From f9cca9590d61edfa39994efd4a5949de0fa7d84a Mon Sep 17 00:00:00 2001 From: Mahe Tardy Date: Thu, 12 Sep 2024 13:06:29 +0200 Subject: [PATCH] chores: run make crds with updated scripts Signed-off-by: Mahe Tardy --- .../kubernetes/schemas/podinfo-cilium.io.json | 12 +- .../schemas/tracingpolicy-cilium.io.json | 124 +++-- .../tracingpolicynamespaced-cilium.io.json | 124 +++-- .../tetragon/crds-yaml/cilium.io_podinfo.yaml | 55 +- .../crds-yaml/cilium.io_tracingpolicies.yaml | 522 +++++++++--------- .../cilium.io_tracingpoliciesnamespaced.yaml | 522 +++++++++--------- .../crds/v1alpha1/cilium.io_podinfo.yaml | 55 +- .../v1alpha1/cilium.io_tracingpolicies.yaml | 522 +++++++++--------- .../cilium.io_tracingpoliciesnamespaced.yaml | 522 +++++++++--------- pkg/k8s/apis/cilium.io/v1alpha1/version.go | 2 +- .../versioned/fake/clientset_generated.go | 6 +- .../cilium.io/v1alpha1/fake/fake_podinfo.go | 36 +- .../v1alpha1/fake/fake_tracingpolicy.go | 29 +- .../fake/fake_tracingpolicynamespaced.go | 29 +- .../typed/cilium.io/v1alpha1/podinfo.go | 146 +---- .../typed/cilium.io/v1alpha1/tracingpolicy.go | 119 +--- .../v1alpha1/tracingpolicynamespaced.go | 129 +---- .../informers/externalversions/factory.go | 1 + .../listers/cilium.io/v1alpha1/podinfo.go | 39 +- .../cilium.io/v1alpha1/tracingpolicy.go | 26 +- .../v1alpha1/tracingpolicynamespaced.go | 39 +- .../vendor/k8s.io/client-go/listers/doc.go | 18 + .../client-go/listers/generic_helpers.go | 72 +++ pkg/k8s/vendor/modules.txt | 1 + .../crds/v1alpha1/cilium.io_podinfo.yaml | 55 +- .../v1alpha1/cilium.io_tracingpolicies.yaml | 522 +++++++++--------- .../cilium.io_tracingpoliciesnamespaced.yaml | 522 +++++++++--------- .../k8s/apis/cilium.io/v1alpha1/version.go | 2 +- .../typed/cilium.io/v1alpha1/podinfo.go | 146 +---- .../typed/cilium.io/v1alpha1/tracingpolicy.go | 119 +--- .../v1alpha1/tracingpolicynamespaced.go | 129 +---- .../informers/externalversions/factory.go | 1 + .../listers/cilium.io/v1alpha1/podinfo.go | 39 +- .../cilium.io/v1alpha1/tracingpolicy.go | 26 +- .../v1alpha1/tracingpolicynamespaced.go | 39 +- 35 files changed, 1948 insertions(+), 2802 deletions(-) create mode 100644 pkg/k8s/vendor/k8s.io/client-go/listers/doc.go create mode 100644 pkg/k8s/vendor/k8s.io/client-go/listers/generic_helpers.go diff --git a/install/kubernetes/schemas/podinfo-cilium.io.json b/install/kubernetes/schemas/podinfo-cilium.io.json index 171621b8ab2..23d480d6a34 100644 --- a/install/kubernetes/schemas/podinfo-cilium.io.json +++ b/install/kubernetes/schemas/podinfo-cilium.io.json @@ -2,11 +2,11 @@ "description": "PodInfo is the Scheme for the Podinfo API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -15,7 +15,7 @@ "spec": { "properties": { "hostNetwork": { - "description": "Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified.", + "description": "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.", "type": "boolean" } }, @@ -25,7 +25,7 @@ "status": { "properties": { "podIP": { - "description": "IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.", + "description": "IP address allocated to the pod. Routable at least within the cluster.\nEmpty if not yet allocated.", "type": "string" }, "podIPs": { @@ -65,11 +65,11 @@ "description": "Workload type (e.g. \"Deployment\", \"Daemonset\") that created this pod.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" } }, diff --git a/install/kubernetes/schemas/tracingpolicy-cilium.io.json b/install/kubernetes/schemas/tracingpolicy-cilium.io.json index 4747abbf9c3..58568794089 100644 --- a/install/kubernetes/schemas/tracingpolicy-cilium.io.json +++ b/install/kubernetes/schemas/tracingpolicy-cilium.io.json @@ -1,11 +1,11 @@ { "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -15,19 +15,19 @@ "description": "Tracing policy specification.", "properties": { "containerSelector": { - "description": "ContainerSelector selects containers that this policy applies to. A map of container fields will be constructed in the same way as a map of labels. The name of the field represents the label \"key\", and the value of the field - label \"value\". Currently, only the \"name\" field is supported.", + "description": "ContainerSelector selects containers that this policy applies to.\nA map of container fields will be constructed in the same way as a map of labels.\nThe name of the field represents the label \"key\", and the value of the field - label \"value\".\nCurrently, only the \"name\" field is supported.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -37,11 +37,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -51,7 +52,8 @@ "type": "object", "additionalProperties": false }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -60,11 +62,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "enforcers": { @@ -107,16 +110,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -182,7 +185,7 @@ "type": "string" }, "message": { - "description": "A short message of 256 characters max that will be included in the event output to inform users what is going on.", + "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", "type": "string" }, "return": { @@ -205,16 +208,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -274,13 +277,13 @@ "additionalProperties": false }, "returnArgAction": { - "description": "An action to perform on the return argument. Available actions are: Post;TrackSock;UntrackSock", + "description": "An action to perform on the return argument.\nAvailable actions are: Post;TrackSock;UntrackSock", "type": "string" }, "selectors": { "description": "Selectors to apply before producing trace output. Selectors are ORed.", "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The results of MatchPIDs and MatchArgs are ANDed.", + "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", "properties": { "matchActions": { "description": "A list of actions to execute when this selector matches", @@ -343,11 +346,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -726,11 +729,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -819,7 +822,7 @@ "type": "boolean" }, "tags": { - "description": "Tags to categorize the event, will be include in the event output. Maximum of 16 Tags are supported.", + "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", "items": { "type": "string" }, @@ -900,16 +903,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -975,13 +978,13 @@ "type": "string" }, "message": { - "description": "A short message of 256 characters max that will be included in the event output to inform users what is going on.", + "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", "type": "string" }, "selectors": { "description": "Selectors to apply before producing trace output. Selectors are ORed.", "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The results of MatchPIDs and MatchArgs are ANDed.", + "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", "properties": { "matchActions": { "description": "A list of actions to execute when this selector matches", @@ -1044,11 +1047,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -1427,11 +1430,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -1515,7 +1518,7 @@ "type": "array" }, "tags": { - "description": "Tags to categorize the event, will be include in the event output. Maximum of 16 Tags are supported.", + "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", "items": { "type": "string" }, @@ -1558,14 +1561,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1575,11 +1578,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1589,7 +1593,8 @@ "type": "object", "additionalProperties": false }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1598,11 +1603,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "tracepoints": { @@ -1625,16 +1631,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -1700,13 +1706,13 @@ "type": "string" }, "message": { - "description": "A short message of 256 characters max that will be included in the event output to inform users what is going on.", + "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", "type": "string" }, "selectors": { "description": "Selectors to apply before producing trace output. Selectors are ORed.", "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The results of MatchPIDs and MatchArgs are ANDed.", + "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", "properties": { "matchActions": { "description": "A list of actions to execute when this selector matches", @@ -1769,11 +1775,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -2152,11 +2158,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -2244,7 +2250,7 @@ "type": "string" }, "tags": { - "description": "Tags to categorize the event, will be include in the event output. Maximum of 16 Tags are supported.", + "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", "items": { "type": "string" }, @@ -2281,16 +2287,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -2352,7 +2358,7 @@ "type": "array" }, "message": { - "description": "A short message of 256 characters max that will be included in the event output to inform users what is going on.", + "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", "type": "string" }, "path": { @@ -2362,7 +2368,7 @@ "selectors": { "description": "Selectors to apply before producing trace output. Selectors are ORed.", "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The results of MatchPIDs and MatchArgs are ANDed.", + "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", "properties": { "matchActions": { "description": "A list of actions to execute when this selector matches", @@ -2425,11 +2431,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -2808,11 +2814,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -2903,7 +2909,7 @@ "type": "array" }, "tags": { - "description": "Tags to categorize the event, will be include in the event output. Maximum of 16 Tags are supported.", + "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", "items": { "type": "string" }, diff --git a/install/kubernetes/schemas/tracingpolicynamespaced-cilium.io.json b/install/kubernetes/schemas/tracingpolicynamespaced-cilium.io.json index 4747abbf9c3..58568794089 100644 --- a/install/kubernetes/schemas/tracingpolicynamespaced-cilium.io.json +++ b/install/kubernetes/schemas/tracingpolicynamespaced-cilium.io.json @@ -1,11 +1,11 @@ { "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -15,19 +15,19 @@ "description": "Tracing policy specification.", "properties": { "containerSelector": { - "description": "ContainerSelector selects containers that this policy applies to. A map of container fields will be constructed in the same way as a map of labels. The name of the field represents the label \"key\", and the value of the field - label \"value\". Currently, only the \"name\" field is supported.", + "description": "ContainerSelector selects containers that this policy applies to.