Skip to content

Commit

Permalink
chore: bump kubevirt 0.3.0
Browse files Browse the repository at this point in the history
Signed-off-by: Peefy <[email protected]>
  • Loading branch information
Peefy committed Nov 4, 2024
1 parent 52cb5a9 commit a8b4a20
Show file tree
Hide file tree
Showing 36 changed files with 27,337 additions and 936 deletions.
4 changes: 2 additions & 2 deletions kubevirt/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@

## Resource

+ Code sources are [here](https://github.com/kcl-lang/artifacthub/tree/main/kubevirt)
+ Reference documents are [here][https://github.com/kcl-lang/artifacthub/tree/main/kubevirt/docs]
+ Code sources are [here](https://github.com/kcl-lang/modules/tree/main/kubevirt)
+ Reference documents are [here][https://github.com/kcl-lang/modules/tree/main/kubevirt/docs]
12,286 changes: 12,286 additions & 0 deletions kubevirt/crds/kubevirt.yaml

Large diffs are not rendered by default.

6,495 changes: 5,562 additions & 933 deletions kubevirt/docs/kubevirt.md

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion kubevirt/kcl.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "kubevirt"
version = "0.2.1"
version = "0.3.0"
description = "`kubevirt` module contains definitions for kubevirt"

[dependencies]
Expand Down
209 changes: 209 additions & 0 deletions kubevirt/v1/config_openshift_io_v1_api_server.k
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
"""
This file was generated by the KCL auto-gen tool. DO NOT EDIT.
Editing this file might prove futile when you re-run the KCL auto-gen generate command.
"""
import k8s.apimachinery.pkg.apis.meta.v1


schema APIServer:
r"""
APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.

Attributes
----------
apiVersion : str, default is "config.openshift.io/v1", required
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind : str, default is "APIServer", required
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata : v1.ObjectMeta, default is Undefined, optional
metadata
spec : ConfigOpenshiftIoV1APIServerSpec, default is Undefined, required
spec
status : any, default is Undefined, optional
status
"""


apiVersion: "config.openshift.io/v1" = "config.openshift.io/v1"

kind: "APIServer" = "APIServer"

metadata?: v1.ObjectMeta

spec: ConfigOpenshiftIoV1APIServerSpec

status?: any


schema ConfigOpenshiftIoV1APIServerSpec:
r"""
config openshift io v1 API server spec

Attributes
----------
additionalCORSAllowedOrigins : [str], default is Undefined, optional
additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.
clientCA : ConfigOpenshiftIoV1APIServerSpecClientCA, default is Undefined, optional
client c a
encryption : ConfigOpenshiftIoV1APIServerSpecEncryption, default is Undefined, optional
encryption
servingCerts : ConfigOpenshiftIoV1APIServerSpecServingCerts, default is Undefined, optional
serving certs
tlsSecurityProfile : ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfile, default is Undefined, optional
tls security profile
"""


additionalCORSAllowedOrigins?: [str]

clientCA?: ConfigOpenshiftIoV1APIServerSpecClientCA

encryption?: ConfigOpenshiftIoV1APIServerSpecEncryption

servingCerts?: ConfigOpenshiftIoV1APIServerSpecServingCerts

tlsSecurityProfile?: ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfile


schema ConfigOpenshiftIoV1APIServerSpecClientCA:
r"""
clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.

Attributes
----------
name : str, default is Undefined, required
name is the metadata.name of the referenced config map
"""


name: str


schema ConfigOpenshiftIoV1APIServerSpecEncryption:
r"""
encryption allows the configuration of encryption of resources at the datastore layer.

Attributes
----------
$type : str, default is Undefined, optional
type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices.
When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is:
1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io
"""


$type?: "" | "identity" | "aescbc"


schema ConfigOpenshiftIoV1APIServerSpecServingCerts:
r"""
servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.

Attributes
----------
namedCertificates : [ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0], default is Undefined, optional
namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
"""


namedCertificates?: [ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0]


schema ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0:
r"""
APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.

Attributes
----------
names : [str], default is Undefined, optional
names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
servingCertificate : ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0ServingCertificate, default is Undefined, optional
serving certificate
"""


names?: [str]

servingCertificate?: ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0ServingCertificate


schema ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0ServingCertificate:
r"""
servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.

