@@ -20098,6 +20098,237 @@ spec:
2009820098 - name
2009920099 type: object
2010020100 type: array
20101+ systemCATrust:
20102+ description: Custom certificates to inject into the repo server
20103+ container and its plugins to trust source hosting sites
20104+ properties:
20105+ clusterTrustBundles:
20106+ description: ClusterTrustBundles is a list of projected ClusterTrustBundle
20107+ volume definitions from where to take the trust certs.
20108+ items:
20109+ description: |-
20110+ ClusterTrustBundleProjection describes how to select a set of
20111+ ClusterTrustBundle objects and project their contents into the pod
20112+ filesystem.
20113+ properties:
20114+ labelSelector:
20115+ description: |-
20116+ Select all ClusterTrustBundles that match this label selector. Only has
20117+ effect if signerName is set. Mutually-exclusive with name. If unset,
20118+ interpreted as "match nothing". If set but empty, interpreted as "match
20119+ everything".
20120+ properties:
20121+ matchExpressions:
20122+ description: matchExpressions is a list of label
20123+ selector requirements. The requirements are ANDed.
20124+ items:
20125+ description: |-
20126+ A label selector requirement is a selector that contains values, a key, and an operator that
20127+ relates the key and values.
20128+ properties:
20129+ key:
20130+ description: key is the label key that the
20131+ selector applies to.
20132+ type: string
20133+ operator:
20134+ description: |-
20135+ operator represents a key's relationship to a set of values.
20136+ Valid operators are In, NotIn, Exists and DoesNotExist.
20137+ type: string
20138+ values:
20139+ description: |-
20140+ values is an array of string values. If the operator is In or NotIn,
20141+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
20142+ the values array must be empty. This array is replaced during a strategic
20143+ merge patch.
20144+ items:
20145+ type: string
20146+ type: array
20147+ x-kubernetes-list-type: atomic
20148+ required:
20149+ - key
20150+ - operator
20151+ type: object
20152+ type: array
20153+ x-kubernetes-list-type: atomic
20154+ matchLabels:
20155+ additionalProperties:
20156+ type: string
20157+ description: |-
20158+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
20159+ map is equivalent to an element of matchExpressions, whose key field is "key", the
20160+ operator is "In", and the values array contains only "value". The requirements are ANDed.
20161+ type: object
20162+ type: object
20163+ x-kubernetes-map-type: atomic
20164+ name:
20165+ description: |-
20166+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
20167+ with signerName and labelSelector.
20168+ type: string
20169+ optional:
20170+ description: |-
20171+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
20172+ aren't available. If using name, then the named ClusterTrustBundle is
20173+ allowed not to exist. If using signerName, then the combination of
20174+ signerName and labelSelector is allowed to match zero
20175+ ClusterTrustBundles.
20176+ type: boolean
20177+ path:
20178+ description: Relative path from the volume root to write
20179+ the bundle.
20180+ type: string
20181+ signerName:
20182+ description: |-
20183+ Select all ClusterTrustBundles that match this signer name.
20184+ Mutually-exclusive with name. The contents of all selected
20185+ ClusterTrustBundles will be unified and deduplicated.
20186+ type: string
20187+ required:
20188+ - path
20189+ type: object
20190+ type: array
20191+ configMaps:
20192+ description: ConfigMaps is a list of projected ConfigMap volume
20193+ definitions from where to take the trust certs.
20194+ items:
20195+ description: |-
20196+ Adapts a ConfigMap into a projected volume.
20197+
20198+ The contents of the target ConfigMap's Data field will be presented in a
20199+ projected volume as files using the keys in the Data field as the file names,
20200+ unless the items element is populated with specific mappings of keys to paths.
20201+ Note that this is identical to a configmap volume source without the default
20202+ mode.
20203+ properties:
20204+ items:
20205+ description: |-
20206+ items if unspecified, each key-value pair in the Data field of the referenced
20207+ ConfigMap will be projected into the volume as a file whose name is the
20208+ key and content is the value. If specified, the listed keys will be
20209+ projected into the specified paths, and unlisted keys will not be
20210+ present. If a key is specified which is not present in the ConfigMap,
20211+ the volume setup will error unless it is marked optional. Paths must be
20212+ relative and may not contain the '..' path or start with '..'.