\nA map of container fields will be constructed in the same way as a map of labels.\nThe name of the field represents the label \"key\", and the value of the field - label \"value\".\nCurrently, only the \"name\" field is supported.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -37,11 +37,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -51,7 +52,8 @@ "type": "object", "additionalProperties": false }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -60,11 +62,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "enforcers": { @@ -107,16 +110,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -182,7 +185,7 @@ "type": "string" }, "message": { - "description": "A short message of 256 characters max that will be included in the event output to inform users what is going on.", + "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", "type": "string" }, "return": { @@ -205,16 +208,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -274,13 +277,13 @@ "additionalProperties": false }, "returnArgAction": { - "description": "An action to perform on the return argument. Available actions are: Post;TrackSock;UntrackSock", + "description": "An action to perform on the return argument.\nAvailable actions are: Post;TrackSock;UntrackSock", "type": "string" }, "selectors": { "description": "Selectors to apply before producing trace output. Selectors are ORed.", "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The results of MatchPIDs and MatchArgs are ANDed.", + "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", "properties": { "matchActions": { "description": "A list of actions to execute when this selector matches", @@ -343,11 +346,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -726,11 +729,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -819,7 +822,7 @@ "type": "boolean" }, "tags": { - "description": "Tags to categorize the event, will be include in the event output. Maximum of 16 Tags are supported.", + "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", "items": { "type": "string" }, @@ -900,16 +903,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -975,13 +978,13 @@ "type": "string" }, "message": { - "description": "A short message of 256 characters max that will be included in the event output to inform users what is going on.", + "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", "type": "string" }, "selectors": { "description": "Selectors to apply before producing trace output. Selectors are ORed.", "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The results of MatchPIDs and MatchArgs are ANDed.", + "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", "properties": { "matchActions": { "description": "A list of actions to execute when this selector matches", @@ -1044,11 +1047,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -1427,11 +1430,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -1515,7 +1518,7 @@ "type": "array" }, "tags": { - "description": "Tags to categorize the event, will be include in the event output. Maximum of 16 Tags are supported.", + "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", "items": { "type": "string" }, @@ -1558,14 +1561,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1575,11 +1578,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1589,7 +1593,8 @@ "type": "object", "additionalProperties": false }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1598,11 +1603,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "tracepoints": { @@ -1625,16 +1631,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -1700,13 +1706,13 @@ "type": "string" }, "message": { - "description": "A short message of 256 characters max that will be included in the event output to inform users what is going on.", + "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", "type": "string" }, "selectors": { "description": "Selectors to apply before producing trace output. Selectors are ORed.", "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The results of MatchPIDs and MatchArgs are ANDed.", + "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", "properties": { "matchActions": { "description": "A list of actions to execute when this selector matches", @@ -1769,11 +1775,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -2152,11 +2158,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -2244,7 +2250,7 @@ "type": "string" }, "tags": { - "description": "Tags to categorize the event, will be include in the event output. Maximum of 16 Tags are supported.", + "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", "items": { "type": "string" }, @@ -2281,16 +2287,16 @@ }, "maxData": { "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used for char_buff data. When this value is false (default), the bpf program will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon supports fetching up to 327360 bytes if this flag is turned on", + "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", "type": "boolean" }, "returnCopy": { "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates that this argument should be read later (when the kretprobe for the symbol is triggered) because it might not be populated when the kprobe is triggered at the entrance of the function. For example, a buffer supplied to read(2) won't have content until kretprobe is triggered.", + "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", "type": "boolean" }, "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument. This field is used only for char_buf and char_iovec types.", + "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", "format": "int32", "minimum": 0, "type": "integer" @@ -2352,7 +2358,7 @@ "type": "array" }, "message": { - "description": "A short message of 256 characters max that will be included in the event output to inform users what is going on.", + "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", "type": "string" }, "path": { @@ -2362,7 +2368,7 @@ "selectors": { "description": "Selectors to apply before producing trace output. Selectors are ORed.", "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The results of MatchPIDs and MatchArgs are ANDed.", + "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", "properties": { "matchActions": { "description": "A list of actions to execute when this selector matches", @@ -2425,11 +2431,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -2808,11 +2814,11 @@ "type": "boolean" }, "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be specified in seconds (default or with 's' suffix), minutes ('m' suffix) or hours ('h' suffix). Only valid with the post action.", + "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", "type": "string" }, "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default), \"process\" (all threads for the same process), or \"global\". If \"thread\" is selected then rate limiting applies per thread; if \"process\" is selected then rate limiting applies per process; if \"global\" is selected then rate limiting applies regardless of which process or thread caused the action. Only valid with the post action and with a rateLimit specified.", + "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", "type": "string" }, "userStackTrace": { @@ -2903,7 +2909,7 @@ "type": "array" }, "tags": { - "description": "Tags to categorize the event, will be include in the event output. Maximum of 16 Tags are supported.", + "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", "items": { "type": "string" }, diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_podinfo.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_podinfo.yaml index 776419be4f7..80b95737864 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_podinfo.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_podinfo.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: podinfo.cilium.io spec: group: cilium.io @@ -21,30 +20,36 @@ spec: description: PodInfo is the Scheme for the Podinfo API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: hostNetwork: - description: Host networking requested for this pod. Use the host's - network namespace. If this option is set, the ports that will be - used must be specified. + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. type: boolean type: object status: properties: podIP: - description: IP address allocated to the pod. Routable at least within - the cluster. Empty if not yet allocated. + description: |- + IP address allocated to the pod. Routable at least within the cluster. + Empty if not yet allocated. type: string podIPs: description: List of Ip addresses allocated to the pod. 0th entry @@ -73,23 +78,21 @@ spec: this pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string type: object type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml index 88c97b78fe4..10fbe70604d 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpolicies.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml index e30a7ee4f86..edefc082adf 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpoliciesnamespaced.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml index 776419be4f7..80b95737864 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: podinfo.cilium.io spec: group: cilium.io @@ -21,30 +20,36 @@ spec: description: PodInfo is the Scheme for the Podinfo API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: hostNetwork: - description: Host networking requested for this pod. Use the host's - network namespace. If this option is set, the ports that will be - used must be specified. + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. type: boolean type: object status: properties: podIP: - description: IP address allocated to the pod. Routable at least within - the cluster. Empty if not yet allocated. + description: |- + IP address allocated to the pod. Routable at least within the cluster. + Empty if not yet allocated. type: string podIPs: description: List of Ip addresses allocated to the pod. 0th entry @@ -73,23 +78,21 @@ spec: this pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string type: object type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index 88c97b78fe4..10fbe70604d 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpolicies.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index e30a7ee4f86..edefc082adf 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpoliciesnamespaced.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/pkg/k8s/apis/cilium.io/v1alpha1/version.go index e15f207706e..c7eda83ffe9 100644 --- a/pkg/k8s/apis/cilium.io/v1alpha1/version.go +++ b/pkg/k8s/apis/cilium.io/v1alpha1/version.go @@ -7,4 +7,4 @@ package v1alpha1 // Used to determine if CRD needs to be updated in cluster // // Developers: Bump patch for each change in the CRD schema. -const CustomResourceDefinitionSchemaVersion = "1.3.1" +const CustomResourceDefinitionSchemaVersion = "1.3.2" diff --git a/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go b/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go index 4cb28652cec..2650706cc4b 100644 --- a/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go +++ b/pkg/k8s/client/clientset/versioned/fake/clientset_generated.go @@ -18,8 +18,12 @@ import ( // NewSimpleClientset returns a clientset that will respond with the provided objects. // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, -// without applying any validations and/or defaults. It shouldn't be considered a replacement +// without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. +// +// DEPRECATED: NewClientset replaces this with support for field management, which significantly improves +// server side apply testing. NewClientset is only available when apply configurations are generated (e.g. +// via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) for _, obj := range objects { diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go index b33229b2114..12f1f4a5654 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_podinfo.go @@ -28,22 +28,24 @@ var podinfoKind = v1alpha1.SchemeGroupVersion.WithKind("PodInfo") // Get takes name of the podInfo, and returns the corresponding podInfo object, and an error if there is any. func (c *FakePodInfo) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewGetAction(podinfoResource, c.ns, name), &v1alpha1.PodInfo{}) + Invokes(testing.NewGetActionWithOptions(podinfoResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } // List takes label and field selectors, and returns the list of PodInfo that match those selectors. func (c *FakePodInfo) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PodInfoList, err error) { + emptyResult := &v1alpha1.PodInfoList{} obj, err := c.Fake. - Invokes(testing.NewListAction(podinfoResource, podinfoKind, c.ns, opts), &v1alpha1.PodInfoList{}) + Invokes(testing.NewListActionWithOptions(podinfoResource, podinfoKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -62,40 +64,43 @@ func (c *FakePodInfo) List(ctx context.Context, opts v1.ListOptions) (result *v1 // Watch returns a watch.Interface that watches the requested podInfo. func (c *FakePodInfo) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(podinfoResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(podinfoResource, c.ns, opts)) } // Create takes the representation of a podInfo and creates it. Returns the server's representation of the podInfo, and an error, if there is any. func (c *FakePodInfo) Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(podinfoResource, c.ns, podInfo), &v1alpha1.PodInfo{}) + Invokes(testing.NewCreateActionWithOptions(podinfoResource, c.ns, podInfo, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } // Update takes the representation of a podInfo and updates it. Returns the server's representation of the podInfo, and an error, if there is any. func (c *FakePodInfo) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(podinfoResource, c.ns, podInfo), &v1alpha1.PodInfo{}) + Invokes(testing.NewUpdateActionWithOptions(podinfoResource, c.ns, podInfo, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } // UpdateStatus was generated because the type contains a Status member. // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakePodInfo) UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) { +func (c *FakePodInfo) UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(podinfoResource, "status", c.ns, podInfo), &v1alpha1.PodInfo{}) + Invokes(testing.NewUpdateSubresourceActionWithOptions(podinfoResource, "status", c.ns, podInfo, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } @@ -110,7 +115,7 @@ func (c *FakePodInfo) Delete(ctx context.Context, name string, opts v1.DeleteOpt // DeleteCollection deletes a collection of objects. func (c *FakePodInfo) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(podinfoResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(podinfoResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1alpha1.PodInfoList{}) return err @@ -118,11 +123,12 @@ func (c *FakePodInfo) DeleteCollection(ctx context.Context, opts v1.DeleteOption // Patch applies the patch and returns the patched podInfo. func (c *FakePodInfo) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PodInfo, err error) { + emptyResult := &v1alpha1.PodInfo{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(podinfoResource, c.ns, name, pt, data, subresources...), &v1alpha1.PodInfo{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(podinfoResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.PodInfo), err } diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go index d0d0e206217..1f4ec91bf41 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicy.go @@ -27,20 +27,22 @@ var tracingpoliciesKind = v1alpha1.SchemeGroupVersion.WithKind("TracingPolicy") // Get takes name of the tracingPolicy, and returns the corresponding tracingPolicy object, and an error if there is any. func (c *FakeTracingPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicy, err error) { + emptyResult := &v1alpha1.TracingPolicy{} obj, err := c.Fake. - Invokes(testing.NewRootGetAction(tracingpoliciesResource, name), &v1alpha1.TracingPolicy{}) + Invokes(testing.NewRootGetActionWithOptions(tracingpoliciesResource, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicy), err } // List takes label and field selectors, and returns the list of TracingPolicies that match those selectors. func (c *FakeTracingPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyList, err error) { + emptyResult := &v1alpha1.TracingPolicyList{} obj, err := c.Fake. - Invokes(testing.NewRootListAction(tracingpoliciesResource, tracingpoliciesKind, opts), &v1alpha1.TracingPolicyList{}) + Invokes(testing.NewRootListActionWithOptions(tracingpoliciesResource, tracingpoliciesKind, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -59,25 +61,27 @@ func (c *FakeTracingPolicies) List(ctx context.Context, opts v1.ListOptions) (re // Watch returns a watch.Interface that watches the requested tracingPolicies. func (c *FakeTracingPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewRootWatchAction(tracingpoliciesResource, opts)) + InvokesWatch(testing.NewRootWatchActionWithOptions(tracingpoliciesResource, opts)) } // Create takes the representation of a tracingPolicy and creates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. func (c *FakeTracingPolicies) Create(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.CreateOptions) (result *v1alpha1.TracingPolicy, err error) { + emptyResult := &v1alpha1.TracingPolicy{} obj, err := c.Fake. - Invokes(testing.NewRootCreateAction(tracingpoliciesResource, tracingPolicy), &v1alpha1.TracingPolicy{}) + Invokes(testing.NewRootCreateActionWithOptions(tracingpoliciesResource, tracingPolicy, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicy), err } // Update takes the representation of a tracingPolicy and updates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. func (c *FakeTracingPolicies) Update(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicy, err error) { + emptyResult := &v1alpha1.TracingPolicy{} obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(tracingpoliciesResource, tracingPolicy), &v1alpha1.TracingPolicy{}) + Invokes(testing.NewRootUpdateActionWithOptions(tracingpoliciesResource, tracingPolicy, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicy), err } @@ -91,7 +95,7 @@ func (c *FakeTracingPolicies) Delete(ctx context.Context, name string, opts v1.D // DeleteCollection deletes a collection of objects. func (c *FakeTracingPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(tracingpoliciesResource, listOpts) + action := testing.NewRootDeleteCollectionActionWithOptions(tracingpoliciesResource, opts, listOpts) _, err := c.Fake.Invokes(action, &v1alpha1.TracingPolicyList{}) return