diff --git a/api-ref-assets/api/swagger.json b/api-ref-assets/api/swagger.json
index 21e8660a1f..980551e60c 100644
--- a/api-ref-assets/api/swagger.json
+++ b/api-ref-assets/api/swagger.json
@@ -3707,6 +3707,10 @@
"format": "int32",
"type": "integer"
},
+ "podFailurePolicy": {
+ "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicy",
+ "description": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default)."
+ },
"selector": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector",
"description": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors"
@@ -3796,6 +3800,94 @@
},
"type": "object"
},
+ "io.k8s.api.batch.v1.PodFailurePolicy": {
+ "description": "PodFailurePolicy describes how failed pods influence the backoffLimit.",
+ "properties": {
+ "rules": {
+ "description": "A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.",
+ "items": {
+ "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyRule"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
+ }
+ },
+ "required": [
+ "rules"
+ ],
+ "type": "object"
+ },
+ "io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement": {
+ "description": "PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.",
+ "properties": {
+ "containerName": {
+ "description": "Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template.",
+ "type": "string"
+ },
+ "operator": {
+ "description": "Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is in the set of specified values.\n- NotIn: the requirement is satisfied if at least one container exit code\n (might be multiple if there are multiple containers not restricted\n by the 'containerName' field) is not in the set of specified values.\nAdditional values are considered to be added in the future. Clients should react to an unknown operator by assuming the requirement is not satisfied.\n\n",
+ "type": "string"
+ },
+ "values": {
+ "description": "Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.",
+ "items": {
+ "format": "int32",
+ "type": "integer"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "set"
+ }
+ },
+ "required": [
+ "operator",
+ "values"
+ ],
+ "type": "object"
+ },
+ "io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern": {
+ "description": "PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.",
+ "properties": {
+ "status": {
+ "description": "Specifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True.",
+ "type": "string"
+ },
+ "type": {
+ "description": "Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "type",
+ "status"
+ ],
+ "type": "object"
+ },
+ "io.k8s.api.batch.v1.PodFailurePolicyRule": {
+ "description": "PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.",
+ "properties": {
+ "action": {
+ "description": "Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - FailJob: indicates that the pod's job is marked as Failed and all\n running pods are terminated.\n- Ignore: indicates that the counter towards the .backoffLimit is not\n incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.\n\n",
+ "type": "string"
+ },
+ "onExitCodes": {
+ "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnExitCodesRequirement",
+ "description": "Represents the requirement on the container exit codes."
+ },
+ "onPodConditions": {
+ "description": "Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.",
+ "items": {
+ "$ref": "#/definitions/io.k8s.api.batch.v1.PodFailurePolicyOnPodConditionsPattern"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
+ }
+ },
+ "required": [
+ "action",
+ "onPodConditions"
+ ],
+ "type": "object"
+ },
"io.k8s.api.batch.v1.UncountedTerminatedPods": {
"description": "UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.",
"properties": {
@@ -4932,7 +5024,7 @@
"description": "Describe a container image",
"properties": {
"names": {
- "description": "Names by which this image is known. e.g. [\"k8s.gcr.io/hyperkube:v1.0.7\", \"dockerhub.io/google_containers/hyperkube:v1.0.7\"]",
+ "description": "Names by which this image is known. e.g. [\"kubernetes.example/hyperkube:v1.0.7\", \"cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7\"]",
"items": {
"type": "string"
},
@@ -7324,7 +7416,8 @@
},
"claimRef": {
"$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference",
- "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding"
+ "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding",
+ "x-kubernetes-map-type": "granular"
},
"csi": {
"$ref": "#/definitions/io.k8s.api.core.v1.CSIPersistentVolumeSource",
@@ -7824,6 +7917,10 @@
"description": "Use the host's pid namespace. Optional: Default to false.",
"type": "boolean"
},
+ "hostUsers": {
+ "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.",
+ "type": "boolean"
+ },
"hostname": {
"description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.",
"type": "string"
@@ -7860,7 +7957,7 @@
},
"os": {
"$ref": "#/definitions/io.k8s.api.core.v1.PodOS",
- "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
+ "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
},
"overhead": {
"additionalProperties": {
@@ -9361,7 +9458,7 @@
"type": "string"
},
"healthCheckNodePort": {