Attributes
----------
name : str, default is Undefined, required
name is the metadata.name of the referenced secret
"""


name: str


schema ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfile:
r"""
tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.
If unset, a default (which may change between releases) is chosen. Note that only Old and Intermediate profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.

Attributes
----------
custom : ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfileCustom, default is Undefined, optional
custom
intermediate : any, default is Undefined, optional
intermediate is a TLS security profile based on:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
and looks like this (yaml):
ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2
modern : any, default is Undefined, optional
modern is a TLS security profile based on:
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
and looks like this (yaml):
ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3
NOTE: Currently unsupported.
old : any, default is Undefined, optional
old is a TLS security profile based on:
https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
and looks like this (yaml):
ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0
$type : str, default is Undefined, optional
type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:
https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.
Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.
"""


custom?: ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfileCustom

intermediate?: any

modern?: any

old?: any

$type?: str


schema ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfileCustom:
r"""
custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:
ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1

Attributes
----------
ciphers : [str], default is Undefined, optional
ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):
ciphers: - DES-CBC3-SHA
minTLSVersion : str, default is Undefined, optional
minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):
minTLSVersion: TLSv1.1
NOTE: currently the highest minTLSVersion allowed is VersionTLS12
"""


ciphers?: [str]

minTLSVersion?: str


129 changes: 129 additions & 0 deletions kubevirt/v1/config_openshift_io_v1_authentication.k
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
"""
This file was generated by the KCL auto-gen tool. DO NOT EDIT.
Editing this file might prove futile when you re-run the KCL auto-gen generate command.
"""
import k8s.apimachinery.pkg.apis.meta.v1


schema ConfigAuthentication:
r"""
Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.

Attributes
----------
apiVersion : str, default is "config.openshift.io/v1", required
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind : str, default is "Authentication", required
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata : v1.ObjectMeta, default is Undefined, optional
metadata
spec : ConfigOpenshiftIoV1AuthenticationSpec, default is Undefined, required
spec
status : ConfigOpenshiftIoV1AuthenticationStatus, default is Undefined, optional
status
"""


apiVersion: "config.openshift.io/v1" = "config.openshift.io/v1"

kind: "Authentication" = "Authentication"

metadata?: v1.ObjectMeta

spec: ConfigOpenshiftIoV1AuthenticationSpec

status?: ConfigOpenshiftIoV1AuthenticationStatus


schema ConfigOpenshiftIoV1AuthenticationSpec:
r"""
spec holds user settable values for configuration

Attributes
----------
oauthMetadata : ConfigOpenshiftIoV1AuthenticationSpecOauthMetadata, default is Undefined, optional
oauth metadata
$type : str, default is Undefined, optional
type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
webhookTokenAuthenticators : [ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0], default is Undefined, optional
webhookTokenAuthenticators configures remote token reviewers. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. The namespace for these secrets is openshift-config.
"""


oauthMetadata?: ConfigOpenshiftIoV1AuthenticationSpecOauthMetadata

$type?: str

webhookTokenAuthenticators?: [ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0]


schema ConfigOpenshiftIoV1AuthenticationSpecOauthMetadata:
r"""
oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.

Attributes
----------
name : str, default is Undefined, required
name is the metadata.name of the referenced config map
"""


name: str


schema ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0:
r"""
webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator

Attributes
----------
kubeConfig : ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0KubeConfig, default is Undefined, optional
kube config
"""


kubeConfig?: ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0KubeConfig


schema ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0KubeConfig:
r"""
kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.

Attributes
----------
name : str, default is Undefined, required
name is the metadata.name of the referenced secret
"""


name: str


schema ConfigOpenshiftIoV1AuthenticationStatus:
r"""
status holds observed values from the cluster. They may not be overridden.

Attributes
----------
integratedOAuthMetadata : ConfigOpenshiftIoV1AuthenticationStatusIntegratedOAuthMetadata, default is Undefined, optional
integrated o auth metadata
"""


integratedOAuthMetadata?: ConfigOpenshiftIoV1AuthenticationStatusIntegratedOAuthMetadata


schema ConfigOpenshiftIoV1AuthenticationStatusIntegratedOAuthMetadata:
r"""
integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.

Attributes
----------
name : str, default is Undefined, required
name is the metadata.name of the referenced config map
"""


name: str


Loading

0 comments on commit a8b4a20

Please sign in to comment.