err @@ -99,10 +103,11 @@ func (c *FakeTracingPolicies) DeleteCollection(ctx context.Context, opts v1.Dele // Patch applies the patch and returns the patched tracingPolicy. func (c *FakeTracingPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicy, err error) { + emptyResult := &v1alpha1.TracingPolicy{} obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(tracingpoliciesResource, name, pt, data, subresources...), &v1alpha1.TracingPolicy{}) + Invokes(testing.NewRootPatchSubresourceActionWithOptions(tracingpoliciesResource, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicy), err } diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go index aee9d1daa68..5e83163aea8 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/fake/fake_tracingpolicynamespaced.go @@ -28,22 +28,24 @@ var tracingpoliciesnamespacedKind = v1alpha1.SchemeGroupVersion.WithKind("Tracin // Get takes name of the tracingPolicyNamespaced, and returns the corresponding tracingPolicyNamespaced object, and an error if there is any. func (c *FakeTracingPoliciesNamespaced) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespaced{} obj, err := c.Fake. - Invokes(testing.NewGetAction(tracingpoliciesnamespacedResource, c.ns, name), &v1alpha1.TracingPolicyNamespaced{}) + Invokes(testing.NewGetActionWithOptions(tracingpoliciesnamespacedResource, c.ns, name, options), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicyNamespaced), err } // List takes label and field selectors, and returns the list of TracingPoliciesNamespaced that match those selectors. func (c *FakeTracingPoliciesNamespaced) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyNamespacedList, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespacedList{} obj, err := c.Fake. - Invokes(testing.NewListAction(tracingpoliciesnamespacedResource, tracingpoliciesnamespacedKind, c.ns, opts), &v1alpha1.TracingPolicyNamespacedList{}) + Invokes(testing.NewListActionWithOptions(tracingpoliciesnamespacedResource, tracingpoliciesnamespacedKind, c.ns, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } label, _, _ := testing.ExtractFromListOptions(opts) @@ -62,28 +64,30 @@ func (c *FakeTracingPoliciesNamespaced) List(ctx context.Context, opts v1.ListOp // Watch returns a watch.Interface that watches the requested tracingPoliciesNamespaced. func (c *FakeTracingPoliciesNamespaced) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(tracingpoliciesnamespacedResource, c.ns, opts)) + InvokesWatch(testing.NewWatchActionWithOptions(tracingpoliciesnamespacedResource, c.ns, opts)) } // Create takes the representation of a tracingPolicyNamespaced and creates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. func (c *FakeTracingPoliciesNamespaced) Create(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.CreateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespaced{} obj, err := c.Fake. - Invokes(testing.NewCreateAction(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced), &v1alpha1.TracingPolicyNamespaced{}) + Invokes(testing.NewCreateActionWithOptions(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicyNamespaced), err } // Update takes the representation of a tracingPolicyNamespaced and updates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. func (c *FakeTracingPoliciesNamespaced) Update(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespaced{} obj, err := c.Fake. - Invokes(testing.NewUpdateAction(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced), &v1alpha1.TracingPolicyNamespaced{}) + Invokes(testing.NewUpdateActionWithOptions(tracingpoliciesnamespacedResource, c.ns, tracingPolicyNamespaced, opts), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicyNamespaced), err } @@ -98,7 +102,7 @@ func (c *FakeTracingPoliciesNamespaced) Delete(ctx context.Context, name string, // DeleteCollection deletes a collection of objects. func (c *FakeTracingPoliciesNamespaced) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(tracingpoliciesnamespacedResource, c.ns, listOpts) + action := testing.NewDeleteCollectionActionWithOptions(tracingpoliciesnamespacedResource, c.ns, opts, listOpts) _, err := c.Fake.Invokes(action, &v1alpha1.TracingPolicyNamespacedList{}) return err @@ -106,11 +110,12 @@ func (c *FakeTracingPoliciesNamespaced) DeleteCollection(ctx context.Context, op // Patch applies the patch and returns the patched tracingPolicyNamespaced. func (c *FakeTracingPoliciesNamespaced) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicyNamespaced, err error) { + emptyResult := &v1alpha1.TracingPolicyNamespaced{} obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(tracingpoliciesnamespacedResource, c.ns, name, pt, data, subresources...), &v1alpha1.TracingPolicyNamespaced{}) + Invokes(testing.NewPatchSubresourceActionWithOptions(tracingpoliciesnamespacedResource, c.ns, name, pt, data, opts, subresources...), emptyResult) if obj == nil { - return nil, err + return emptyResult, err } return obj.(*v1alpha1.TracingPolicyNamespaced), err } diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go index 3701342df53..a13d03dbc14 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // PodInfoGetter has a method to return a PodInfoInterface. @@ -27,6 +26,7 @@ type PodInfoGetter interface { type PodInfoInterface interface { Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (*v1alpha1.PodInfo, error) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error @@ -39,144 +39,18 @@ type PodInfoInterface interface { // podInfo implements PodInfoInterface type podInfo struct { - client rest.Interface - ns string + *gentype.ClientWithList[*v1alpha1.PodInfo, *v1alpha1.PodInfoList] } // newPodInfo returns a PodInfo func newPodInfo(c *CiliumV1alpha1Client, namespace string) *podInfo { return &podInfo{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithList[*v1alpha1.PodInfo, *v1alpha1.PodInfoList]( + "podinfo", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.PodInfo { return &v1alpha1.PodInfo{} }, + func() *v1alpha1.PodInfoList { return &v1alpha1.PodInfoList{} }), } } - -// Get takes name of the podInfo, and returns the corresponding podInfo object, and an error if there is any. -func (c *podInfo) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of PodInfo that match those selectors. -func (c *podInfo) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PodInfoList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.PodInfoList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested podInfo. -func (c *podInfo) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a podInfo and creates it. Returns the server's representation of the podInfo, and an error, if there is any. -func (c *podInfo) Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Post(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a podInfo and updates it. Returns the server's representation of the podInfo, and an error, if there is any. -func (c *podInfo) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Put(). - Namespace(c.ns). - Resource("podinfo"). - Name(podInfo.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *podInfo) UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Put(). - Namespace(c.ns). - Resource("podinfo"). - Name(podInfo.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the podInfo and deletes it. Returns an error if one occurs. -func (c *podInfo) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *podInfo) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched podInfo. -func (c *podInfo) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go index c0f74d2bf88..d113bc64803 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // TracingPoliciesGetter has a method to return a TracingPolicyInterface. @@ -38,118 +37,18 @@ type TracingPolicyInterface interface { // tracingPolicies implements TracingPolicyInterface type tracingPolicies struct { - client rest.Interface + *gentype.ClientWithList[*v1alpha1.TracingPolicy, *v1alpha1.TracingPolicyList] } // newTracingPolicies returns a TracingPolicies func newTracingPolicies(c *CiliumV1alpha1Client) *tracingPolicies { return &tracingPolicies{ - client: c.RESTClient(), + gentype.NewClientWithList[*v1alpha1.TracingPolicy, *v1alpha1.TracingPolicyList]( + "tracingpolicies", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *v1alpha1.TracingPolicy { return &v1alpha1.TracingPolicy{} }, + func() *v1alpha1.TracingPolicyList { return &v1alpha1.TracingPolicyList{} }), } } - -// Get takes name of the tracingPolicy, and returns the corresponding tracingPolicy object, and an error if there is any. -func (c *tracingPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Get(). - Resource("tracingpolicies"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TracingPolicies that match those selectors. -func (c *tracingPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TracingPolicyList{} - err = c.client.Get(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tracingPolicies. -func (c *tracingPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a tracingPolicy and creates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. -func (c *tracingPolicies) Create(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.CreateOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Post(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicy). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a tracingPolicy and updates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. -func (c *tracingPolicies) Update(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Put(). - Resource("tracingpolicies"). - Name(tracingPolicy.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicy). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tracingPolicy and deletes it. Returns an error if one occurs. -func (c *tracingPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("tracingpolicies"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tracingPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("tracingpolicies"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tracingPolicy. -func (c *tracingPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Patch(pt). - Resource("tracingpolicies"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go index d36ae4ddfe3..a434f8d0b2c 100644 --- a/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go +++ b/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // TracingPoliciesNamespacedGetter has a method to return a TracingPolicyNamespacedInterface. @@ -38,128 +37,18 @@ type TracingPolicyNamespacedInterface interface { // tracingPoliciesNamespaced implements TracingPolicyNamespacedInterface type tracingPoliciesNamespaced struct { - client rest.Interface - ns string + *gentype.ClientWithList[*v1alpha1.TracingPolicyNamespaced, *v1alpha1.TracingPolicyNamespacedList] } // newTracingPoliciesNamespaced returns a TracingPoliciesNamespaced func newTracingPoliciesNamespaced(c *CiliumV1alpha1Client, namespace string) *tracingPoliciesNamespaced { return &tracingPoliciesNamespaced{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithList[*v1alpha1.TracingPolicyNamespaced, *v1alpha1.TracingPolicyNamespacedList]( + "tracingpoliciesnamespaced", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.TracingPolicyNamespaced { return &v1alpha1.TracingPolicyNamespaced{} }, + func() *v1alpha1.TracingPolicyNamespacedList { return &v1alpha1.TracingPolicyNamespacedList{} }), } } - -// Get takes name of the tracingPolicyNamespaced, and returns the corresponding tracingPolicyNamespaced object, and an error if there is any. -func (c *tracingPoliciesNamespaced) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TracingPoliciesNamespaced that match those selectors. -func (c *tracingPoliciesNamespaced) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyNamespacedList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TracingPolicyNamespacedList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tracingPoliciesNamespaced. -func (c *tracingPoliciesNamespaced) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a tracingPolicyNamespaced and creates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. -func (c *tracingPoliciesNamespaced) Create(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.CreateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Post(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicyNamespaced). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a tracingPolicyNamespaced and updates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. -func (c *tracingPoliciesNamespaced) Update(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Put(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(tracingPolicyNamespaced.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicyNamespaced). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tracingPolicyNamespaced and deletes it. Returns an error if one occurs. -func (c *tracingPoliciesNamespaced) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tracingPoliciesNamespaced) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tracingPolicyNamespaced. -func (c *tracingPoliciesNamespaced) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/pkg/k8s/client/informers/externalversions/factory.go b/pkg/k8s/client/informers/externalversions/factory.go index 94e07a7ff56..0b2fb5b75dc 100644 --- a/pkg/k8s/client/informers/externalversions/factory.go +++ b/pkg/k8s/client/informers/externalversions/factory.go @@ -215,6 +215,7 @@ type SharedInformerFactory interface { // Start initializes all requested informers. They are handled in goroutines // which run until the stop channel gets closed. + // Warning: Start does not block. When run in a go-routine, it will race with a later WaitForCacheSync. Start(stopCh <-chan struct{}) // Shutdown marks a factory as shutting down. At that point no new diff --git a/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go b/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go index c04d518f27a..0b8a176f085 100644 --- a/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go +++ b/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -25,25 +25,17 @@ type PodInfoLister interface { // podInfoLister implements the PodInfoLister interface. type podInfoLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.PodInfo] } // NewPodInfoLister returns a new PodInfoLister. func NewPodInfoLister(indexer cache.Indexer) PodInfoLister { - return &podInfoLister{indexer: indexer} -} - -// List lists all PodInfo in the indexer. -func (s *podInfoLister) List(selector labels.Selector) (ret []*v1alpha1.PodInfo, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodInfo)) - }) - return ret, err + return &podInfoLister{listers.New[*v1alpha1.PodInfo](indexer, v1alpha1.Resource("podinfo"))} } // PodInfo returns an object that can list and get PodInfo. func (s *podInfoLister) PodInfo(namespace string) PodInfoNamespaceLister { - return podInfoNamespaceLister{indexer: s.indexer, namespace: namespace} + return podInfoNamespaceLister{listers.NewNamespaced[*v1alpha1.PodInfo](s.ResourceIndexer, namespace)} } // PodInfoNamespaceLister helps list and get PodInfo. @@ -61,26 +53,5 @@ type PodInfoNamespaceLister interface { // podInfoNamespaceLister implements the PodInfoNamespaceLister // interface. type podInfoNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PodInfo in the indexer for a given namespace. -func (s podInfoNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PodInfo, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodInfo)) - }) - return ret, err -} - -// Get retrieves the PodInfo from the indexer for a given namespace and name. -func (s podInfoNamespaceLister) Get(name string) (*v1alpha1.PodInfo, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("podinfo"), name) - } - return obj.(*v1alpha1.PodInfo), nil + listers.ResourceIndexer[*v1alpha1.PodInfo] } diff --git a/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go b/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go index c6508bef6c4..871c1975755 100644 --- a/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go +++ b/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -26,30 +26,10 @@ type TracingPolicyLister interface { // tracingPolicyLister implements the TracingPolicyLister interface. type tracingPolicyLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.TracingPolicy] } // NewTracingPolicyLister returns a new TracingPolicyLister. func NewTracingPolicyLister(indexer cache.Indexer) TracingPolicyLister { - return &tracingPolicyLister{indexer: indexer} -} - -// List lists all TracingPolicies in the indexer. -func (s *tracingPolicyLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicy)) - }) - return ret, err -} - -// Get retrieves the TracingPolicy from the index for a given name. -func (s *tracingPolicyLister) Get(name string) (*v1alpha1.TracingPolicy, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tracingpolicy"), name) - } - return obj.(*v1alpha1.TracingPolicy), nil + return &tracingPolicyLister{listers.New[*v1alpha1.TracingPolicy](indexer, v1alpha1.Resource("tracingpolicy"))} } diff --git a/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go b/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go index 98ca107ff9c..48f01b05d55 100644 --- a/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go +++ b/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -25,25 +25,17 @@ type TracingPolicyNamespacedLister interface { // tracingPolicyNamespacedLister implements the TracingPolicyNamespacedLister interface. type tracingPolicyNamespacedLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.TracingPolicyNamespaced] } // NewTracingPolicyNamespacedLister returns a new TracingPolicyNamespacedLister. func NewTracingPolicyNamespacedLister(indexer cache.Indexer) TracingPolicyNamespacedLister { - return &tracingPolicyNamespacedLister{indexer: indexer} -} - -// List lists all TracingPoliciesNamespaced in the indexer. -func (s *tracingPolicyNamespacedLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicyNamespaced, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicyNamespaced)) - }) - return ret, err + return &tracingPolicyNamespacedLister{listers.New[*v1alpha1.TracingPolicyNamespaced](indexer, v1alpha1.Resource("tracingpolicynamespaced"))} } // TracingPoliciesNamespaced returns an object that can list and get TracingPoliciesNamespaced. func (s *tracingPolicyNamespacedLister) TracingPoliciesNamespaced(namespace string) TracingPolicyNamespacedNamespaceLister { - return tracingPolicyNamespacedNamespaceLister{indexer: s.indexer, namespace: namespace} + return tracingPolicyNamespacedNamespaceLister{listers.NewNamespaced[*v1alpha1.TracingPolicyNamespaced](s.ResourceIndexer, namespace)} } // TracingPolicyNamespacedNamespaceLister helps list and get TracingPoliciesNamespaced. @@ -61,26 +53,5 @@ type TracingPolicyNamespacedNamespaceLister interface { // tracingPolicyNamespacedNamespaceLister implements the TracingPolicyNamespacedNamespaceLister // interface. type tracingPolicyNamespacedNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all TracingPoliciesNamespaced in the indexer for a given namespace. -func (s tracingPolicyNamespacedNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicyNamespaced, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicyNamespaced)) - }) - return ret, err -} - -// Get retrieves the TracingPolicyNamespaced from the indexer for a given namespace and name. -func (s tracingPolicyNamespacedNamespaceLister) Get(name string) (*v1alpha1.TracingPolicyNamespaced, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tracingpolicynamespaced"), name) - } - return obj.