- "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type).",
+ "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.",
"format": "int32",
"type": "integer"
},
@@ -11984,6 +12081,96 @@
},
"type": "object"
},
+ "io.k8s.api.networking.v1alpha1.ClusterCIDR": {
+ "description": "ClusterCIDR represents a single configuration for per-Node Pod CIDR allocations when the MultiCIDRRangeAllocator is enabled (see the config for kube-controller-manager). A cluster may have any number of ClusterCIDR resources, all of which will be considered when allocating a CIDR for a Node. A ClusterCIDR is eligible to be used for a given Node when the node selector matches the node in question and has free CIDRs to allocate. In case of multiple matching ClusterCIDR resources, the allocator will attempt to break ties using internal heuristics, but any ClusterCIDR whose node selector matches the Node may be used.",
+ "properties": {
+ "apiVersion": {
+ "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
+ "type": "string"
+ },
+ "kind": {
+ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+ "type": "string"
+ },
+ "metadata": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta",
+ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata"
+ },
+ "spec": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDRSpec",
+ "description": "Spec is the desired state of the ClusterCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
+ }
+ },
+ "type": "object",
+ "x-kubernetes-group-version-kind": [
+ {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ ]
+ },
+ "io.k8s.api.networking.v1alpha1.ClusterCIDRList": {
+ "description": "ClusterCIDRList contains a list of ClusterCIDR.",
+ "properties": {
+ "apiVersion": {
+ "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
+ "type": "string"
+ },
+ "items": {
+ "description": "Items is the list of ClusterCIDRs.",
+ "items": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ },
+ "type": "array"
+ },
+ "kind": {
+ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+ "type": "string"
+ },
+ "metadata": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta",
+ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata"
+ }
+ },
+ "required": [
+ "items"
+ ],
+ "type": "object",
+ "x-kubernetes-group-version-kind": [
+ {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDRList",
+ "version": "v1alpha1"
+ }
+ ]
+ },
+ "io.k8s.api.networking.v1alpha1.ClusterCIDRSpec": {
+ "description": "ClusterCIDRSpec defines the desired state of ClusterCIDR.",
+ "properties": {
+ "ipv4": {
+ "description": "IPv4 defines an IPv4 IP block in CIDR notation(e.g. \"10.0.0.0/8\"). At least one of IPv4 and IPv6 must be specified. This field is immutable.",
+ "type": "string"
+ },
+ "ipv6": {
+ "description": "IPv6 defines an IPv6 IP block in CIDR notation(e.g. \"fd12:3456:789a:1::/64\"). At least one of IPv4 and IPv6 must be specified. This field is immutable.",
+ "type": "string"
+ },
+ "nodeSelector": {
+ "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector",
+ "description": "NodeSelector defines which nodes the config is applicable to. An empty or nil NodeSelector selects all nodes. This field is immutable."
+ },
+ "perNodeHostBits": {
+ "description": "PerNodeHostBits defines the number of host bits to be configured per node. A subnet mask determines how much of the address is used for network bits and host bits. For example an IPv4 address of 192.168.0.0/24, splits the address into 24 bits for the network portion and 8 bits for the host portion. To allocate 256 IPs, set this field to 8 (a /24 mask for IPv4 or a /120 for IPv6). Minimum value is 4 (16 IPs). This field is immutable.",
+ "format": "int32",
+ "type": "integer"
+ }
+ },
+ "required": [
+ "perNodeHostBits"
+ ],
+ "type": "object"
+ },
"io.k8s.api.node.v1.Overhead": {
"description": "Overhead structure represents the resource overhead associated with running a pod.",
"properties": {
@@ -12827,6 +13014,10 @@
"description": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.",
"type": "boolean"
},
+ "seLinuxMount": {
+ "description": "SELinuxMount specifies if the CSI driver supports \"-o context\" mount option.\n\nWhen \"true\", the CSI driver must ensure that all volumes provided by this CSI driver can be mounted separately with different `-o context` options. This is typical for storage backends that provide volumes as filesystems on block devices or as independent shared volumes. Kubernetes will call NodeStage / NodePublish with \"-o context=xyz\" mount option when mounting a ReadWriteOncePod volume used in Pod that has explicitly set SELinux context. In the future, it may be expanded to other volume AccessModes. In any case, Kubernetes will ensure that the volume is mounted only with a single SELinux context.\n\nWhen \"false\", Kubernetes won't pass any special SELinux mount options to the driver. This is typical for volumes that represent subdirectories of a bigger shared filesystem.\n\nDefault is \"false\".",
+ "type": "boolean"
+ },
"storageCapacity": {
