ( + schemeBuilder = runtime.NewSchemeBuilder(machineconfigurationv1.Install) + // Install is a function which adds every version of this group to a scheme + Install = schemeBuilder.AddToScheme +) + +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func Kind(kind string) schema.GroupKind { + return schema.GroupKind{Group: GroupName, Kind: kind} +} diff --git a/machineconfiguration/v1/doc.go b/machineconfiguration/v1/doc.go new file mode 100644 index 00000000000..66df27a4111 --- /dev/null +++ b/machineconfiguration/v1/doc.go @@ -0,0 +1,5 @@ +// Package v1 is the v1 version of the API. +// +k8s:deepcopy-gen=package +// +k8s:defaulter-gen=TypeMeta +// +groupName=machineconfiguration.openshift.io +package v1 diff --git a/machineconfiguration/v1/register.go b/machineconfiguration/v1/register.go new file mode 100644 index 00000000000..afcb516a791 --- /dev/null +++ b/machineconfiguration/v1/register.go @@ -0,0 +1,32 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "machineconfiguration.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme +) + +// addKnownTypes adds types to API group +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, + &ContainerRuntimeConfig{}, + &ContainerRuntimeConfigList{}, + &ControllerConfig{}, + &ControllerConfigList{}, + &KubeletConfig{}, + &KubeletConfigList{}, + &MachineConfigPool{}, + &MachineConfigPoolList{}, + ) + + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/machineconfiguration/v1/types.go b/machineconfiguration/v1/types.go new file mode 100644 index 00000000000..eb16a56de07 --- /dev/null +++ b/machineconfiguration/v1/types.go @@ -0,0 +1,418 @@ +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ControllerConfig describes configuration for MachineConfigController. +// This is currently only used to drive the MachineConfig objects generated by the TemplateController. +type ControllerConfig struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +required + Spec ControllerConfigSpec `json:"spec"` + // +optional + Status ControllerConfigStatus `json:"status"` +} + +// ControllerConfigSpec is the spec for ControllerConfig resource. +type ControllerConfigSpec struct { + // clusterDNSIP is the cluster DNS IP address + ClusterDNSIP string `json:"clusterDNSIP"` + + // cloudProviderConfig is the configuration for the given cloud provider + CloudProviderConfig string `json:"cloudProviderConfig"` + + // TODO: Use PlatformType instead of string + + // platform specifies the OpenShift platform, e.g. "libvirt", "openstack", "baremetal", "aws", or "none" + Platform string `json:"platform"` + + // etcdDiscoveryDomain specifies the etcd discovery domain + EtcdDiscoveryDomain string `json:"etcdDiscoveryDomain"` + + // TODO: Use string for CA data + + // etcdCAData specifies the etcd CA data + EtcdCAData []byte `json:"etcdCAData"` + + // etcdMetricData specifies the etcd metric CA data + EtcdMetricCAData []byte `json:"etcdMetricCAData"` + + // rootCAData specifies the root CA data + RootCAData []byte `json:"rootCAData"` + + // TODO: Investigate using a ConfigMapNameReference for the PullSecret and OSImageURL + + // pullSecret is the default pull secret that needs to be installed + // on all machines. + PullSecret *corev1.ObjectReference `json:"pullSecret,omitempty"` + + // images is the map of images that are used by the controller, + // i.e. images for etcd Environment Setup, etcd, Kube Client Agent, and Infra containers. + Images map[string]string `json:"images"` + + // osImageURL is the location of the container image that contains the OS update payload. + // Its value is taken from the data.osImageURL field on the machine-config-osimageurl ConfigMap. + OSImageURL string `json:"osImageURL"` +} + +// ControllerConfigStatus is the status for ControllerConfig +type ControllerConfigStatus struct { + // observedGeneration represents the generation observed by the controller. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // conditions represents the latest available observations of current state. + // +optional + Conditions []ControllerConfigStatusCondition `json:"conditions"` +} + +// ControllerConfigStatusCondition contains condition information for ControllerConfigStatus +type ControllerConfigStatusCondition struct { + // type specifies the state of the operator's reconciliation functionality. + Type ControllerConfigStatusConditionType `json:"type"` + + // status of the condition, one of True, False, Unknown. + Status corev1.ConditionStatus `json:"status"` + + // lastTransitionTime is the time of the last update to the current status object. + // +nullable + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + + // reason is the reason for the condition's last transition. Reasons are CamelCase + Reason string `json:"reason,omitempty"` + + // message provides additional information about the current condition. + // This is only to be consumed by humans. + Message string `json:"message,omitempty"` +} + +// ControllerConfigStatusConditionType valid conditions of a ControllerConfigStatus +type ControllerConfigStatusConditionType string + +const ( + // TemplateControllerRunning means the template controller is currently running. + TemplateControllerRunning ControllerConfigStatusConditionType = "TemplateControllerRunning" + + // TemplateControllerCompleted means the template controller has completed reconciliation. + TemplateControllerCompleted ControllerConfigStatusConditionType = "TemplateControllerCompleted" + + // TemplateControllerFailing means the template controller is failing. + TemplateControllerFailing ControllerConfigStatusConditionType = "TemplateControllerFailing" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ControllerConfigList is a list of ControllerConfig resources +type ControllerConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ControllerConfig `json:"items"` +} + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// MachineConfigPool describes a pool of MachineConfigs. +type MachineConfigPool struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +required + Spec MachineConfigPoolSpec `json:"spec"` + // +optional + Status MachineConfigPoolStatus `json:"status"` +} + +// MachineConfigPoolSpec is the spec for MachineConfigPool resource. +type MachineConfigPoolSpec struct { + // machineConfigSelector specifies a label selector for MachineConfigs. + // Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ on how label and selectors work. + MachineConfigSelector *metav1.LabelSelector `json:"machineConfigSelector,omitempty"` + + // nodeSelector specifies a label selector for Machines + NodeSelector *metav1.LabelSelector `json:"nodeSelector,omitempty"` + + // paused specifies whether or not changes to this machine config pool should be stopped. + // This includes generating new desiredMachineConfig and update of machines. + Paused bool `json:"paused"` + + // maxUnavailable specifies the percentage or constant number of machines that can be updating at any given time. + // default is 1. + MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"` +} + +// MachineConfigPoolStatus is the status for MachineConfigPool resource. +type MachineConfigPoolStatus struct { + // observedGeneration represents the generation observed by the controller. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // configuration represents the current MachineConfig object for the machine config pool. + Configuration MachineConfigPoolStatusConfiguration `json:"configuration"` + + // machineCount represents the total number of machines in the machine config pool. + MachineCount int32 `json:"machineCount"` + + // updatedMachineCount represents the total number of machines targeted by the pool that have the CurrentMachineConfig as their config. + UpdatedMachineCount int32 `json:"updatedMachineCount"` + + // readyMachineCount represents the total number of ready machines targeted by the pool. + ReadyMachineCount int32 `json:"readyMachineCount"` + + // unavailableMachineCount represents the total number of unavailable (non-ready) machines targeted by the pool. + // A node is marked unavailable if it is in updating state or NodeReady condition is false. + UnavailableMachineCount int32 `json:"unavailableMachineCount"` + + // degradedMachineCount represents the total number of machines marked degraded (or unreconcilable). + // A node is marked degraded if applying a configuration failed.. + DegradedMachineCount int32 `json:"degradedMachineCount"` + + // conditions represents the latest available observations of current state. + // +optional + Conditions []MachineConfigPoolCondition `json:"conditions"` +} + +// MachineConfigPoolStatusConfiguration stores the current configuration for the pool, and +// optionally also stores the list of MachineConfig objects used to generate the configuration. +type MachineConfigPoolStatusConfiguration struct { + corev1.ObjectReference `json:",inline"` + + // source is the list of MachineConfig objects that were used to generate the single MachineConfig object specified in `content`. + // +optional + Source []corev1.ObjectReference `json:"source,omitempty"` +} + +// MachineConfigPoolCondition contains condition information for an MachineConfigPool. +type MachineConfigPoolCondition struct { + // type of the condition, currently ('Done', 'Updating', 'Failed'). + Type MachineConfigPoolConditionType `json:"type"` + + // status of the condition, one of ('True', 'False', 'Unknown'). + Status corev1.ConditionStatus `json:"status"` + + // lastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + // +nullable + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + + // reason is a brief machine readable explanation for the condition's last + // transition. + Reason string `json:"reason"` + + // message is a human readable description of the details of the last + // transition, complementing reason. + Message string `json:"message"` +} + +// MachineConfigPoolConditionType valid conditions of a MachineConfigPool +type MachineConfigPoolConditionType string + +const ( + // MachineConfigPoolUpdated means MachineConfigPool is updated completely. + // When the all the machines in the pool are updated to the correct machine config. + MachineConfigPoolUpdated MachineConfigPoolConditionType = "Updated" + + // MachineConfigPoolUpdating means MachineConfigPool is updating. + // When at least one of machine is not either not updated or is in the process of updating + // to the desired machine config. + MachineConfigPoolUpdating MachineConfigPoolConditionType = "Updating" + + // MachineConfigPoolNodeDegraded