20213+ items:
20214+ description: Maps a string key to a path within a
20215+ volume.
20216+ properties:
20217+ key:
20218+ description: key is the key to project.
20219+ type: string
20220+ mode:
20221+ description: |-
20222+ mode is Optional: mode bits used to set permissions on this file.
20223+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
20224+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
20225+ If not specified, the volume defaultMode will be used.
20226+ This might be in conflict with other options that affect the file
20227+ mode, like fsGroup, and the result can be other mode bits set.
20228+ format: int32
20229+ type: integer
20230+ path:
20231+ description: |-
20232+ path is the relative path of the file to map the key to.
20233+ May not be an absolute path.
20234+ May not contain the path element '..'.
20235+ May not start with the string '..'.
20236+ type: string
20237+ required:
20238+ - key
20239+ - path
20240+ type: object
20241+ type: array
20242+ x-kubernetes-list-type: atomic
20243+ name:
20244+ default: ""
20245+ description: |-
20246+ Name of the referent.
20247+ This field is effectively required, but due to backwards compatibility is
20248+ allowed to be empty. Instances of this type with an empty value here are
20249+ almost certainly wrong.
20250+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
20251+ type: string
20252+ optional:
20253+ description: optional specify whether the ConfigMap
20254+ or its keys must be defined
20255+ type: boolean
20256+ type: object
20257+ x-kubernetes-map-type: atomic
20258+ type: array
20259+ dropImageCertificates:
20260+ description: DropImageCertificates will remove all certs that
20261+ are present in the image, leaving only those explicitly
20262+ configured here.
20263+ type: boolean
20264+ secrets:
20265+ description: Secrets is a list of projected Secret volume
20266+ definitions from where to take the trust certs.
20267+ items:
20268+ description: |-
20269+ Adapts a secret into a projected volume.
20270+
20271+ The contents of the target Secret's Data field will be presented in a
20272+ projected volume as files using the keys in the Data field as the file names.
20273+ Note that this is identical to a secret volume source without the default
20274+ mode.
20275+ properties:
20276+ items:
20277+ description: |-
20278+ items if unspecified, each key-value pair in the Data field of the referenced
20279+ Secret will be projected into the volume as a file whose name is the
20280+ key and content is the value. If specified, the listed keys will be
20281+ projected into the specified paths, and unlisted keys will not be
20282+ present. If a key is specified which is not present in the Secret,
20283+ the volume setup will error unless it is marked optional. Paths must be
20284+ relative and may not contain the '..' path or start with '..'.
20285+ items:
20286+ description: Maps a string key to a path within a
20287+ volume.
20288+ properties:
20289+ key:
20290+ description: key is the key to project.
20291+ type: string
20292+ mode:
20293+ description: |-
20294+ mode is Optional: mode bits used to set permissions on this file.
20295+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
20296+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
20297+ If not specified, the volume defaultMode will be used.
20298+ This might be in conflict with other options that affect the file
20299+ mode, like fsGroup, and the result can be other mode bits set.
20300+ format: int32
20301+ type: integer
20302+ path:
20303+ description: |-
20304+ path is the relative path of the file to map the key to.
20305+ May not be an absolute path.
20306+ May not contain the path element '..'.
20307+ May not start with the string '..'.
20308+ type: string
20309+ required:
20310+ - key
20311+ - path
20312+ type: object
20313+ type: array
20314+ x-kubernetes-list-type: atomic
20315+ name:
20316+ default: ""
20317+ description: |-
20318+ Name of the referent.
20319+ This field is effectively required, but due to backwards compatibility is
20320+ allowed to be empty. Instances of this type with an empty value here are
20321+ almost certainly wrong.
20322+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
20323+ type: string
20324+ optional:
20325+ description: optional field specify whether the Secret
20326+ or its key must be defined
20327+ type: boolean
20328+ type: object
20329+ x-kubernetes-map-type: atomic
20330+ type: array
20331+ type: object
2010120332 verifytls:
2010220333 description: VerifyTLS defines whether repo server API should
2010320334 be accessed using strict TLS validation
0 commit comments