"description": "If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information.\n\nThe check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object.\n\nAlternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published.\n\nThis field was immutable in Kubernetes <= 1.22 and now is mutable.",
"type": "boolean"
@@ -14549,6 +14740,11 @@
"kind": "DeleteOptions",
"version": "v1"
},
+ {
+ "group": "networking.k8s.io",
+ "kind": "DeleteOptions",
+ "version": "v1alpha1"
+ },
{
"group": "networking.k8s.io",
"kind": "DeleteOptions",
@@ -15222,6 +15418,11 @@
"kind": "WatchEvent",
"version": "v1"
},
+ {
+ "group": "networking.k8s.io",
+ "kind": "WatchEvent",
+ "version": "v1alpha1"
+ },
{
"group": "networking.k8s.io",
"kind": "WatchEvent",
@@ -67605,6 +67806,867 @@
}
]
},
+ "/apis/networking.k8s.io/v1alpha1/": {
+ "get": {
+ "consumes": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf"
+ ],
+ "description": "get available resources",
+ "operationId": "getNetworkingV1alpha1APIResources",
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ]
+ }
+ },
+ "/apis/networking.k8s.io/v1alpha1/clustercidrs": {
+ "delete": {
+ "consumes": [
+ "*/*"
+ ],
+ "description": "delete collection of ClusterCIDR",
+ "operationId": "deleteNetworkingV1alpha1CollectionClusterCIDR",
+ "parameters": [
+ {
+ "in": "body",
+ "name": "body",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
+ }
+ },
+ {
+ "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
+ "in": "query",
+ "name": "continue",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
+ "in": "query",
+ "name": "dryRun",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
+ "in": "query",
+ "name": "fieldSelector",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
+ "in": "query",
+ "name": "gracePeriodSeconds",
+ "type": "integer",
+ "uniqueItems": true
+ },
+ {
+ "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
+ "in": "query",
+ "name": "labelSelector",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
+ "in": "query",
+ "name": "limit",
+ "type": "integer",
+ "uniqueItems": true
+ },
+ {
+ "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
+ "in": "query",
+ "name": "orphanDependents",
+ "type": "boolean",
+ "uniqueItems": true
+ },
+ {
+ "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
+ "in": "query",
+ "name": "propagationPolicy",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
+ "in": "query",
+ "name": "resourceVersion",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
+ "in": "query",
+ "name": "resourceVersionMatch",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
+ "in": "query",
+ "name": "timeoutSeconds",
+ "type": "integer",
+ "uniqueItems": true
+ }
+ ],
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ],
+ "x-kubernetes-action": "deletecollection",
+ "x-kubernetes-group-version-kind": {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ },
+ "get": {
+ "consumes": [
+ "*/*"
+ ],
+ "description": "list or watch objects of kind ClusterCIDR",
+ "operationId": "listNetworkingV1alpha1ClusterCIDR",
+ "parameters": [
+ {
+ "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
+ "in": "query",
+ "name": "allowWatchBookmarks",
+ "type": "boolean",
+ "uniqueItems": true
+ },
+ {
+ "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
+ "in": "query",
+ "name": "continue",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
+ "in": "query",
+ "name": "fieldSelector",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
+ "in": "query",
+ "name": "labelSelector",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
+ "in": "query",
+ "name": "limit",
+ "type": "integer",
+ "uniqueItems": true
+ },
+ {
+ "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
+ "in": "query",
+ "name": "resourceVersion",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
+ "in": "query",
+ "name": "resourceVersionMatch",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
+ "in": "query",
+ "name": "timeoutSeconds",
+ "type": "integer",
+ "uniqueItems": true
+ },
+ {
+ "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
+ "in": "query",
+ "name": "watch",
+ "type": "boolean",
+ "uniqueItems": true
+ }
+ ],
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf",
+ "application/json;stream=watch",
+ "application/vnd.kubernetes.protobuf;stream=watch"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDRList"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ],
+ "x-kubernetes-action": "list",
+ "x-kubernetes-group-version-kind": {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ },
+ "parameters": [
+ {
+ "description": "If 'true', then the output is pretty printed.",
+ "in": "query",
+ "name": "pretty",
+ "type": "string",
+ "uniqueItems": true
+ }
+ ],
+ "post": {
+ "consumes": [
+ "*/*"
+ ],
+ "description": "create a ClusterCIDR",
+ "operationId": "createNetworkingV1alpha1ClusterCIDR",
+ "parameters": [
+ {
+ "in": "body",
+ "name": "body",
+ "required": true,
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ {
+ "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
+ "in": "query",
+ "name": "dryRun",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
+ "in": "query",