(*v1alpha1.TracingPolicyNamespaced), nil + listers.ResourceIndexer[*v1alpha1.TracingPolicyNamespaced] } diff --git a/pkg/k8s/vendor/k8s.io/client-go/listers/doc.go b/pkg/k8s/vendor/k8s.io/client-go/listers/doc.go new file mode 100644 index 00000000000..96c330c9311 --- /dev/null +++ b/pkg/k8s/vendor/k8s.io/client-go/listers/doc.go @@ -0,0 +1,18 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package listers provides generated listers for Kubernetes APIs. +package listers // import "k8s.io/client-go/listers" diff --git a/pkg/k8s/vendor/k8s.io/client-go/listers/generic_helpers.go b/pkg/k8s/vendor/k8s.io/client-go/listers/generic_helpers.go new file mode 100644 index 00000000000..c69bb22b11e --- /dev/null +++ b/pkg/k8s/vendor/k8s.io/client-go/listers/generic_helpers.go @@ -0,0 +1,72 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package listers + +import ( + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/tools/cache" +) + +// ResourceIndexer wraps an indexer, resource, and optional namespace for a given type. +// This is intended for use by listers (generated by lister-gen) only. +type ResourceIndexer[T runtime.Object] struct { + indexer cache.Indexer + resource schema.GroupResource + namespace string // empty for non-namespaced types +} + +// New returns a new instance of a lister (resource indexer) wrapping the given indexer and resource for the specified type. +// This is intended for use by listers (generated by lister-gen) only. +func New[T runtime.Object](indexer cache.Indexer, resource schema.GroupResource) ResourceIndexer[T] { + return ResourceIndexer[T]{indexer: indexer, resource: resource} +} + +// NewNamespaced returns a new instance of a namespaced lister (resource indexer) wrapping the given parent and namespace for the specified type. +// This is intended for use by listers (generated by lister-gen) only. +func NewNamespaced[T runtime.Object](parent ResourceIndexer[T], namespace string) ResourceIndexer[T] { + return ResourceIndexer[T]{indexer: parent.indexer, resource: parent.resource, namespace: namespace} +} + +// List lists all resources in the indexer matching the given selector. +func (l ResourceIndexer[T]) List(selector labels.Selector) (ret []T, err error) { + // ListAllByNamespace reverts to ListAll on empty namespaces + err = cache.ListAllByNamespace(l.indexer, l.namespace, selector, func(m interface{}) { + ret = append(ret, m.(T)) + }) + return ret, err +} + +// Get retrieves the resource from the index for a given name. +func (l ResourceIndexer[T]) Get(name string) (T, error) { + var key string + if l.namespace == "" { + key = name + } else { + key = l.namespace + "/" + name + } + obj, exists, err := l.indexer.GetByKey(key) + if err != nil { + return *new(T), err + } + if !exists { + return *new(T), errors.NewNotFound(l.resource, name) + } + return obj.(T), nil +} diff --git a/pkg/k8s/vendor/modules.txt b/pkg/k8s/vendor/modules.txt index 4118874e527..cd2cd2d661e 100644 --- a/pkg/k8s/vendor/modules.txt +++ b/pkg/k8s/vendor/modules.txt @@ -465,6 +465,7 @@ k8s.io/client-go/kubernetes/typed/storage/v1 k8s.io/client-go/kubernetes/typed/storage/v1alpha1 k8s.io/client-go/kubernetes/typed/storage/v1beta1 k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1 +k8s.io/client-go/listers k8s.io/client-go/openapi k8s.io/client-go/pkg/apis/clientauthentication k8s.io/client-go/pkg/apis/clientauthentication/install diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml index 776419be4f7..80b95737864 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_podinfo.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: podinfo.cilium.io spec: group: cilium.io @@ -21,30 +20,36 @@ spec: description: PodInfo is the Scheme for the Podinfo API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: hostNetwork: - description: Host networking requested for this pod. Use the host's - network namespace. If this option is set, the ports that will be - used must be specified. + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. type: boolean type: object status: properties: podIP: - description: IP address allocated to the pod. Routable at least within - the cluster. Empty if not yet allocated. + description: |- + IP address allocated to the pod. Routable at least within the cluster. + Empty if not yet allocated. type: string podIPs: description: List of Ip addresses allocated to the pod. 0th entry @@ -73,23 +78,21 @@ spec: this pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string type: object type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index 88c97b78fe4..10fbe70604d 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpolicies.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index e30a7ee4f86..edefc082adf 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.4-0.20240923084800-3b70a40398f4 name: tracingpoliciesnamespaced.cilium.io spec: group: cilium.io @@ -20,14 +19,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,28 +39,28 @@ spec: description: Tracing policy specification. properties: containerSelector: - description: ContainerSelector selects containers that this policy - applies to. A map of container fields will be constructed in the - same way as a map of labels. The name of the field represents the - label "key", and the value of the field - label "value". Currently, - only the "name" field is supported. + description: |- + ContainerSelector selects containers that this policy applies to. + A map of container fields will be constructed in the same way as a map of labels. + The name of the field represents the label "key", and the value of the field - label "value". + Currently, only the "name" field is supported. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -64,19 +68,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -84,13 +90,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic enforcers: description: A enforcer spec. items: @@ -123,27 +129,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -200,9 +204,9 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string return: default: false @@ -222,26 +226,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch at - most 4096 bytes. In later kernels (>=5.4) tetragon supports - fetching up to 327360 bytes if this flag is turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and char_iovec - types. It indicates that this argument should be read - later (when the kretprobe for the symbol is triggered) - because it might not be populated when the kprobe is triggered - at the entrance of the function. For example, a buffer - supplied to read(2) won't have content until kretprobe - is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used only - for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -294,16 +297,17 @@ spec: - type type: object returnArgAction: - description: 'An action to perform on the return argument. Available - actions are: Post;TrackSock;UntrackSock' + description: |- + An action to perform on the return argument. + Available actions are: Post;TrackSock;UntrackSock type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -362,22 +366,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -681,22 +682,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -766,8 +764,9 @@ spec: description: Indicates whether the traced function is a syscall. type: boolean tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -827,27 +826,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -904,17 +901,17 @@ spec: description: Name of the function to apply the kprobe spec to. type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -973,22 +970,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1292,22 +1286,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1373,8 +1364,9 @@ spec: type: object type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -1404,18 +1396,18 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn @@ -1423,19 +1415,21 @@ spec: - DoesNotExist type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the @@ -1443,13 +1437,13 @@ spec: maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tracepoints: description: A list of tracepoint specs. items: @@ -1469,27 +1463,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -1546,17 +1538,17 @@ spec: description: Tracepoint event type: string message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string selectors: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -1615,22 +1607,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -1934,22 +1923,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2018,8 +2004,9 @@ spec: description: Tracepoint subsystem type: string tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2048,27 +2035,25 @@ spec: type: string maxData: default: false - description: Read maximum possible data (currently 327360). - This field is only used for char_buff data. When this - value is false (default), the bpf program will fetch - at most 4096 bytes. In later kernels (>=5.4) tetragon - supports fetching up to 327360 bytes if this flag is - turned on + description: |- + Read maximum possible data (currently 327360). This field is only used + for char_buff data. When this value is false (default), the bpf program + will fetch at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is turned on type: boolean returnCopy: default: false - description: This field is used only for char_buf and - char_iovec types. It indicates that this argument should - be read later (when the kretprobe for the symbol is - triggered) because it might not be populated when the - kprobe is triggered at the entrance of the function. - For example, a buffer supplied to read(2) won't have - content until kretprobe is triggered. + description: |- + This field is used only for char_buf and char_iovec types. It indicates + that this argument should be read later (when the kretprobe for the + symbol is triggered) because it might not be populated when the kprobe + is triggered at the entrance of the function. For example, a buffer + supplied to read(2) won't have content until kretprobe is triggered. type: boolean sizeArgIndex: - description: Specifies the position of the corresponding - size argument for this argument. This field is used - only for char_buf and char_iovec types. + description: |- + Specifies the position of the corresponding size argument for this argument. + This field is used only for char_buf and char_iovec types. format: int32 minimum: 0 type: integer @@ -2122,9 +2107,9 @@ spec: type: object type: array message: - description: A short message of 256 characters max that will - be included in the event output to inform users what is going - on. + description: |- + A short message of 256 characters max that will be included + in the event output to inform users what is going on. type: string path: description: Name of the traced binary @@ -2133,9 +2118,9 @@ spec: description: Selectors to apply before producing trace output. Selectors are ORed. items: - description: KProbeSelector selects function calls for kprobe - based on PIDs and function arguments. The results of MatchPIDs - and MatchArgs are ANDed. + description: |- + KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The + results of MatchPIDs and MatchArgs are ANDed. properties: matchActions: description: A list of actions to execute when this selector @@ -2194,22 +2179,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2513,22 +2495,19 @@ spec: valid with the post action. type: boolean rateLimit: - description: A time period within which repeated - messages will not be posted. Can be specified - in seconds (default or with 's' suffix), minutes - ('m' suffix) or hours ('h' suffix). Only valid - with the post action. + description: |- + A time period within which repeated messages will not be posted. Can be + specified in seconds (default or with 's' suffix), minutes ('m' suffix) + or hours ('h' suffix). Only valid with the post action. type: string rateLimitScope: - description: The scope of the provided rate limit - argument. Can be "thread" (default), "process" - (all threads for the same process), or "global". - If "thread" is selected then rate limiting applies - per thread; if "process" is selected then rate - limiting applies per process; if "global" is selected - then rate limiting applies regardless of which - process or thread caused the action. Only valid - with the post action and with a rateLimit specified. + description: |- + The scope of the provided rate limit argument. Can be "thread" (default), + "process" (all threads for the same process), or "global". If "thread" is + selected then rate limiting applies per thread; if "process" is selected + then rate limiting applies per process; if "global" is selected then rate + limiting applies regardless of which process or thread caused the action. + Only valid with the post action and with a rateLimit specified. type: string userStackTrace: description: Enable user stack trace export. Only @@ -2599,8 +2578,9 @@ spec: type: string type: array tags: - description: Tags to categorize the event, will be include in - the event output. Maximum of 16 Tags are supported. + description: |- + Tags to categorize the event, will be include in the event output. + Maximum of 16 Tags are supported. items: type: string maxItems: 16 @@ -2617,9 +2597,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go index e15f207706e..c7eda83ffe9 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go @@ -7,4 +7,4 @@ package v1alpha1 // Used to determine if CRD needs to be updated in cluster // // Developers: Bump patch for each change in the CRD schema. -const CustomResourceDefinitionSchemaVersion = "1.3.1" +const CustomResourceDefinitionSchemaVersion = "1.3.2" diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go index 3701342df53..a13d03dbc14 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/podinfo.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // PodInfoGetter has a method to return a PodInfoInterface. @@ -27,6 +26,7 @@ type PodInfoGetter interface { type PodInfoInterface interface { Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (*v1alpha1.PodInfo, error) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (*v1alpha1.PodInfo, error) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error @@ -39,144 +39,18 @@ type PodInfoInterface interface { // podInfo implements PodInfoInterface type podInfo struct { - client rest.Interface - ns string + *gentype.ClientWithList[*v1alpha1.PodInfo, *v1alpha1.PodInfoList] } // newPodInfo returns a PodInfo func newPodInfo(c *CiliumV1alpha1Client, namespace string) *podInfo { return &podInfo{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithList[*v1alpha1.PodInfo, *v1alpha1.PodInfoList]( + "podinfo", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.PodInfo { return &v1alpha1.PodInfo{} }, + func() *v1alpha1.PodInfoList { return &v1alpha1.PodInfoList{} }), } } - -// Get takes name of the podInfo, and returns the corresponding podInfo object, and an error if there is any. -func (c *podInfo) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of PodInfo that match those selectors. -func (c *podInfo) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PodInfoList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.PodInfoList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested podInfo. -func (c *podInfo) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a podInfo and creates it. Returns the server's representation of the podInfo, and an error, if there is any. -func (c *podInfo) Create(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.CreateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Post(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a podInfo and updates it. Returns the server's representation of the podInfo, and an error, if there is any. -func (c *podInfo) Update(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Put(). - Namespace(c.ns). - Resource("podinfo"). - Name(podInfo.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *podInfo) UpdateStatus(ctx context.Context, podInfo *v1alpha1.PodInfo, opts v1.UpdateOptions) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Put(). - Namespace(c.ns). - Resource("podinfo"). - Name(podInfo.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(podInfo). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the podInfo and deletes it. Returns an error if one occurs. -func (c *podInfo) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *podInfo) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("podinfo"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched podInfo. -func (c *podInfo) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PodInfo, err error) { - result = &v1alpha1.PodInfo{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("podinfo"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go index c0f74d2bf88..d113bc64803 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicy.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // TracingPoliciesGetter has a method to return a TracingPolicyInterface. @@ -38,118 +37,18 @@ type TracingPolicyInterface interface { // tracingPolicies implements TracingPolicyInterface type tracingPolicies struct { - client rest.Interface + *gentype.ClientWithList[*v1alpha1.TracingPolicy, *v1alpha1.TracingPolicyList] } // newTracingPolicies returns a TracingPolicies func newTracingPolicies(c *CiliumV1alpha1Client) *tracingPolicies { return &tracingPolicies{ - client: c.RESTClient(), + gentype.NewClientWithList[*v1alpha1.TracingPolicy, *v1alpha1.TracingPolicyList]( + "tracingpolicies", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *v1alpha1.TracingPolicy { return &v1alpha1.TracingPolicy{} }, + func() *v1alpha1.TracingPolicyList { return &v1alpha1.TracingPolicyList{} }), } } - -// Get takes name of the tracingPolicy, and returns the corresponding tracingPolicy object, and an error if there is any. -func (c *tracingPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Get(). - Resource("tracingpolicies"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TracingPolicies that match those selectors. -func (c *tracingPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TracingPolicyList{} - err = c.client.Get(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tracingPolicies. -func (c *tracingPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a tracingPolicy and creates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. -func (c *tracingPolicies) Create(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.CreateOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Post(). - Resource("tracingpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicy). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a tracingPolicy and updates it. Returns the server's representation of the tracingPolicy, and an error, if there is any. -func (c *tracingPolicies) Update(ctx context.Context, tracingPolicy *v1alpha1.TracingPolicy, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Put(). - Resource("tracingpolicies"). - Name(tracingPolicy.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicy). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tracingPolicy and deletes it. Returns an error if one occurs. -func (c *tracingPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("tracingpolicies"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tracingPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("tracingpolicies"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tracingPolicy. -func (c *tracingPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicy, err error) { - result = &v1alpha1.TracingPolicy{} - err = c.client.Patch(pt). - Resource("tracingpolicies"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go index d36ae4ddfe3..a434f8d0b2c 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/typed/cilium.io/v1alpha1/tracingpolicynamespaced.go @@ -7,14 +7,13 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" scheme "github.com/cilium/tetragon/pkg/k8s/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" + gentype "k8s.io/client-go/gentype" ) // TracingPoliciesNamespacedGetter has a method to return a TracingPolicyNamespacedInterface. @@ -38,128 +37,18 @@ type TracingPolicyNamespacedInterface interface { // tracingPoliciesNamespaced implements TracingPolicyNamespacedInterface type tracingPoliciesNamespaced struct { - client rest.Interface - ns string + *gentype.ClientWithList[*v1alpha1.TracingPolicyNamespaced, *v1alpha1.TracingPolicyNamespacedList] } // newTracingPoliciesNamespaced returns a TracingPoliciesNamespaced func newTracingPoliciesNamespaced(c *CiliumV1alpha1Client, namespace string) *tracingPoliciesNamespaced { return &tracingPoliciesNamespaced{ - client: c.RESTClient(), - ns: namespace, + gentype.NewClientWithList[*v1alpha1.TracingPolicyNamespaced, *v1alpha1.TracingPolicyNamespacedList]( + "tracingpoliciesnamespaced", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.TracingPolicyNamespaced { return &v1alpha1.TracingPolicyNamespaced{} }, + func() *v1alpha1.TracingPolicyNamespacedList { return &v1alpha1.TracingPolicyNamespacedList{} }), } } - -// Get takes name of the tracingPolicyNamespaced, and returns the corresponding tracingPolicyNamespaced object, and an error if there is any. -func (c *tracingPoliciesNamespaced) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TracingPoliciesNamespaced that match those selectors. -func (c *tracingPoliciesNamespaced) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TracingPolicyNamespacedList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TracingPolicyNamespacedList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tracingPoliciesNamespaced. -func (c *tracingPoliciesNamespaced) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a tracingPolicyNamespaced and creates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. -func (c *tracingPoliciesNamespaced) Create(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.CreateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Post(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicyNamespaced). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a tracingPolicyNamespaced and updates it. Returns the server's representation of the tracingPolicyNamespaced, and an error, if there is any. -func (c *tracingPoliciesNamespaced) Update(ctx context.Context, tracingPolicyNamespaced *v1alpha1.TracingPolicyNamespaced, opts v1.UpdateOptions) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Put(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(tracingPolicyNamespaced.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tracingPolicyNamespaced). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tracingPolicyNamespaced and deletes it. Returns an error if one occurs. -func (c *tracingPoliciesNamespaced) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tracingPoliciesNamespaced) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tracingPolicyNamespaced. -func (c *tracingPoliciesNamespaced) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TracingPolicyNamespaced, err error) { - result = &v1alpha1.TracingPolicyNamespaced{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("tracingpoliciesnamespaced"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/factory.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/factory.go index 94e07a7ff56..0b2fb5b75dc 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/factory.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/informers/externalversions/factory.go @@ -215,6 +215,7 @@ type SharedInformerFactory interface { // Start initializes all requested informers. They are handled in goroutines // which run until the stop channel gets closed. + // Warning: Start does not block. When run in a go-routine, it will race with a later WaitForCacheSync. Start(stopCh <-chan struct{}) // Shutdown marks a factory as shutting down. At that point no new diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go index c04d518f27a..0b8a176f085 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/podinfo.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -25,25 +25,17 @@ type PodInfoLister interface { // podInfoLister implements the PodInfoLister interface. type podInfoLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.PodInfo] } // NewPodInfoLister returns a new PodInfoLister. func NewPodInfoLister(indexer cache.Indexer) PodInfoLister { - return &podInfoLister{indexer: indexer} -} - -// List lists all PodInfo in the indexer. -func (s *podInfoLister) List(selector labels.Selector) (ret []*v1alpha1.PodInfo, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodInfo)) - }) - return ret, err + return &podInfoLister{listers.New[*v1alpha1.PodInfo](indexer, v1alpha1.Resource("podinfo"))} } // PodInfo returns an object that can list and get PodInfo. func (s *podInfoLister) PodInfo(namespace string) PodInfoNamespaceLister { - return podInfoNamespaceLister{indexer: s.indexer, namespace: namespace} + return podInfoNamespaceLister{listers.NewNamespaced[*v1alpha1.PodInfo](s.ResourceIndexer, namespace)} } // PodInfoNamespaceLister helps list and get PodInfo. @@ -61,26 +53,5 @@ type PodInfoNamespaceLister interface { // podInfoNamespaceLister implements the PodInfoNamespaceLister // interface. type podInfoNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all PodInfo in the indexer for a given namespace. -func (s podInfoNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PodInfo, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.PodInfo)) - }) - return ret, err -} - -// Get retrieves the PodInfo from the indexer for a given namespace and name. -func (s podInfoNamespaceLister) Get(name string) (*v1alpha1.PodInfo, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("podinfo"), name) - } - return obj.(*v1alpha1.PodInfo), nil + listers.ResourceIndexer[*v1alpha1.PodInfo] } diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go index c6508bef6c4..871c1975755 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicy.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -26,30 +26,10 @@ type TracingPolicyLister interface { // tracingPolicyLister implements the TracingPolicyLister interface. type tracingPolicyLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.TracingPolicy] } // NewTracingPolicyLister returns a new TracingPolicyLister. func NewTracingPolicyLister(indexer cache.Indexer) TracingPolicyLister { - return &tracingPolicyLister{indexer: indexer} -} - -// List lists all TracingPolicies in the indexer. -func (s *tracingPolicyLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicy)) - }) - return ret, err -} - -// Get retrieves the TracingPolicy from the index for a given name. -func (s *tracingPolicyLister) Get(name string) (*v1alpha1.TracingPolicy, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tracingpolicy"), name) - } - return obj.(*v1alpha1.TracingPolicy), nil + return &tracingPolicyLister{listers.New[*v1alpha1.TracingPolicy](indexer, v1alpha1.Resource("tracingpolicy"))} } diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go index 98ca107ff9c..48f01b05d55 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/client/listers/cilium.io/v1alpha1/tracingpolicynamespaced.go @@ -7,8 +7,8 @@ package v1alpha1 import ( v1alpha1 "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" "k8s.io/client-go/tools/cache" ) @@ -25,25 +25,17 @@ type TracingPolicyNamespacedLister interface { // tracingPolicyNamespacedLister implements the TracingPolicyNamespacedLister interface. type tracingPolicyNamespacedLister struct { - indexer cache.Indexer + listers.ResourceIndexer[*v1alpha1.TracingPolicyNamespaced] } // NewTracingPolicyNamespacedLister returns a new TracingPolicyNamespacedLister. func NewTracingPolicyNamespacedLister(indexer cache.Indexer) TracingPolicyNamespacedLister { - return &tracingPolicyNamespacedLister{indexer: indexer} -} - -// List lists all TracingPoliciesNamespaced in the indexer. -func (s *tracingPolicyNamespacedLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicyNamespaced, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicyNamespaced)) - }) - return ret, err + return &tracingPolicyNamespacedLister{listers.New[*v1alpha1.TracingPolicyNamespaced](indexer, v1alpha1.Resource("tracingpolicynamespaced"))} } // TracingPoliciesNamespaced returns an object that can list and get TracingPoliciesNamespaced. func (s *tracingPolicyNamespacedLister) TracingPoliciesNamespaced(namespace string) TracingPolicyNamespacedNamespaceLister { - return tracingPolicyNamespacedNamespaceLister{indexer: s.indexer, namespace: namespace} + return tracingPolicyNamespacedNamespaceLister{listers.NewNamespaced[*v1alpha1.TracingPolicyNamespaced](s.ResourceIndexer, namespace)} } // TracingPolicyNamespacedNamespaceLister helps list and get TracingPoliciesNamespaced. @@ -61,26 +53,5 @@ type TracingPolicyNamespacedNamespaceLister interface { // tracingPolicyNamespacedNamespaceLister implements the TracingPolicyNamespacedNamespaceLister // interface. type tracingPolicyNamespacedNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all TracingPoliciesNamespaced in the indexer for a given namespace. -func (s tracingPolicyNamespacedNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TracingPolicyNamespaced, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TracingPolicyNamespaced)) - }) - return ret, err -} - -// Get retrieves the TracingPolicyNamespaced from the indexer for a given namespace and name. -func (s tracingPolicyNamespacedNamespaceLister) Get(name string) (*v1alpha1.TracingPolicyNamespaced, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tracingpolicynamespaced"), name) - } - return obj.(*v1alpha1.TracingPolicyNamespaced), nil + listers.ResourceIndexer[*v1alpha1.TracingPolicyNamespaced] }