means the update for one of the machine is not progressing + MachineConfigPoolNodeDegraded MachineConfigPoolConditionType = "NodeDegraded" + + // MachineConfigPoolRenderDegraded means the rendered configuration for the pool cannot be generated because of an error + MachineConfigPoolRenderDegraded MachineConfigPoolConditionType = "RenderDegraded" + + // MachineConfigPoolDegraded is the overall status of the pool based, today, on whether we fail with NodeDegraded or RenderDegraded + MachineConfigPoolDegraded MachineConfigPoolConditionType = "Degraded" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// MachineConfigPoolList is a list of MachineConfigPool resources +type MachineConfigPoolList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []MachineConfigPool `json:"items"` +} + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// KubeletConfig describes a customized Kubelet configuration. +type KubeletConfig struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +required + Spec KubeletConfigSpec `json:"spec"` + // +optional + Status KubeletConfigStatus `json:"status"` +} + +// TODO: Investigate using RawExtension to make this independent from KubeletConfiguration versioning + +// KubeletConfigSpec defines the desired state of KubeletConfig +type KubeletConfigSpec struct { + MachineConfigPoolSelector *metav1.LabelSelector `json:"machineConfigPoolSelector,omitempty"` + KubeletConfig *kubeletconfigv1beta1.KubeletConfiguration `json:"kubeletConfig,omitempty"` +} + +// KubeletConfigStatus defines the observed state of a KubeletConfig +type KubeletConfigStatus struct { + // observedGeneration represents the generation observed by the controller. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // conditions represents the latest available observations of current state. + // +optional + Conditions []KubeletConfigCondition `json:"conditions"` +} + +// KubeletConfigCondition defines the state of the KubeletConfig +type KubeletConfigCondition struct { + // type specifies the state of the operator's reconciliation functionality. + Type KubeletConfigStatusConditionType `json:"type"` + + // status of the condition, one of True, False, Unknown. + Status corev1.ConditionStatus `json:"status"` + + // lastTransitionTime is the time of the last update to the current status object. + // +nullable + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + + // reason is the reason for the condition's last transition. Reasons are CamelCase + Reason string `json:"reason,omitempty"` + + // message provides additional information about the current condition. + // This is only to be consumed by humans. + Message string `json:"message,omitempty"` +} + +// KubeletConfigStatusConditionType is the state of the operator's reconciliation functionality. +type KubeletConfigStatusConditionType string + +const ( + // KubeletConfigSuccess designates a successful application of a KubeletConfig CR. + KubeletConfigSuccess KubeletConfigStatusConditionType = "Success" + + // KubeletConfigFailure designates a failure applying a KubeletConfig CR. + KubeletConfigFailure KubeletConfigStatusConditionType = "Failure" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// KubeletConfigList is a list of KubeletConfig resources +type KubeletConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []KubeletConfig `json:"items"` +} + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ContainerRuntimeConfig describes a customized Container Runtime configuration. +type ContainerRuntimeConfig struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +required + Spec ContainerRuntimeConfigSpec `json:"spec"` + // +optional + Status ContainerRuntimeConfigStatus `json:"status"` +} + +// ContainerRuntimeConfigSpec defines the desired state of ContainerRuntimeConfig +type ContainerRuntimeConfigSpec struct { + MachineConfigPoolSelector *metav1.LabelSelector `json:"machineConfigPoolSelector,omitempty"` + ContainerRuntimeConfig *ContainerRuntimeConfiguration `json:"containerRuntimeConfig,omitempty"` +} + +// ContainerRuntimeConfiguration defines the tuneables of the container runtime +type ContainerRuntimeConfiguration struct { + // pidsLimit specifies the maximum number of processes allowed in a container + PidsLimit int64 `json:"pidsLimit,omitempty"` + + // logLevel specifies the verbosity of the logs based on the level it is set to. + // Options are fatal, panic, error, warn, info, and debug. + LogLevel string `json:"logLevel,omitempty"` + + // logSizeMax specifies the Maximum size allowed for the container log file. + // Negative numbers indicate that no size limit is imposed. + // If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + LogSizeMax resource.Quantity `json:"logSizeMax"` + + // overlaySize specifies the maximum size of a container image. + // This flag can be used to set quota on the size of container images. (default: 10GB) + OverlaySize resource.Quantity `json:"overlaySize"` +} + +// ContainerRuntimeConfigStatus defines the observed state of a ContainerRuntimeConfig +type ContainerRuntimeConfigStatus struct { + // observedGeneration represents the generation observed by the controller. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // conditions represents the latest available observations of current state. + // +optional + Conditions []ContainerRuntimeConfigCondition `json:"conditions"` +} + +// ContainerRuntimeConfigCondition defines the state of the ContainerRuntimeConfig +type ContainerRuntimeConfigCondition struct { + // type specifies the state of the operator's reconciliation functionality. + Type ContainerRuntimeConfigStatusConditionType `json:"type"` + + // status of the condition, one of True, False, Unknown. + Status corev1.ConditionStatus `json:"status"` + + // lastTransitionTime is the time of the last update to the current status object. + // +nullable + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + + // reason is the reason for the condition's last transition. Reasons are CamelCase + Reason string `json:"reason,omitempty"` + + // message provides additional information about the current condition. + // This is only to be consumed by humans. + Message string `json:"message,omitempty"` +} + +// ContainerRuntimeConfigStatusConditionType is the state of the operator's reconciliation functionality. +type ContainerRuntimeConfigStatusConditionType string + +const ( + // ContainerRuntimeConfigSuccess designates a successful application of a ContainerRuntimeConfig CR. + ContainerRuntimeConfigSuccess ContainerRuntimeConfigStatusConditionType = "Success" + + // ContainerRuntimeConfigFailure designates a failure applying a ContainerRuntimeConfig CR. + ContainerRuntimeConfigFailure ContainerRuntimeConfigStatusConditionType = "Failure" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ContainerRuntimeConfigList is a list of ContainerRuntimeConfig resources +type ContainerRuntimeConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []ContainerRuntimeConfig `json:"items"` +} diff --git a/machineconfiguration/v1/zz_generated.deepcopy.go b/machineconfiguration/v1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..556446d2166 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.deepcopy.go @@ -0,0 +1,584 @@ +// +build !ignore_autogenerated + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + intstr "k8s.io/apimachinery/pkg/util/intstr" + v1beta1 "k8s.io/kubelet/config/v1beta1" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerRuntimeConfig) DeepCopyInto(out *ContainerRuntimeConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerRuntimeConfig. +func (in *ContainerRuntimeConfig) DeepCopy() *ContainerRuntimeConfig { + if in == nil { + return nil + } + out := new(ContainerRuntimeConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ContainerRuntimeConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerRuntimeConfigCondition) DeepCopyInto(out *ContainerRuntimeConfigCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerRuntimeConfigCondition. +func (in *ContainerRuntimeConfigCondition) DeepCopy() *ContainerRuntimeConfigCondition { + if in == nil { + return nil + } + out := new(ContainerRuntimeConfigCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerRuntimeConfigList) DeepCopyInto(out *ContainerRuntimeConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ContainerRuntimeConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerRuntimeConfigList. +func (in *ContainerRuntimeConfigList) DeepCopy() *ContainerRuntimeConfigList { + if in == nil { + return nil + } + out := new(ContainerRuntimeConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ContainerRuntimeConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerRuntimeConfigSpec) DeepCopyInto(out *ContainerRuntimeConfigSpec) { + *out = *in + if in.MachineConfigPoolSelector != nil { + in, out := &in.MachineConfigPoolSelector, &out.MachineConfigPoolSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.ContainerRuntimeConfig != nil { + in, out := &in.ContainerRuntimeConfig, &out.ContainerRuntimeConfig + *out = new(ContainerRuntimeConfiguration) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerRuntimeConfigSpec. +func (in *ContainerRuntimeConfigSpec) DeepCopy() *ContainerRuntimeConfigSpec { + if in == nil { + return nil + } + out := new(ContainerRuntimeConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerRuntimeConfigStatus) DeepCopyInto(out *ContainerRuntimeConfigStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]ContainerRuntimeConfigCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerRuntimeConfigStatus. +func (in *ContainerRuntimeConfigStatus) DeepCopy() *ContainerRuntimeConfigStatus { + if in == nil { + return nil + } + out := new(ContainerRuntimeConfigStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerRuntimeConfiguration) DeepCopyInto(out *ContainerRuntimeConfiguration) { + *out = *in + out.LogSizeMax = in.LogSizeMax.DeepCopy() + out.OverlaySize = in.OverlaySize.DeepCopy() + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerRuntimeConfiguration. +func (in *ContainerRuntimeConfiguration) DeepCopy() *ContainerRuntimeConfiguration { + if in == nil { + return nil + } + out := new(ContainerRuntimeConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControllerConfig) DeepCopyInto(out *ControllerConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfig. +func (in *ControllerConfig) DeepCopy() *ControllerConfig { + if in == nil { + return nil + } + out := new(ControllerConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ControllerConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControllerConfigList) DeepCopyInto(out *ControllerConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ControllerConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfigList. +func (in *ControllerConfigList) DeepCopy() *ControllerConfigList { + if in == nil { + return nil + } + out := new(ControllerConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ControllerConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControllerConfigSpec) DeepCopyInto(out *ControllerConfigSpec) { + *out = *in + if in.EtcdCAData != nil { + in, out := &in.EtcdCAData, &out.EtcdCAData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.EtcdMetricCAData != nil { + in, out := &in.EtcdMetricCAData, &out.EtcdMetricCAData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.RootCAData != nil { + in, out := &in.RootCAData, &out.RootCAData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.PullSecret != nil { + in, out := &in.PullSecret, &out.PullSecret + *out = new(corev1.ObjectReference) + **out = **in + } + if in.Images != nil { + in, out := &in.Images, &out.Images + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfigSpec. +func (in *ControllerConfigSpec) DeepCopy() *ControllerConfigSpec { + if in == nil { + return nil + } + out := new(ControllerConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControllerConfigStatus) DeepCopyInto(out *ControllerConfigStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]ControllerConfigStatusCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfigStatus. +func (in *ControllerConfigStatus) DeepCopy() *ControllerConfigStatus { + if in == nil { + return nil + } + out := new(ControllerConfigStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControllerConfigStatusCondition) DeepCopyInto(out *ControllerConfigStatusCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControllerConfigStatusCondition. +func (in *ControllerConfigStatusCondition) DeepCopy() *ControllerConfigStatusCondition { + if in == nil { + return nil + } + out := new(ControllerConfigStatusCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfig) DeepCopyInto(out *KubeletConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfig. +func (in *KubeletConfig) DeepCopy() *KubeletConfig { + if in == nil { + return nil + } + out := new(KubeletConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeletConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfigCondition) DeepCopyInto(out *KubeletConfigCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfigCondition. +func (in *KubeletConfigCondition) DeepCopy() *KubeletConfigCondition { + if in == nil { + return nil + } + out := new(KubeletConfigCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfigList) DeepCopyInto(out *KubeletConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KubeletConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfigList. +func (in *KubeletConfigList) DeepCopy() *KubeletConfigList { + if in == nil { + return nil + } + out := new(KubeletConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeletConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfigSpec) DeepCopyInto(out *KubeletConfigSpec) { + *out = *in + if in.MachineConfigPoolSelector != nil { + in, out := &in.MachineConfigPoolSelector, &out.MachineConfigPoolSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.KubeletConfig != nil { + in, out := &in.KubeletConfig, &out.KubeletConfig + *out = new(v1beta1.KubeletConfiguration) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfigSpec. +func (in *KubeletConfigSpec) DeepCopy() *KubeletConfigSpec { + if in == nil { + return nil + } + out := new(KubeletConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfigStatus) DeepCopyInto(out *KubeletConfigStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]KubeletConfigCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfigStatus. +func (in *KubeletConfigStatus) DeepCopy() *KubeletConfigStatus { + if in == nil { + return nil + } + out := new(KubeletConfigStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigPool) DeepCopyInto(out *MachineConfigPool) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigPool. +func (in *MachineConfigPool) DeepCopy() *MachineConfigPool { + if in == nil { + return nil + } + out := new(MachineConfigPool) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MachineConfigPool) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigPoolCondition) DeepCopyInto(out *MachineConfigPoolCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigPoolCondition. +func (in *MachineConfigPoolCondition) DeepCopy() *MachineConfigPoolCondition { + if in == nil { + return nil + } + out := new(MachineConfigPoolCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigPoolList) DeepCopyInto(out *MachineConfigPoolList) { + *out = *in + out.TypeMeta = in.TypeMeta + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]MachineConfigPool, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigPoolList. +func (in *MachineConfigPoolList) DeepCopy() *MachineConfigPoolList { + if in == nil { + return nil + } + out := new(MachineConfigPoolList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MachineConfigPoolList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigPoolSpec) DeepCopyInto(out *MachineConfigPoolSpec) { + *out = *in + if in.MachineConfigSelector != nil { + in, out := &in.MachineConfigSelector, &out.MachineConfigSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.MaxUnavailable != nil { + in, out := &in.MaxUnavailable, &out.MaxUnavailable + *out = new(intstr.IntOrString) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigPoolSpec. +func (in *MachineConfigPoolSpec) DeepCopy() *MachineConfigPoolSpec { + if in == nil { + return nil + } + out := new(MachineConfigPoolSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigPoolStatus) DeepCopyInto(out *MachineConfigPoolStatus) { + *out = *in + in.Configuration.DeepCopyInto(&out.Configuration) + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]MachineConfigPoolCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigPoolStatus. +func (in *MachineConfigPoolStatus) DeepCopy() *MachineConfigPoolStatus { + if in == nil { + return nil + } + out := new(MachineConfigPoolStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigPoolStatusConfiguration) DeepCopyInto(out *MachineConfigPoolStatusConfiguration) { + *out = *in + out.ObjectReference = in.ObjectReference + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = make([]corev1.ObjectReference, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigPoolStatusConfiguration. +func (in *MachineConfigPoolStatusConfiguration) DeepCopy() *MachineConfigPoolStatusConfiguration { + if in == nil { + return nil + } + out := new(MachineConfigPoolStatusConfiguration) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/k8s.io/kubelet/.github/PULL_REQUEST_TEMPLATE.md b/vendor/k8s.io/kubelet/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000000..e7e5eb834b2 --- /dev/null +++ b/vendor/k8s.io/kubelet/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,2 @@ +Sorry, we do not accept changes directly against this repository. Please see +CONTRIBUTING.md for information on where and how to contribute instead. diff --git a/vendor/k8s.io/kubelet/CONTRIBUTING.md b/vendor/k8s.io/kubelet/CONTRIBUTING.md new file mode 100644 index 00000000000..be789a9d981 --- /dev/null +++ b/vendor/k8s.io/kubelet/CONTRIBUTING.md @@ -0,0 +1,7 @@ +# Contributing guidelines + +Do not open pull requests directly against this repository, they will be ignored. Instead, please open pull requests against [kubernetes/kubernetes](https://git.k8s.io/kubernetes/). Please follow the same [contributing guide](https://git.k8s.io/kubernetes/CONTRIBUTING.md) you would follow for any other pull request made to kubernetes/kubernetes. + +This repository is published from [kubernetes/kubernetes/staging/src/k8s.io/kubelet](https://git.k8s.io/kubernetes/staging/src/k8s.io/kubelet) by the [kubernetes publishing-bot](https://git.k8s.io/publishing-bot). + +Please see [Staging Directory and Publishing](https://git.k8s.io/community/contributors/devel/sig-architecture/staging.md) for more information diff --git a/vendor/k8s.io/kubelet/Godeps/Godeps.json b/vendor/k8s.io/kubelet/Godeps/Godeps.json new file mode 100644 index 00000000000..15fb9910fbb --- /dev/null +++ b/vendor/k8s.io/kubelet/Godeps/Godeps.json @@ -0,0 +1,150 @@ +{ + "ImportPath": "k8s.io/kubelet", + "GoVersion": "go1.12", + "GodepVersion": "v80", + "Packages": [ + "./..." + ], + "Deps": [ + { + "ImportPath": "github.com/gogo/protobuf/proto", + "Rev": "342cbe0a04158f6dcb03ca0079991a51a4248c02" + }, + { + "ImportPath": "github.com/gogo/protobuf/sortkeys", + "Rev": "342cbe0a04158f6dcb03ca0079991a51a4248c02" + }, + { + "ImportPath": "github.com/google/gofuzz", + "Rev": "24818f796faf91cd76ec7bddd72458fbced7a6c1" + }, + { + "ImportPath": "golang.org/x/net/http/httpguts", + "Rev": "65e2d4e15006aab9813ff8769e768bbf4bb667a0" + }, + { + "ImportPath": "golang.org/x/net/http2", + "Rev": "65e2d4e15006aab9813ff8769e768bbf4bb667a0" + }, + { + "ImportPath": "golang.org/x/net/http2/hpack", + "Rev": "65e2d4e15006aab9813ff8769e768bbf4bb667a0" + }, + { + "ImportPath": "golang.org/x/net/idna", + "Rev": "65e2d4e15006aab9813ff8769e768bbf4bb667a0" + }, + { + "ImportPath": "golang.org/x/text/secure/bidirule", + "Rev": "b19bf474d317b857955b12035d2c5acb57ce8b01" + }, + { + "ImportPath": "golang.org/x/text/transform", + "Rev": "b19bf474d317b857955b12035d2c5acb57ce8b01" + }, + { + "ImportPath": "golang.org/x/text/unicode/bidi", + "Rev": "b19bf474d317b857955b12035d2c5acb57ce8b01" + }, + { + "ImportPath": "golang.org/x/text/unicode/norm", + "Rev": "b19bf474d317b857955b12035d2c5acb57ce8b01" + }, + { + "ImportPath": "gopkg.in/inf.v0", + "Rev": "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4" + }, + { + "ImportPath": "k8s.io/api/core/v1", + "Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/api/resource", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/conversion", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/fields", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/labels", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/runtime", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/runtime/schema", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/selection", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/types", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/util/errors", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/util/intstr", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/util/json", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/util/naming", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/util/net", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/util/runtime", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/util/sets", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/util/validation", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/util/validation/field", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/pkg/watch", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect", + "Rev": "d7deff9243b165ee192f5551710ea4285dcfd615" + }, + { + "ImportPath": "k8s.io/klog", + "Rev": "8e90cee79f823779174776412c13478955131846" + } + ] +} diff --git a/vendor/k8s.io/kubelet/Godeps/OWNERS b/vendor/k8s.io/kubelet/Godeps/OWNERS new file mode 100644 index 00000000000..0f5d2f6734e --- /dev/null +++ b/vendor/k8s.io/kubelet/Godeps/OWNERS @@ -0,0 +1,4 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: +- dep-approvers diff --git a/vendor/k8s.io/kubelet/Godeps/Readme b/vendor/k8s.io/kubelet/Godeps/Readme new file mode 100644 index 00000000000..4cdaa53d56d --- /dev/null +++ b/vendor/k8s.io/kubelet/Godeps/Readme @@ -0,0 +1,5 @@ +This directory tree is generated automatically by godep. + +Please do not edit. + +See https://github.com/tools/godep for more information. diff --git a/vendor/k8s.io/kubelet/LICENSE b/vendor/k8s.io/kubelet/LICENSE new file mode 100644 index 00000000000..d6456956733 --- /dev/null +++ b/vendor/k8s.io/kubelet/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/k8s.io/kubelet/OWNERS b/vendor/k8s.io/kubelet/OWNERS new file mode 100644 index 00000000000..128c82716dc --- /dev/null +++ b/vendor/k8s.io/kubelet/OWNERS @@ -0,0 +1,11 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: +- sig-node-approvers +- sttts +- luxas +- mtaufen +reviewers: +- sig-node-reviewers +- luxas +- sttts diff --git a/vendor/k8s.io/kubelet/README.md b/vendor/k8s.io/kubelet/README.md new file mode 100644 index 00000000000..9baec718030 --- /dev/null +++ b/vendor/k8s.io/kubelet/README.md @@ -0,0 +1,16 @@ +# kubelet + +Implements [KEP 14 - Moving ComponentConfig API types to staging repos](https://git.k8s.io/enhancements/keps/sig-cluster-lifecycle/0014-20180707-componentconfig-api-types-to-staging.md#kubelet-changes) + +This repo provides external, versioned ComponentConfig API types for configuring the kubelet. +These external types can easily be vendored and used by any third-party tool writing Kubernetes +ComponentConfig objects. + +## Compatibility + +HEAD of this repo will match HEAD of k8s.io/apiserver, k8s.io/apimachinery, and k8s.io/client-go. + +## Where does it come from? + +This repo is synced from https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/kubelet. +Code changes are made in that location, merged into `k8s.io/kubernetes` and later synced here by a bot. diff --git a/vendor/k8s.io/kubelet/SECURITY_CONTACTS b/vendor/k8s.io/kubelet/SECURITY_CONTACTS new file mode 100644 index 00000000000..70b7cf9a657 --- /dev/null +++ b/vendor/k8s.io/kubelet/SECURITY_CONTACTS @@ -0,0 +1,17 @@ +# Defined below are the security contacts for this repo. +# +# They are the contact point for the Product Security Committee to reach out +# to for triaging and handling of incoming issues. +# +# The below names agree to abide by the +# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) +# and will be removed and replaced if they violate that agreement. +# +# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE +# INSTRUCTIONS AT https://kubernetes.io/security/ + +cjcullen +jessfraz +liggitt +philips +tallclair diff --git a/vendor/k8s.io/kubelet/code-of-conduct.md b/vendor/k8s.io/kubelet/code-of-conduct.md new file mode 100644 index 00000000000..0d15c00cf32 --- /dev/null +++ b/vendor/k8s.io/kubelet/code-of-conduct.md @@ -0,0 +1,3 @@ +# Kubernetes Community Code of Conduct + +Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) diff --git a/vendor/k8s.io/kubelet/config/OWNERS b/vendor/k8s.io/kubelet/config/OWNERS new file mode 100644 index 00000000000..a459a8f87ad --- /dev/null +++ b/vendor/k8s.io/kubelet/config/OWNERS @@ -0,0 +1,12 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +# Disable inheritance as this is an api owners file +options: + no_parent_owners: true +approvers: +- api-approvers +reviewers: +- api-reviewers +- sig-node-reviewers +labels: +- kind/api-change diff --git a/vendor/k8s.io/kubelet/config/v1beta1/doc.go b/vendor/k8s.io/kubelet/config/v1beta1/doc.go new file mode 100644 index 00000000000..5644377d6c8 --- /dev/null +++ b/vendor/k8s.io/kubelet/config/v1beta1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package +// +k8s:openapi-gen=true +// +groupName=kubelet.config.k8s.io + +package v1beta1 // import "k8s.io/kubelet/config/v1beta1" diff --git a/vendor/k8s.io/kubelet/config/v1beta1/register.go b/vendor/k8s.io/kubelet/config/v1beta1/register.go new file mode 100644 index 00000000000..914dfb25fa2 --- /dev/null +++ b/vendor/k8s.io/kubelet/config/v1beta1/register.go @@ -0,0 +1,44 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the group name used in this package +const GroupName = "kubelet.config.k8s.io" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} + +var ( + // SchemeBuilder is the scheme builder with scheme init functions to run for this API package + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // AddToScheme is a global function that registers this API group & version to a scheme + AddToScheme = SchemeBuilder.AddToScheme +) + +// addKnownTypes registers known types to the given scheme +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &KubeletConfiguration{}, + &SerializedNodeConfigSource{}, + ) + return nil +} diff --git a/vendor/k8s.io/kubelet/config/v1beta1/types.go b/vendor/k8s.io/kubelet/config/v1beta1/types.go new file mode 100644 index 00000000000..4abe387773d --- /dev/null +++ b/vendor/k8s.io/kubelet/config/v1beta1/types.go @@ -0,0 +1,800 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// HairpinMode denotes how the kubelet should configure networking to handle +// hairpin packets. +type HairpinMode string + +// Enum settings for different ways to handle hairpin packets. +const ( + // Set the hairpin flag on the veth of containers in the respective + // container runtime. + HairpinVeth = "hairpin-veth" + // Make the container bridge promiscuous. This will force it to accept + // hairpin packets, even if the flag isn't set on ports of the bridge. + PromiscuousBridge = "promiscuous-bridge" + // Neither of the above. If the kubelet is started in this hairpin mode + // and kube-proxy is running in iptables mode, hairpin packets will be + // dropped by the container bridge. + HairpinNone = "none" +) + +// ResourceChangeDetectionStrategy denotes a mode in which internal +// managers (secret, configmap) are discovering object changes. +type ResourceChangeDetectionStrategy string + +// Enum settings for different strategies of kubelet managers. +const ( + // GetChangeDetectionStrategy is a mode in which kubelet fetches + // necessary objects directly from apiserver. + GetChangeDetectionStrategy ResourceChangeDetectionStrategy = "Get" + // TTLCacheChangeDetectionStrategy is a mode in which kubelet uses + // ttl cache for object directly fetched from apiserver. + TTLCacheChangeDetectionStrategy ResourceChangeDetectionStrategy = "Cache" + // WatchChangeDetectionStrategy is a mode in which kubelet uses + // watches to observe changes to objects that are in its interest. + WatchChangeDetectionStrategy ResourceChangeDetectionStrategy = "Watch" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// KubeletConfiguration contains the configuration for the Kubelet +type KubeletConfiguration struct { + metav1.TypeMeta `json:",inline"` + + // staticPodPath is the path to the directory containing local (static) pods to + // run, or the path to a single static pod file. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // the set of static pods specified at the new path may be different than the + // ones the Kubelet initially started with, and this may disrupt your node. + // Default: "" + // +optional + StaticPodPath string `json:"staticPodPath,omitempty"` + // syncFrequency is the max period between synchronizing running + // containers and config. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // shortening this duration may have a negative performance impact, especially + // as the number of Pods on the node increases. Alternatively, increasing this + // duration will result in longer refresh times for ConfigMaps and Secrets. + // Default: "1m" + // +optional + SyncFrequency metav1.Duration `json:"syncFrequency,omitempty"` + // fileCheckFrequency is the duration between checking config files for + // new data + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // shortening the duration will cause the Kubelet to reload local Static Pod + // configurations more frequently, which may have a negative performance impact. + // Default: "20s" + // +optional + FileCheckFrequency metav1.Duration `json:"fileCheckFrequency,omitempty"` + // httpCheckFrequency is the duration between checking http for new data + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // shortening the duration will cause the Kubelet to poll staticPodURL more + // frequently, which may have a negative performance impact. + // Default: "20s" + // +optional + HTTPCheckFrequency metav1.Duration `json:"httpCheckFrequency,omitempty"` + // staticPodURL is the URL for accessing static pods to run + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // the set of static pods specified at the new URL may be different than the + // ones the Kubelet initially started with, and this may disrupt your node. + // Default: "" + // +optional + StaticPodURL string `json:"staticPodURL,omitempty"` + // staticPodURLHeader is a map of slices with HTTP headers to use when accessing the podURL + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt the ability to read the latest set of static pods from StaticPodURL. + // Default: nil + // +optional + StaticPodURLHeader map[string][]string `json:"staticPodURLHeader,omitempty"` + // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 + // for all interfaces). + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Default: "0.0.0.0" + // +optional + Address string `json:"address,omitempty"` + // port is the port for the Kubelet to serve on. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Default: 10250 + // +optional + Port int32 `json:"port,omitempty"` + // readOnlyPort is the read-only port for the Kubelet to serve on with + // no authentication/authorization. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Default: 0 (disabled) + // +optional + ReadOnlyPort int32 `json:"readOnlyPort,omitempty"` + // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, + // if any, concatenated after server cert). If tlsCertFile and + // tlsPrivateKeyFile are not provided, a self-signed certificate + // and key are generated for the public address and saved to the directory + // passed to the Kubelet's --cert-dir flag. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Default: "" + // +optional + TLSCertFile string `json:"tlsCertFile,omitempty"` + // tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Default: "" + // +optional + TLSPrivateKeyFile string `json:"tlsPrivateKeyFile,omitempty"` + // TLSCipherSuites is the list of allowed cipher suites for the server. + // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Default: nil + // +optional + TLSCipherSuites []string `json:"tlsCipherSuites,omitempty"` + // TLSMinVersion is the minimum TLS version supported. + // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Default: "" + // +optional + TLSMinVersion string `json:"tlsMinVersion,omitempty"` + // rotateCertificates enables client certificate rotation. The Kubelet will request a + // new certificate from the certificates.k8s.io API. This requires an approver to approve the + // certificate signing requests. The RotateKubeletClientCertificate feature + // must be enabled. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // disabling it may disrupt the Kubelet's ability to authenticate with the API server + // after the current certificate expires. + // Default: false + // +optional + RotateCertificates bool `json:"rotateCertificates,omitempty"` + // serverTLSBootstrap enables server certificate bootstrap. Instead of self + // signing a serving certificate, the Kubelet will request a certificate from + // the certificates.k8s.io API. This requires an approver to approve the + // certificate signing requests. The RotateKubeletServerCertificate feature + // must be enabled. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // disabling it will stop the renewal of Kubelet server certificates, which can + // disrupt components that interact with the Kubelet server in the long term, + // due to certificate expiration. + // Default: false + // +optional + ServerTLSBootstrap bool `json:"serverTLSBootstrap,omitempty"` + // authentication specifies how requests to the Kubelet's server are authenticated + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Defaults: + // anonymous: + // enabled: false + // webhook: + // enabled: true + // cacheTTL: "2m" + // +optional + Authentication KubeletAuthentication `json:"authentication"` + // authorization specifies how requests to the Kubelet's server are authorized + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Defaults: + // mode: Webhook + // webhook: + // cacheAuthorizedTTL: "5m" + // cacheUnauthorizedTTL: "30s" + // +optional + Authorization KubeletAuthorization `json:"authorization"` + // registryPullQPS is the limit of registry pulls per second. + // Set to 0 for no limit. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact scalability by changing the amount of traffic produced + // by image pulls. + // Default: 5 + // +optional + RegistryPullQPS *int32 `json:"registryPullQPS,omitempty"` + // registryBurst is the maximum size of bursty pulls, temporarily allows + // pulls to burst to this number, while still not exceeding registryPullQPS. + // Only used if registryPullQPS > 0. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact scalability by changing the amount of traffic produced + // by image pulls. + // Default: 10 + // +optional + RegistryBurst int32 `json:"registryBurst,omitempty"` + // eventRecordQPS is the maximum event creations per second. If 0, there + // is no limit enforced. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact scalability by changing the amount of traffic produced by + // event creations. + // Default: 5 + // +optional + EventRecordQPS *int32 `json:"eventRecordQPS,omitempty"` + // eventBurst is the maximum size of a burst of event creations, temporarily + // allows event creations to burst to this number, while still not exceeding + // eventRecordQPS. Only used if eventRecordQPS > 0. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact scalability by changing the amount of traffic produced by + // event creations. + // Default: 10 + // +optional + EventBurst int32 `json:"eventBurst,omitempty"` + // enableDebuggingHandlers enables server endpoints for log access + // and local running of containers and commands, including the exec, + // attach, logs, and portforward features. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // disabling it may disrupt components that interact with the Kubelet server. + // Default: true + // +optional + EnableDebuggingHandlers *bool `json:"enableDebuggingHandlers,omitempty"` + // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // enabling it may carry a performance impact. + // Default: false + // +optional + EnableContentionProfiling bool `json:"enableContentionProfiling,omitempty"` + // healthzPort is the port of the localhost healthz endpoint (set to 0 to disable) + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that monitor Kubelet health. + // Default: 10248 + // +optional + HealthzPort *int32 `json:"healthzPort,omitempty"` + // healthzBindAddress is the IP address for the healthz server to serve on + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that monitor Kubelet health. + // Default: "127.0.0.1" + // +optional + HealthzBindAddress string `json:"healthzBindAddress,omitempty"` + // oomScoreAdj is The oom-score-adj value for kubelet process. Values + // must be within the range [-1000, 1000]. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact the stability of nodes under memory pressure. + // Default: -999 + // +optional + OOMScoreAdj *int32 `json:"oomScoreAdj,omitempty"` + // clusterDomain is the DNS domain for this cluster. If set, kubelet will + // configure all containers to search this domain in addition to the + // host's search domains. + // Dynamic Kubelet Config (beta): Dynamically updating this field is not recommended, + // as it should be kept in sync with the rest of the cluster. + // Default: "" + // +optional + ClusterDomain string `json:"clusterDomain,omitempty"` + // clusterDNS is a list of IP addresses for the cluster DNS server. If set, + // kubelet will configure all containers to use this for DNS resolution + // instead of the host's DNS servers. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // changes will only take effect on Pods created after the update. Draining + // the node is recommended before changing this field. + // Default: nil + // +optional + ClusterDNS []string `json:"clusterDNS,omitempty"` + // streamingConnectionIdleTimeout is the maximum time a streaming connection + // can be idle before the connection is automatically closed. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact components that rely on infrequent updates over streaming + // connections to the Kubelet server. + // Default: "4h" + // +optional + StreamingConnectionIdleTimeout metav1.Duration `json:"streamingConnectionIdleTimeout,omitempty"` + // nodeStatusUpdateFrequency is the frequency that kubelet computes node + // status. If node lease feature is not enabled, it is also the frequency that + // kubelet posts node status to master. + // Note: When node lease feature is not enabled, be cautious when changing the + // constant, it must work with nodeMonitorGracePeriod in nodecontroller. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact node scalability, and also that the node controller's + // nodeMonitorGracePeriod must be set to N*NodeStatusUpdateFrequency, + // where N is the number of retries before the node controller marks + // the node unhealthy. + // Default: "10s" + // +optional + NodeStatusUpdateFrequency metav1.Duration `json:"nodeStatusUpdateFrequency,omitempty"` + // nodeStatusReportFrequency is the frequency that kubelet posts node + // status to master if node status does not change. Kubelet will ignore this + // frequency and post node status immediately if any change is detected. It is + // only used when node lease feature is enabled. nodeStatusReportFrequency's + // default value is 1m. But if nodeStatusUpdateFrequency is set explicitly, + // nodeStatusReportFrequency's default value will be set to + // nodeStatusUpdateFrequency for backward compatibility. + // Default: "1m" + // +optional + NodeStatusReportFrequency metav1.Duration `json:"nodeStatusReportFrequency,omitempty"` + // nodeLeaseDurationSeconds is the duration the Kubelet will set on its corresponding Lease, + // when the NodeLease feature is enabled. This feature provides an indicator of node + // health by having the Kublet create and periodically renew a lease, named after the node, + // in the kube-node-lease namespace. If the lease expires, the node can be considered unhealthy. + // The lease is currently renewed every 10s, per KEP-0009. In the future, the lease renewal interval + // may be set based on the lease duration. + // Requires the NodeLease feature gate to be enabled. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // decreasing the duration may reduce tolerance for issues that temporarily prevent + // the Kubelet from renewing the lease (e.g. a short-lived network issue). + // Default: 40 + // +optional + NodeLeaseDurationSeconds int32 `json:"nodeLeaseDurationSeconds,omitempty"` + // imageMinimumGCAge is the minimum age for an unused image before it is + // garbage collected. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may trigger or delay garbage collection, and may change the image overhead + // on the node. + // Default: "2m" + // +optional + ImageMinimumGCAge metav1.Duration `json:"imageMinimumGCAge,omitempty"` + // imageGCHighThresholdPercent is the percent of disk usage after which + // image garbage collection is always run. The percent is calculated as + // this field value out of 100. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may trigger or delay garbage collection, and may change the image overhead + // on the node. + // Default: 85 + // +optional + ImageGCHighThresholdPercent *int32 `json:"imageGCHighThresholdPercent,omitempty"` + // imageGCLowThresholdPercent is the percent of disk usage before which + // image garbage collection is never run. Lowest disk usage to garbage + // collect to. The percent is calculated as this field value out of 100. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may trigger or delay garbage collection, and may change the image overhead + // on the node. + // Default: 80 + // +optional + ImageGCLowThresholdPercent *int32 `json:"imageGCLowThresholdPercent,omitempty"` + // How frequently to calculate and cache volume disk usage for all pods + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // shortening the period may carry a performance impact. + // Default: "1m" + // +optional + VolumeStatsAggPeriod metav1.Duration `json:"volumeStatsAggPeriod,omitempty"` + // kubeletCgroups is the absolute name of cgroups to isolate the kubelet in + // Dynamic Kubelet Config (beta): This field should not be updated without a full node + // reboot. It is safest to keep this value the same as the local config. + // Default: "" + // +optional + KubeletCgroups string `json:"kubeletCgroups,omitempty"` + // systemCgroups is absolute name of cgroups in which to place + // all non-kernel processes that are not already in a container. Empty + // for no container. Rolling back the flag requires a reboot. + // Dynamic Kubelet Config (beta): This field should not be updated without a full node + // reboot. It is safest to keep this value the same as the local config. + // Default: "" + // +optional + SystemCgroups string `json:"systemCgroups,omitempty"` + // cgroupRoot is the root cgroup to use for pods. This is handled by the + // container runtime on a best effort basis. + // Dynamic Kubelet Config (beta): This field should not be updated without a full node + // reboot. It is safest to keep this value the same as the local config. + // Default: "" + // +optional + CgroupRoot string `json:"cgroupRoot,omitempty"` + // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes + // And all Burstable and BestEffort pods are brought up under their + // specific top level QoS cgroup. + // Dynamic Kubelet Config (beta): This field should not be updated without a full node + // reboot. It is safest to keep this value the same as the local config. + // Default: true + // +optional + CgroupsPerQOS *bool `json:"cgroupsPerQOS,omitempty"` + // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) + // Dynamic Kubelet Config (beta): This field should not be updated without a full node + // reboot. It is safest to keep this value the same as the local config. + // Default: "cgroupfs" + // +optional + CgroupDriver string `json:"cgroupDriver,omitempty"` + // CPUManagerPolicy is the name of the policy to use. + // Requires the CPUManager feature gate to be enabled. + // Dynamic Kubelet Config (beta): This field should not be updated without a full node + // reboot. It is safest to keep this value the same as the local config. + // Default: "none" + // +optional + CPUManagerPolicy string `json:"cpuManagerPolicy,omitempty"` + // CPU Manager reconciliation period. + // Requires the CPUManager feature gate to be enabled. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // shortening the period may carry a performance impact. + // Default: "10s" + // +optional + CPUManagerReconcilePeriod metav1.Duration `json:"cpuManagerReconcilePeriod,omitempty"` + // qosReserved is a set of resource name to percentage pairs that specify + // the minimum percentage of a resource reserved for exclusive use by the + // guaranteed QoS tier. + // Currently supported resources: "memory" + // Requires the QOSReserved feature gate to be enabled. + // Dynamic Kubelet Config (beta): This field should not be updated without a full node + // reboot. It is safest to keep this value the same as the local config. + // Default: nil + // +optional + QOSReserved map[string]string `json:"qosReserved,omitempty"` + // runtimeRequestTimeout is the timeout for all runtime requests except long running + // requests - pull, logs, exec and attach. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may disrupt components that interact with the Kubelet server. + // Default: "2m" + // +optional + RuntimeRequestTimeout metav1.Duration `json:"runtimeRequestTimeout,omitempty"` + // hairpinMode specifies how the Kubelet should configure the container + // bridge for hairpin packets. + // Setting this flag allows endpoints in a Service to loadbalance back to + // themselves if they should try to access their own Service. Values: + // "promiscuous-bridge": make the container bridge promiscuous. + // "hairpin-veth": set the hairpin flag on container veth interfaces. + // "none": do nothing. + // Generally, one must set --hairpin-mode=hairpin-veth to achieve hairpin NAT, + // because promiscuous-bridge assumes the existence of a container bridge named cbr0. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may require a node reboot, depending on the network plugin. + // Default: "promiscuous-bridge" + // +optional + HairpinMode string `json:"hairpinMode,omitempty"` + // maxPods is the number of pods that can run on this Kubelet. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // changes may cause Pods to fail admission on Kubelet restart, and may change + // the value reported in Node.Status.Capacity[v1.ResourcePods], thus affecting + // future scheduling decisions. Increasing this value may also decrease performance, + // as more Pods can be packed into a single node. + // Default: 110 + // +optional + MaxPods int32 `json:"maxPods,omitempty"` + // The CIDR to use for pod IP addresses, only used in standalone mode. + // In cluster mode, this is obtained from the master. + // Dynamic Kubelet Config (beta): This field should always be set to the empty default. + // It should only set for standalone Kubelets, which cannot use Dynamic Kubelet Config. + // Default: "" + // +optional + PodCIDR string `json:"podCIDR,omitempty"` + // PodPidsLimit is the maximum number of pids in any pod. + // Requires the SupportPodPidsLimit feature gate to be enabled. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // lowering it may prevent container processes from forking after the change. + // Default: -1 + // +optional + PodPidsLimit *int64 `json:"podPidsLimit,omitempty"` + // ResolverConfig is the resolver configuration file used as the basis + // for the container DNS resolution configuration. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // changes will only take effect on Pods created after the update. Draining + // the node is recommended before changing this field. + // Default: "/etc/resolv.conf" + // +optional + ResolverConfig string `json:"resolvConf,omitempty"` + // cpuCFSQuota enables CPU CFS quota enforcement for containers that + // specify CPU limits. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // disabling it may reduce node stability. + // Default: true + // +optional + CPUCFSQuota *bool `json:"cpuCFSQuota,omitempty"` + // CPUCFSQuotaPeriod is the CPU CFS quota period value, cpu.cfs_period_us. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // limits set for containers will result in different cpu.cfs_quota settings. This + // will trigger container restarts on the node being reconfigured. + // Default: "100ms" + // +optional + CPUCFSQuotaPeriod *metav1.Duration `json:"cpuCFSQuotaPeriod,omitempty"` + // maxOpenFiles is Number of files that can be opened by Kubelet process. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact the ability of the Kubelet to interact with the node's filesystem. + // Default: 1000000 + // +optional + MaxOpenFiles int64 `json:"maxOpenFiles,omitempty"` + // contentType is contentType of requests sent to apiserver. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact the ability for the Kubelet to communicate with the API server. + // If the Kubelet loses contact with the API server due to a change to this field, + // the change cannot be reverted via dynamic Kubelet config. + // Default: "application/vnd.kubernetes.protobuf" + // +optional + ContentType string `json:"contentType,omitempty"` + // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact scalability by changing the amount of traffic the Kubelet + // sends to the API server. + // Default: 5 + // +optional + KubeAPIQPS *int32 `json:"kubeAPIQPS,omitempty"` + // kubeAPIBurst is the burst to allow while talking with kubernetes apiserver + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact scalability by changing the amount of traffic the Kubelet + // sends to the API server. + // Default: 10 + // +optional + KubeAPIBurst int32 `json:"kubeAPIBurst,omitempty"` + // serializeImagePulls when enabled, tells the Kubelet to pull images one + // at a time. We recommend *not* changing the default value on nodes that + // run docker daemon with version < 1.9 or an Aufs storage backend. + // Issue #10959 has more details. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may impact the performance of image pulls. + // Default: true + // +optional + SerializeImagePulls *bool `json:"serializeImagePulls,omitempty"` + // Map of signal names to quantities that defines hard eviction thresholds. For example: {"memory.available": "300Mi"}. + // To explicitly disable, pass a 0% or 100% threshold on an arbitrary resource. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may trigger or delay Pod evictions. + // Default: + // memory.available: "100Mi" + // nodefs.available: "10%" + // nodefs.inodesFree: "5%" + // imagefs.available: "15%" + // +optional + EvictionHard map[string]string `json:"evictionHard,omitempty"` + // Map of signal names to quantities that defines soft eviction thresholds. + // For example: {"memory.available": "300Mi"}. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may trigger or delay Pod evictions, and may change the allocatable reported + // by the node. + // Default: nil + // +optional + EvictionSoft map[string]string `json:"evictionSoft,omitempty"` + // Map of signal names to quantities that defines grace periods for each soft eviction signal. + // For example: {"memory.available": "30s"}. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may trigger or delay Pod evictions. + // Default: nil + // +optional + EvictionSoftGracePeriod map[string]string `json:"evictionSoftGracePeriod,omitempty"` + // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // lowering it may decrease the stability of the node when the node is overcommitted. + // Default: "5m" + // +optional + EvictionPressureTransitionPeriod metav1.Duration `json:"evictionPressureTransitionPeriod,omitempty"` + // Maximum allowed grace period (in seconds) to use when terminating pods in + // response to a soft eviction threshold being met. This value effectively caps + // the Pod's TerminationGracePeriodSeconds value during soft evictions. + // Note: Due to issue #64530, the behavior has a bug where this value currently just + // overrides the grace period during soft eviction, which can increase the grace + // period from what is set on the Pod. This bug will be fixed in a future release. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // lowering it decreases the amount of time Pods will have to gracefully clean + // up before being killed during a soft eviction. + // Default: 0 + // +optional + EvictionMaxPodGracePeriod int32 `json:"evictionMaxPodGracePeriod,omitempty"` + // Map of signal names to quantities that defines minimum reclaims, which describe the minimum + // amount of a given resource the kubelet will reclaim when performing a pod eviction while + // that resource is under pressure. For example: {"imagefs.available": "2Gi"} + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may change how well eviction can manage resource pressure. + // Default: nil + // +optional + EvictionMinimumReclaim map[string]string `json:"evictionMinimumReclaim,omitempty"` + // podsPerCore is the maximum number of pods per core. Cannot exceed MaxPods. + // If 0, this field is ignored. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // changes may cause Pods to fail admission on Kubelet restart, and may change + // the value reported in Node.Status.Capacity[v1.ResourcePods], thus affecting + // future scheduling decisions. Increasing this value may also decrease performance, + // as more Pods can be packed into a single node. + // Default: 0 + // +optional + PodsPerCore int32 `json:"podsPerCore,omitempty"` + // enableControllerAttachDetach enables the Attach/Detach controller to + // manage attachment/detachment of volumes scheduled to this node, and + // disables kubelet from executing any attach/detach operations + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // changing which component is responsible for volume management on a live node + // may result in volumes refusing to detach if the node is not drained prior to + // the update, and if Pods are scheduled to the node before the + // volumes.kubernetes.io/controller-managed-attach-detach annotation is updated by the + // Kubelet. In general, it is safest to leave this value set the same as local config. + // Default: true + // +optional + EnableControllerAttachDetach *bool `json:"enableControllerAttachDetach,omitempty"` + // protectKernelDefaults, if true, causes the Kubelet to error if kernel + // flags are not as it expects. Otherwise the Kubelet will attempt to modify + // kernel flags to match its expectation. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // enabling it may cause the Kubelet to crash-loop if the Kernel is not configured as + // Kubelet expects. + // Default: false + // +optional + ProtectKernelDefaults bool `json:"protectKernelDefaults,omitempty"` + // If true, Kubelet ensures a set of iptables rules are present on host. + // These rules will serve as utility rules for various components, e.g. KubeProxy. + // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // disabling it will prevent the Kubelet from healing locally misconfigured iptables rules. + // Default: true + // +optional + MakeIPTablesUtilChains *bool `json:"makeIPTablesUtilChains,omitempty"` + // iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT + // Values must be within the range [0, 31]. Must be different from other mark bits. + // Warning: Please match the value of the corresponding parameter in kube-proxy. + // TODO: clean up IPTablesMasqueradeBit in kube-proxy + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it needs to be coordinated with other components, like kube-proxy, and the update + // will only be effective if MakeIPTablesUtilChains is enabled. + // Default: 14 + // +optional + IPTablesMasqueradeBit *int32 `json:"iptablesMasqueradeBit,omitempty"` + // iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets. + // Values must be within the range [0, 31]. Must be different from other mark bits. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it needs to be coordinated with other components, like kube-proxy, and the update + // will only be effective if MakeIPTablesUtilChains is enabled. + // Default: 15 + // +optional + IPTablesDropBit *int32 `json:"iptablesDropBit,omitempty"` + // featureGates is a map of feature names to bools that enable or disable alpha/experimental + // features. This field modifies piecemeal the built-in default values from + // "k8s.io/kubernetes/pkg/features/kube_features.go". + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider the + // documentation for the features you are enabling or disabling. While we + // encourage feature developers to make it possible to dynamically enable + // and disable features, some changes may require node reboots, and some + // features may require careful coordination to retroactively disable. + // Default: nil + // +optional + FeatureGates map[string]bool `json:"featureGates,omitempty"` + // failSwapOn tells the Kubelet to fail to start if swap is enabled on the node. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // setting it to true will cause the Kubelet to crash-loop if swap is enabled. + // Default: true + // +optional + FailSwapOn *bool `json:"failSwapOn,omitempty"` + // A quantity defines the maximum size of the container log file before it is rotated. + // For example: "5Mi" or "256Ki". + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may trigger log rotation. + // Default: "10Mi" + // +optional + ContainerLogMaxSize string `json:"containerLogMaxSize,omitempty"` + // Maximum number of container log files that can be present for a container. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // lowering it may cause log files to be deleted. + // Default: 5 + // +optional + ContainerLogMaxFiles *int32 `json:"containerLogMaxFiles,omitempty"` + // ConfigMapAndSecretChangeDetectionStrategy is a mode in which + // config map and secret managers are running. + // Default: "Watching" + // +optional + ConfigMapAndSecretChangeDetectionStrategy ResourceChangeDetectionStrategy `json:"configMapAndSecretChangeDetectionStrategy,omitempty"` + + /* the following fields are meant for Node Allocatable */ + + // systemReserved is a set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) + // pairs that describe resources reserved for non-kubernetes components. + // Currently only cpu and memory are supported. + // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may not be possible to increase the reserved resources, because this + // requires resizing cgroups. Always look for a NodeAllocatableEnforced event + // after updating this field to ensure that the update was successful. + // Default: nil + // +optional + SystemReserved map[string]string `json:"systemReserved,omitempty"` + // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs + // that describe resources reserved for kubernetes system components. + // Currently cpu, memory and local storage for root file system are supported. + // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // it may not be possible to increase the reserved resources, because this + // requires resizing cgroups. Always look for a NodeAllocatableEnforced event + // after updating this field to ensure that the update was successful. + // Default: nil + // +optional + KubeReserved map[string]string `json:"kubeReserved,omitempty"` + // This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. + // Dynamic Kubelet Config (beta): This field should not be updated without a full node + // reboot. It is safest to keep this value the same as the local config. + // Default: "" + // +optional + SystemReservedCgroup string `json:"systemReservedCgroup,omitempty"` + // This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. + // Dynamic Kubelet Config (beta): This field should not be updated without a full node + // reboot. It is safest to keep this value the same as the local config. + // Default: "" + // +optional + KubeReservedCgroup string `json:"kubeReservedCgroup,omitempty"` + // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform. + // This flag accepts a list of options. Acceptable options are `none`, `pods`, `system-reserved` & `kube-reserved`. + // If `none` is specified, no other options may be specified. + // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information. + // Dynamic Kubelet Config (beta): If dynamically updating this field, consider that + // removing enforcements may reduce the stability of the node. Alternatively, adding + // enforcements may reduce the stability of components which were using more than + // the reserved amount of resources; for example, enforcing kube-reserved may cause + // Kubelets to OOM if it uses more than the reserved resources, and enforcing system-reserved + // may cause system daemons to OOM if they use more than the reserved resources. + // Default: ["pods"] + // +optional + EnforceNodeAllocatable []string `json:"enforceNodeAllocatable,omitempty"` +} + +type KubeletAuthorizationMode string + +const ( + // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests + KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" + // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization + KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" +) + +type KubeletAuthorization struct { + // mode is the authorization mode to apply to requests to the kubelet server. + // Valid values are AlwaysAllow and Webhook. + // Webhook mode uses the SubjectAccessReview API to determine authorization. + // +optional + Mode KubeletAuthorizationMode `json:"mode,omitempty"` + + // webhook contains settings related to Webhook authorization. + // +optional + Webhook KubeletWebhookAuthorization `json:"webhook"` +} + +type KubeletWebhookAuthorization struct { + // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. + // +optional + CacheAuthorizedTTL metav1.Duration `json:"cacheAuthorizedTTL,omitempty"` + // cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from the webhook authorizer. + // +optional + CacheUnauthorizedTTL metav1.Duration `json:"cacheUnauthorizedTTL,omitempty"` +} + +type KubeletAuthentication struct { + // x509 