+ "name": "fieldManager",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
+ "in": "query",
+ "name": "fieldValidation",
+ "type": "string",
+ "uniqueItems": true
+ }
+ ],
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ "201": {
+ "description": "Created",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ "202": {
+ "description": "Accepted",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ],
+ "x-kubernetes-action": "post",
+ "x-kubernetes-group-version-kind": {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ }
+ },
+ "/apis/networking.k8s.io/v1alpha1/clustercidrs/{name}": {
+ "delete": {
+ "consumes": [
+ "*/*"
+ ],
+ "description": "delete a ClusterCIDR",
+ "operationId": "deleteNetworkingV1alpha1ClusterCIDR",
+ "parameters": [
+ {
+ "in": "body",
+ "name": "body",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
+ }
+ },
+ {
+ "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
+ "in": "query",
+ "name": "dryRun",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
+ "in": "query",
+ "name": "gracePeriodSeconds",
+ "type": "integer",
+ "uniqueItems": true
+ },
+ {
+ "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
+ "in": "query",
+ "name": "orphanDependents",
+ "type": "boolean",
+ "uniqueItems": true
+ },
+ {
+ "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
+ "in": "query",
+ "name": "propagationPolicy",
+ "type": "string",
+ "uniqueItems": true
+ }
+ ],
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
+ }
+ },
+ "202": {
+ "description": "Accepted",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ],
+ "x-kubernetes-action": "delete",
+ "x-kubernetes-group-version-kind": {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ },
+ "get": {
+ "consumes": [
+ "*/*"
+ ],
+ "description": "read the specified ClusterCIDR",
+ "operationId": "readNetworkingV1alpha1ClusterCIDR",
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ],
+ "x-kubernetes-action": "get",
+ "x-kubernetes-group-version-kind": {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ },
+ "parameters": [
+ {
+ "description": "name of the ClusterCIDR",
+ "in": "path",
+ "name": "name",
+ "required": true,
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "If 'true', then the output is pretty printed.",
+ "in": "query",
+ "name": "pretty",
+ "type": "string",
+ "uniqueItems": true
+ }
+ ],
+ "patch": {
+ "consumes": [
+ "application/json-patch+json",
+ "application/merge-patch+json",
+ "application/strategic-merge-patch+json",
+ "application/apply-patch+yaml"
+ ],
+ "description": "partially update the specified ClusterCIDR",
+ "operationId": "patchNetworkingV1alpha1ClusterCIDR",
+ "parameters": [
+ {
+ "in": "body",
+ "name": "body",
+ "required": true,
+ "schema": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
+ }
+ },
+ {
+ "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
+ "in": "query",
+ "name": "dryRun",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).",
+ "in": "query",
+ "name": "fieldManager",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
+ "in": "query",
+ "name": "fieldValidation",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.",
+ "in": "query",
+ "name": "force",
+ "type": "boolean",
+ "uniqueItems": true
+ }
+ ],
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ "201": {
+ "description": "Created",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ],
+ "x-kubernetes-action": "patch",
+ "x-kubernetes-group-version-kind": {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ },
+ "put": {
+ "consumes": [
+ "*/*"
+ ],
+ "description": "replace the specified ClusterCIDR",
+ "operationId": "replaceNetworkingV1alpha1ClusterCIDR",
+ "parameters": [
+ {
+ "in": "body",
+ "name": "body",
+ "required": true,
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ {
+ "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
+ "in": "query",
+ "name": "dryRun",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
+ "in": "query",
+ "name": "fieldManager",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
+ "in": "query",
+ "name": "fieldValidation",
+ "type": "string",
+ "uniqueItems": true
+ }
+ ],
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ "201": {
+ "description": "Created",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.api.networking.v1alpha1.ClusterCIDR"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ],
+ "x-kubernetes-action": "put",
+ "x-kubernetes-group-version-kind": {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ }
+ },
+ "/apis/networking.k8s.io/v1alpha1/watch/clustercidrs": {
+ "get": {
+ "consumes": [
+ "*/*"
+ ],
+ "description": "watch individual changes to a list of ClusterCIDR. deprecated: use the 'watch' parameter with a list operation instead.",
+ "operationId": "watchNetworkingV1alpha1ClusterCIDRList",
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf",
+ "application/json;stream=watch",
+ "application/vnd.kubernetes.protobuf;stream=watch"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ],
+ "x-kubernetes-action": "watchlist",
+ "x-kubernetes-group-version-kind": {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ },
+ "parameters": [
+ {
+ "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
+ "in": "query",
+ "name": "allowWatchBookmarks",
+ "type": "boolean",
+ "uniqueItems": true
+ },
+ {
+ "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
+ "in": "query",
+ "name": "continue",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
+ "in": "query",
+ "name": "fieldSelector",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
+ "in": "query",
+ "name": "labelSelector",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
+ "in": "query",
+ "name": "limit",
+ "type": "integer",
+ "uniqueItems": true
+ },
+ {
+ "description": "If 'true', then the output is pretty printed.",
+ "in": "query",
+ "name": "pretty",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
+ "in": "query",
+ "name": "resourceVersion",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
+ "in": "query",
+ "name": "resourceVersionMatch",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
+ "in": "query",
+ "name": "timeoutSeconds",
+ "type": "integer",
+ "uniqueItems": true
+ },
+ {
+ "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
+ "in": "query",
+ "name": "watch",
+ "type": "boolean",
+ "uniqueItems": true
+ }
+ ]
+ },
+ "/apis/networking.k8s.io/v1alpha1/watch/clustercidrs/{name}": {
+ "get": {
+ "consumes": [
+ "*/*"
+ ],
+ "description": "watch changes to an object of kind ClusterCIDR. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.",
+ "operationId": "watchNetworkingV1alpha1ClusterCIDR",
+ "produces": [
+ "application/json",
+ "application/yaml",
+ "application/vnd.kubernetes.protobuf",
+ "application/json;stream=watch",
+ "application/vnd.kubernetes.protobuf;stream=watch"
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
+ }
+ },
+ "401": {
+ "description": "Unauthorized"
+ }
+ },
+ "schemes": [
+ "https"
+ ],
+ "tags": [
+ "networking_v1alpha1"
+ ],
+ "x-kubernetes-action": "watch",
+ "x-kubernetes-group-version-kind": {
+ "group": "networking.k8s.io",
+ "kind": "ClusterCIDR",
+ "version": "v1alpha1"
+ }
+ },
+ "parameters": [
+ {
+ "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
+ "in": "query",
+ "name": "allowWatchBookmarks",
+ "type": "boolean",
+ "uniqueItems": true
+ },
+ {
+ "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
+ "in": "query",
+ "name": "continue",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
+ "in": "query",
+ "name": "fieldSelector",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
+ "in": "query",
+ "name": "labelSelector",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
+ "in": "query",
+ "name": "limit",
+ "type": "integer",
+ "uniqueItems": true
+ },
+ {
+ "description": "name of the ClusterCIDR",
+ "in": "path",
+ "name": "name",
+ "required": true,
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "If 'true', then the output is pretty printed.",
+ "in": "query",
+ "name": "pretty",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
+ "in": "query",
+ "name": "resourceVersion",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
+ "in": "query",
+ "name": "resourceVersionMatch",
+ "type": "string",
+ "uniqueItems": true
+ },
+ {
+ "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
+ "in": "query",
+ "name": "timeoutSeconds",
+ "type": "integer",
+ "uniqueItems": true
+ },
+ {
+ "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
+ "in": "query",
+ "name": "watch",
+ "type": "boolean",
+ "uniqueItems": true
+ }
+ ]
+ },
"/apis/node.k8s.io/": {
"get": {
"consumes": [
diff --git a/api-ref-assets/config/fields.yaml b/api-ref-assets/config/fields.yaml
index c54181274e..66055f92f2 100644
--- a/api-ref-assets/config/fields.yaml
+++ b/api-ref-assets/config/fields.yaml
@@ -51,6 +51,9 @@
- name: Security context
fields:
- securityContext
+ - name: Alpha level
+ fields:
+ - hostUsers
- name: Deprecated
fields:
- serviceAccount
@@ -382,6 +385,9 @@
fields:
- selector
- manualSelector
+ - name: Alpha level
+ fields:
+ - podFailurePolicy
- definition: io.k8s.api.batch.v1.JobStatus
field_categories:
diff --git a/api-ref-assets/config/toc.yaml b/api-ref-assets/config/toc.yaml
index 5da3b98386..621e3f8165 100644
--- a/api-ref-assets/config/toc.yaml
+++ b/api-ref-assets/config/toc.yaml
@@ -227,6 +227,9 @@ parts:
- name: ComponentStatus
group: ""
version: v1
+ - name: ClusterCIDR
+ group: networking.k8s.io
+ version: v1alpha1
- name: Common Definitions
chapters:
- name: DeleteOptions
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/cluster-cidr-v1alpha1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/cluster-cidr-v1alpha1.md
new file mode 100644
index 0000000000..410ba0b7f4
--- /dev/null
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/cluster-cidr-v1alpha1.md
@@ -0,0 +1,506 @@
+---
+api_metadata:
+ apiVersion: "networking.k8s.io/v1alpha1"
+ import: "k8s.io/api/networking/v1alpha1"
+ kind: "ClusterCIDR"
+content_type: "api_reference"
+description: "ClusterCIDR represents a single configuration for per-Node Pod CIDR allocations when the MultiCIDRRangeAllocator is enabled (see the config for kube-controller-manager)."
+title: "ClusterCIDR v1alpha1"
+weight: 11
+auto_generated: true
+---
+
+
+
+`apiVersion: networking.k8s.io/v1alpha1`
+
+`import "k8s.io/api/networking/v1alpha1"`
+
+
+## ClusterCIDR {#ClusterCIDR}
+
+ClusterCIDR represents a single configuration for per-Node Pod CIDR allocations when the MultiCIDRRangeAllocator is enabled (see the config for kube-controller-manager). A cluster may have any number of ClusterCIDR resources, all of which will be considered when allocating a CIDR for a Node. A ClusterCIDR is eligible to be used for a given Node when the node selector matches the node in question and has free CIDRs to allocate. In case of multiple matching ClusterCIDR resources, the allocator will attempt to break ties using internal heuristics, but any ClusterCIDR whose node selector matches the Node may be used.
+
+
+
+- **apiVersion**: networking.k8s.io/v1alpha1
+
+
+- **kind**: ClusterCIDR
+
+
+- **metadata** (}}">ObjectMeta)
+
+ Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+- **spec** (}}">ClusterCIDRSpec)
+
+ Spec is the desired state of the ClusterCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+
+
+
+
+## ClusterCIDRSpec {#ClusterCIDRSpec}
+
+ClusterCIDRSpec defines the desired state of ClusterCIDR.
+
+
+
+- **perNodeHostBits** (int32), required
+
+ PerNodeHostBits defines the number of host bits to be configured per node. A subnet mask determines how much of the address is used for network bits and host bits. For example an IPv4 address of 192.168.0.0/24, splits the address into 24 bits for the network portion and 8 bits for the host portion. To allocate 256 IPs, set this field to 8 (a /24 mask for IPv4 or a /120 for IPv6). Minimum value is 4 (16 IPs). This field is immutable.
+
+- **ipv4** (string)
+
+ IPv4 defines an IPv4 IP block in CIDR notation(e.g. "10.0.0.0/8"). At least one of IPv4 and IPv6 must be specified. This field is immutable.
+
+- **ipv6** (string)
+
+ IPv6 defines an IPv6 IP block in CIDR notation(e.g. "fd12:3456:789a:1::/64"). At least one of IPv4 and IPv6 must be specified. This field is immutable.
+
+- **nodeSelector** (NodeSelector)
+
+ NodeSelector defines which nodes the config is applicable to. An empty or nil NodeSelector selects all nodes. This field is immutable.
+
+
+ *A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.*
+
+ - **nodeSelector.nodeSelectorTerms** ([]NodeSelectorTerm), required
+
+ Required. A list of node selector terms. The terms are ORed.
+
+
+ *A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.*
+
+ - **nodeSelector.nodeSelectorTerms.matchExpressions** ([]}}">NodeSelectorRequirement)
+
+ A list of node selector requirements by node's labels.
+
+ - **nodeSelector.nodeSelectorTerms.matchFields** ([]}}">NodeSelectorRequirement)
+
+ A list of node selector requirements by node's fields.
+
+
+
+
+
+## ClusterCIDRList {#ClusterCIDRList}
+
+ClusterCIDRList contains a list of ClusterCIDR.
+
+
+
+- **apiVersion**: networking.k8s.io/v1alpha1
+
+
+- **kind**: ClusterCIDRList
+
+
+- **metadata** (}}">ListMeta)
+
+ Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+- **items** ([]}}">ClusterCIDR), required
+
+ Items is the list of ClusterCIDRs.
+
+
+
+
+
+## Operations {#Operations}
+
+
+
+
+
+
+
+
+
+
+### `get` read the specified ClusterCIDR
+
+#### HTTP Request
+
+GET /apis/networking.k8s.io/v1alpha1/clustercidrs/{name}
+
+#### Parameters
+
+
+- **name** (*in path*): string, required
+
+ name of the ClusterCIDR
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+
+#### Response
+
+
+200 (}}">ClusterCIDR): OK
+
+401: Unauthorized
+
+
+### `list` list or watch objects of kind ClusterCIDR
+
+#### HTTP Request
+
+GET /apis/networking.k8s.io/v1alpha1/clustercidrs
+
+#### Parameters
+
+
+- **allowWatchBookmarks** (*in query*): boolean
+
+ }}">allowWatchBookmarks
+
+
+- **continue** (*in query*): string
+
+ }}">continue
+
+
+- **fieldSelector** (*in query*): string
+
+ }}">fieldSelector
+
+
+- **labelSelector** (*in query*): string
+
+ }}">labelSelector
+
+
+- **limit** (*in query*): integer
+
+ }}">limit
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+- **resourceVersion** (*in query*): string
+
+ }}">resourceVersion
+
+
+- **resourceVersionMatch** (*in query*): string
+
+ }}">resourceVersionMatch
+
+
+- **timeoutSeconds** (*in query*): integer
+
+ }}">timeoutSeconds
+
+
+- **watch** (*in query*): boolean
+
+ }}">watch
+
+
+
+#### Response
+
+
+200 (}}">ClusterCIDRList): OK
+
+401: Unauthorized
+
+
+### `create` create a ClusterCIDR
+
+#### HTTP Request
+
+POST /apis/networking.k8s.io/v1alpha1/clustercidrs
+
+#### Parameters
+
+
+- **body**: }}">ClusterCIDR, required
+
+
+
+
+- **dryRun** (*in query*): string
+
+ }}">dryRun
+
+
+- **fieldManager** (*in query*): string
+
+ }}">fieldManager
+
+
+- **fieldValidation** (*in query*): string
+
+ }}">fieldValidation
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+
+#### Response
+
+
+200 (}}">ClusterCIDR): OK
+
+201 (}}">ClusterCIDR): Created
+
+202 (}}">ClusterCIDR): Accepted
+
+401: Unauthorized
+
+
+### `update` replace the specified ClusterCIDR
+
+#### HTTP Request
+
+PUT /apis/networking.k8s.io/v1alpha1/clustercidrs/{name}
+
+#### Parameters
+
+
+- **name** (*in path*): string, required
+
+ name of the ClusterCIDR
+
+
+- **body**: }}">ClusterCIDR, required
+
+
+
+
+- **dryRun** (*in query*): string
+
+ }}">dryRun
+
+
+- **fieldManager** (*in query*): string
+
+ }}">fieldManager
+
+
+- **fieldValidation** (*in query*): string
+
+ }}">fieldValidation
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+
+#### Response
+
+
+200 (}}">ClusterCIDR): OK
+
+201 (}}">ClusterCIDR): Created
+
+401: Unauthorized
+
+
+### `patch` partially update the specified ClusterCIDR
+
+#### HTTP Request
+
+PATCH /apis/networking.k8s.io/v1alpha1/clustercidrs/{name}
+
+#### Parameters
+
+
+- **name** (*in path*): string, required
+
+ name of the ClusterCIDR
+
+
+- **body**: }}">Patch, required
+
+
+
+
+- **dryRun** (*in query*): string
+
+ }}">dryRun
+
+
+- **fieldManager** (*in query*): string
+
+ }}">fieldManager
+
+
+- **fieldValidation** (*in query*): string
+
+ }}">fieldValidation
+
+
+- **force** (*in query*): boolean
+
+ }}">force
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+
+#### Response
+
+
+200 (}}">ClusterCIDR): OK
+
+201 (}}">ClusterCIDR): Created
+
+401: Unauthorized
+
+
+### `delete` delete a ClusterCIDR
+
+#### HTTP Request
+
+DELETE /apis/networking.k8s.io/v1alpha1/clustercidrs/{name}
+
+#### Parameters
+
+
+- **name** (*in path*): string, required
+
+ name of the ClusterCIDR
+
+
+- **body**: }}">DeleteOptions
+
+
+
+
+- **dryRun** (*in query*): string
+
+ }}">dryRun
+
+
+- **gracePeriodSeconds** (*in query*): integer
+
+ }}">gracePeriodSeconds
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+- **propagationPolicy** (*in query*): string
+
+ }}">propagationPolicy
+
+
+
+#### Response
+
+
+200 (}}">Status): OK
+
+202 (}}">Status): Accepted
+
+401: Unauthorized
+
+
+### `deletecollection` delete collection of ClusterCIDR
+
+#### HTTP Request
+
+DELETE /apis/networking.k8s.io/v1alpha1/clustercidrs
+
+#### Parameters
+
+
+- **body**: }}">DeleteOptions
+
+
+
+
+- **continue** (*in query*): string
+
+ }}">continue
+
+
+- **dryRun** (*in query*): string
+
+ }}">dryRun
+
+
+- **fieldSelector** (*in query*): string
+
+ }}">fieldSelector
+
+
+- **gracePeriodSeconds** (*in query*): integer
+
+ }}">gracePeriodSeconds
+
+
+- **labelSelector** (*in query*): string
+
+ }}">labelSelector
+
+
+- **limit** (*in query*): integer
+
+ }}">limit
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+- **propagationPolicy** (*in query*): string
+
+ }}">propagationPolicy
+
+
+- **resourceVersion** (*in query*): string
+
+ }}">resourceVersion
+
+
+- **resourceVersionMatch** (*in query*): string
+
+ }}">resourceVersionMatch
+
+
+- **timeoutSeconds** (*in query*): integer
+
+ }}">timeoutSeconds
+
+
+
+#### Response
+
+
+200 (}}">Status): OK
+
+401: Unauthorized
+
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md
index 38132a5a6f..befebb53c6 100644
--- a/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md
@@ -356,7 +356,7 @@ NodeStatus is information about the current status of a node.
- **images.names** ([]string)
- Names by which this image is known. e.g. ["k8s.gcr.io/hyperkube:v1.0.7", "dockerhub.io/google_containers/hyperkube:v1.0.7"]
+ Names by which this image is known. e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"]
- **images.sizeBytes** (int64)
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md
index 099f2d396f..911ef8e77e 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md
@@ -85,6 +85,16 @@ CSIDriverSpec is the specification of a CSIDriver.
Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.
+- **seLinuxMount** (boolean)
+
+ SELinuxMount specifies if the CSI driver supports "-o context" mount option.
+
+ When "true", the CSI driver must ensure that all volumes provided by this CSI driver can be mounted separately with different `-o context` options. This is typical for storage backends that provide volumes as filesystems on block devices or as independent shared volumes. Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount option when mounting a ReadWriteOncePod volume used in Pod that has explicitly set SELinux context. In the future, it may be expanded to other volume AccessModes. In any case, Kubernetes will ensure that the volume is mounted only with a single SELinux context.
+
+ When "false", Kubernetes won't pass any special SELinux mount options to the driver. This is typical for volumes that represent subdirectories of a bigger shared filesystem.
+
+ Default is "false".
+
- **storageCapacity** (boolean)
If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information.
diff --git a/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
index 5a8bce0439..e98d49081c 100644
--- a/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
+++ b/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
@@ -172,7 +172,7 @@ ServiceSpec describes the attributes that a user creates on a service.
- **healthCheckNodePort** (int32)
- healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type).
+ healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
- **publishNotReadyAddresses** (boolean)
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md
index ffb8d64155..6980217f66 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md
@@ -117,6 +117,85 @@ JobSpec describes how the job execution will look like.
manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+### Alpha level
+
+
+- **podFailurePolicy** (PodFailurePolicy)
+
+ Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.
+
+ This field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default).
+
+
+ *PodFailurePolicy describes how failed pods influence the backoffLimit.*
+
+ - **podFailurePolicy.rules** ([]PodFailurePolicyRule), required
+
+ *Atomic: will be replaced during a merge*
+
+ A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.
+
+
+ *PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.*
+
+ - **podFailurePolicy.rules.action** (string), required
+
+ Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - FailJob: indicates that the pod's job is marked as Failed and all
+ running pods are terminated.
+ - Ignore: indicates that the counter towards the .backoffLimit is not
+ incremented and a replacement pod is created.
+ - Count: indicates that the pod is handled in the default way - the
+ counter towards the .backoffLimit is incremented.
+ Additional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.
+
+
+
+ - **podFailurePolicy.rules.onPodConditions** ([]PodFailurePolicyOnPodConditionsPattern), required
+
+ *Atomic: will be replaced during a merge*
+
+ Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.
+
+
+ *PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.*
+
+ - **podFailurePolicy.rules.onPodConditions.status** (string), required
+
+ Specifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True.
+
+ - **podFailurePolicy.rules.onPodConditions.type** (string), required
+
+ Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type.
+
+ - **podFailurePolicy.rules.onExitCodes** (PodFailurePolicyOnExitCodesRequirement)
+
+ Represents the requirement on the container exit codes.
+
+
+ *PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.*
+
+ - **podFailurePolicy.rules.onExitCodes.operator** (string), required
+
+ Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code
+ (might be multiple if there are multiple containers not restricted
+ by the 'containerName' field) is in the set of specified values.
+ - NotIn: the requirement is satisfied if at least one container exit code
+ (might be multiple if there are multiple containers not restricted
+ by the 'containerName' field) is not in the set of specified values.
+ Additional values are considered to be added in the future. Clients should react to an unknown operator by assuming the requirement is not satisfied.
+
+
+
+ - **podFailurePolicy.rules.onExitCodes.values** ([]int32), required
+
+ *Set: unique values will be kept during a merge*
+
+ Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.
+
+ - **podFailurePolicy.rules.onExitCodes.containerName** (string)
+
+ Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template.
+
## JobStatus {#JobStatus}
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md
index 76638f5dc1..726d305980 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md
@@ -99,7 +99,7 @@ PodSpec is a description of a pod.
If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions
- If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup
+ If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup
*PodOS defines the OS parameters of a pod.*
@@ -503,6 +503,13 @@ PodSpec is a description of a pod.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+### Alpha level
+
+
+- **hostUsers** (boolean)
+
+ Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+
### Deprecated
@@ -1786,7 +1793,7 @@ Probe describes a health check to be performed against a container to determine
- **grpc.service** (string)
- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md ).
+ Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.