contains settings related to x509 client certificate authentication + // +optional + X509 KubeletX509Authentication `json:"x509"` + // webhook contains settings related to webhook bearer token authentication + // +optional + Webhook KubeletWebhookAuthentication `json:"webhook"` + // anonymous contains settings related to anonymous authentication + // +optional + Anonymous KubeletAnonymousAuthentication `json:"anonymous"` +} + +type KubeletX509Authentication struct { + // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate + // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, + // and groups corresponding to the Organization in the client certificate. + // +optional + ClientCAFile string `json:"clientCAFile,omitempty"` +} + +type KubeletWebhookAuthentication struct { + // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API + // +optional + Enabled *bool `json:"enabled,omitempty"` + // cacheTTL enables caching of authentication results + // +optional + CacheTTL metav1.Duration `json:"cacheTTL,omitempty"` +} + +type KubeletAnonymousAuthentication struct { + // enabled allows anonymous requests to the kubelet server. + // Requests that are not rejected by another authentication method are treated as anonymous requests. + // Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. + // +optional + Enabled *bool `json:"enabled,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// SerializedNodeConfigSource allows us to serialize v1.NodeConfigSource. +// This type is used internally by the Kubelet for tracking checkpointed dynamic configs. +// It exists in the kubeletconfig API group because it is classified as a versioned input to the Kubelet. +type SerializedNodeConfigSource struct { + metav1.TypeMeta `json:",inline"` + // Source is the source that we are serializing + // +optional + Source v1.NodeConfigSource `json:"source,omitempty" protobuf:"bytes,1,opt,name=source"` +} diff --git a/vendor/k8s.io/kubelet/config/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/kubelet/config/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..a924fac2ec3 --- /dev/null +++ b/vendor/k8s.io/kubelet/config/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,384 @@ +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1beta1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletAnonymousAuthentication) DeepCopyInto(out *KubeletAnonymousAuthentication) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAnonymousAuthentication. +func (in *KubeletAnonymousAuthentication) DeepCopy() *KubeletAnonymousAuthentication { + if in == nil { + return nil + } + out := new(KubeletAnonymousAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletAuthentication) DeepCopyInto(out *KubeletAuthentication) { + *out = *in + out.X509 = in.X509 + in.Webhook.DeepCopyInto(&out.Webhook) + in.Anonymous.DeepCopyInto(&out.Anonymous) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthentication. +func (in *KubeletAuthentication) DeepCopy() *KubeletAuthentication { + if in == nil { + return nil + } + out := new(KubeletAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletAuthorization) DeepCopyInto(out *KubeletAuthorization) { + *out = *in + out.Webhook = in.Webhook + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletAuthorization. +func (in *KubeletAuthorization) DeepCopy() *KubeletAuthorization { + if in == nil { + return nil + } + out := new(KubeletAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfiguration) DeepCopyInto(out *KubeletConfiguration) { + *out = *in + out.TypeMeta = in.TypeMeta + out.SyncFrequency = in.SyncFrequency + out.FileCheckFrequency = in.FileCheckFrequency + out.HTTPCheckFrequency = in.HTTPCheckFrequency + if in.StaticPodURLHeader != nil { + in, out := &in.StaticPodURLHeader, &out.StaticPodURLHeader + *out = make(map[string][]string, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make([]string, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + if in.TLSCipherSuites != nil { + in, out := &in.TLSCipherSuites, &out.TLSCipherSuites + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.Authentication.DeepCopyInto(&out.Authentication) + out.Authorization = in.Authorization + if in.RegistryPullQPS != nil { + in, out := &in.RegistryPullQPS, &out.RegistryPullQPS + *out = new(int32) + **out = **in + } + if in.EventRecordQPS != nil { + in, out := &in.EventRecordQPS, &out.EventRecordQPS + *out = new(int32) + **out = **in + } + if in.EnableDebuggingHandlers != nil { + in, out := &in.EnableDebuggingHandlers, &out.EnableDebuggingHandlers + *out = new(bool) + **out = **in + } + if in.HealthzPort != nil { + in, out := &in.HealthzPort, &out.HealthzPort + *out = new(int32) + **out = **in + } + if in.OOMScoreAdj != nil { + in, out := &in.OOMScoreAdj, &out.OOMScoreAdj + *out = new(int32) + **out = **in + } + if in.ClusterDNS != nil { + in, out := &in.ClusterDNS, &out.ClusterDNS + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout + out.NodeStatusUpdateFrequency = in.NodeStatusUpdateFrequency + out.NodeStatusReportFrequency = in.NodeStatusReportFrequency + out.ImageMinimumGCAge = in.ImageMinimumGCAge + if in.ImageGCHighThresholdPercent != nil { + in, out := &in.ImageGCHighThresholdPercent, &out.ImageGCHighThresholdPercent + *out = new(int32) + **out = **in + } + if in.ImageGCLowThresholdPercent != nil { + in, out := &in.ImageGCLowThresholdPercent, &out.ImageGCLowThresholdPercent + *out = new(int32) + **out = **in + } + out.VolumeStatsAggPeriod = in.VolumeStatsAggPeriod + if in.CgroupsPerQOS != nil { + in, out := &in.CgroupsPerQOS, &out.CgroupsPerQOS + *out = new(bool) + **out = **in + } + out.CPUManagerReconcilePeriod = in.CPUManagerReconcilePeriod + if in.QOSReserved != nil { + in, out := &in.QOSReserved, &out.QOSReserved + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + out.RuntimeRequestTimeout = in.RuntimeRequestTimeout + if in.PodPidsLimit != nil { + in, out := &in.PodPidsLimit, &out.PodPidsLimit + *out = new(int64) + **out = **in + } + if in.CPUCFSQuota != nil { + in, out := &in.CPUCFSQuota, &out.CPUCFSQuota + *out = new(bool) + **out = **in + } + if in.CPUCFSQuotaPeriod != nil { + in, out := &in.CPUCFSQuotaPeriod, &out.CPUCFSQuotaPeriod + *out = new(v1.Duration) + **out = **in + } + if in.KubeAPIQPS != nil { + in, out := &in.KubeAPIQPS, &out.KubeAPIQPS + *out = new(int32) + **out = **in + } + if in.SerializeImagePulls != nil { + in, out := &in.SerializeImagePulls, &out.SerializeImagePulls + *out = new(bool) + **out = **in + } + if in.EvictionHard != nil { + in, out := &in.EvictionHard, &out.EvictionHard + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.EvictionSoft != nil { + in, out := &in.EvictionSoft, &out.EvictionSoft + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.EvictionSoftGracePeriod != nil { + in, out := &in.EvictionSoftGracePeriod, &out.EvictionSoftGracePeriod + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + out.EvictionPressureTransitionPeriod = in.EvictionPressureTransitionPeriod + if in.EvictionMinimumReclaim != nil { + in, out := &in.EvictionMinimumReclaim, &out.EvictionMinimumReclaim + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.EnableControllerAttachDetach != nil { + in, out := &in.EnableControllerAttachDetach, &out.EnableControllerAttachDetach + *out = new(bool) + **out = **in + } + if in.MakeIPTablesUtilChains != nil { + in, out := &in.MakeIPTablesUtilChains, &out.MakeIPTablesUtilChains + *out = new(bool) + **out = **in + } + if in.IPTablesMasqueradeBit != nil { + in, out := &in.IPTablesMasqueradeBit, &out.IPTablesMasqueradeBit + *out = new(int32) + **out = **in + } + if in.IPTablesDropBit != nil { + in, out := &in.IPTablesDropBit, &out.IPTablesDropBit + *out = new(int32) + **out = **in + } + if in.FeatureGates != nil { + in, out := &in.FeatureGates, &out.FeatureGates + *out = make(map[string]bool, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.FailSwapOn != nil { + in, out := &in.FailSwapOn, &out.FailSwapOn + *out = new(bool) + **out = **in + } + if in.ContainerLogMaxFiles != nil { + in, out := &in.ContainerLogMaxFiles, &out.ContainerLogMaxFiles + *out = new(int32) + **out = **in + } + if in.SystemReserved != nil { + in, out := &in.SystemReserved, &out.SystemReserved + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.KubeReserved != nil { + in, out := &in.KubeReserved, &out.KubeReserved + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.EnforceNodeAllocatable != nil { + in, out := &in.EnforceNodeAllocatable, &out.EnforceNodeAllocatable + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfiguration. +func (in *KubeletConfiguration) DeepCopy() *KubeletConfiguration { + if in == nil { + return nil + } + out := new(KubeletConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeletConfiguration) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletWebhookAuthentication) DeepCopyInto(out *KubeletWebhookAuthentication) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + out.CacheTTL = in.CacheTTL + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthentication. +func (in *KubeletWebhookAuthentication) DeepCopy() *KubeletWebhookAuthentication { + if in == nil { + return nil + } + out := new(KubeletWebhookAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletWebhookAuthorization) DeepCopyInto(out *KubeletWebhookAuthorization) { + *out = *in + out.CacheAuthorizedTTL = in.CacheAuthorizedTTL + out.CacheUnauthorizedTTL = in.CacheUnauthorizedTTL + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletWebhookAuthorization. +func (in *KubeletWebhookAuthorization) DeepCopy() *KubeletWebhookAuthorization { + if in == nil { + return nil + } + out := new(KubeletWebhookAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletX509Authentication) DeepCopyInto(out *KubeletX509Authentication) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletX509Authentication. +func (in *KubeletX509Authentication) DeepCopy() *KubeletX509Authentication { + if in == nil { + return nil + } + out := new(KubeletX509Authentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SerializedNodeConfigSource) DeepCopyInto(out *SerializedNodeConfigSource) { + *out = *in + out.TypeMeta = in.TypeMeta + in.Source.DeepCopyInto(&out.Source) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SerializedNodeConfigSource. +func (in *SerializedNodeConfigSource) DeepCopy() *SerializedNodeConfigSource { + if in == nil { + return nil + } + out := new(SerializedNodeConfigSource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SerializedNodeConfigSource) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +}