@@ -19888,6 +19888,237 @@ spec:
1988819888 - name
1988919889 type: object
1989019890 type: array
19891+ systemCATrust:
19892+ description: Custom certificates to inject into the repo server
19893+ container and its plugins to trust source hosting sites
19894+ properties:
19895+ clusterTrustBundles:
19896+ description: ClusterTrustBundles is a list of projected ClusterTrustBundle
19897+ volume definitions from where to take the trust certs.
19898+ items:
19899+ description: |-
19900+ ClusterTrustBundleProjection describes how to select a set of
19901+ ClusterTrustBundle objects and project their contents into the pod
19902+ filesystem.
19903+ properties:
19904+ labelSelector:
19905+ description: |-
19906+ Select all ClusterTrustBundles that match this label selector. Only has
19907+ effect if signerName is set. Mutually-exclusive with name. If unset,
19908+ interpreted as "match nothing". If set but empty, interpreted as "match
19909+ everything".
19910+ properties:
19911+ matchExpressions:
19912+ description: matchExpressions is a list of label
19913+ selector requirements. The requirements are ANDed.
19914+ items:
19915+ description: |-
19916+ A label selector requirement is a selector that contains values, a key, and an operator that
19917+ relates the key and values.
19918+ properties:
19919+ key:
19920+ description: key is the label key that the
19921+ selector applies to.
19922+ type: string
19923+ operator:
19924+ description: |-
19925+ operator represents a key's relationship to a set of values.
19926+ Valid operators are In, NotIn, Exists and DoesNotExist.
19927+ type: string
19928+ values:
19929+ description: |-
19930+ values is an array of string values. If the operator is In or NotIn,
19931+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
19932+ the values array must be empty. This array is replaced during a strategic
19933+ merge patch.
19934+ items:
19935+ type: string
19936+ type: array
19937+ x-kubernetes-list-type: atomic
19938+ required:
19939+ - key
19940+ - operator
19941+ type: object
19942+ type: array
19943+ x-kubernetes-list-type: atomic
19944+ matchLabels:
19945+ additionalProperties:
19946+ type: string
19947+ description: |-
19948+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
19949+ map is equivalent to an element of matchExpressions, whose key field is "key", the
19950+ operator is "In", and the values array contains only "value". The requirements are ANDed.
19951+ type: object
19952+ type: object
19953+ x-kubernetes-map-type: atomic
19954+ name:
19955+ description: |-
19956+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
19957+ with signerName and labelSelector.
19958+ type: string
19959+ optional:
19960+ description: |-
19961+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
19962+ aren't available. If using name, then the named ClusterTrustBundle is
19963+ allowed not to exist. If using signerName, then the combination of
19964+ signerName and labelSelector is allowed to match zero
19965+ ClusterTrustBundles.
19966+ type: boolean
19967+ path:
19968+ description: Relative path from the volume root to write
19969+ the bundle.
19970+ type: string
19971+ signerName:
19972+ description: |-
19973+ Select all ClusterTrustBundles that match this signer name.
19974+ Mutually-exclusive with name. The contents of all selected
19975+ ClusterTrustBundles will be unified and deduplicated.
19976+ type: string
19977+ required:
19978+ - path
19979+ type: object
19980+ type: array
19981+ configMaps:
19982+ description: ConfigMaps is a list of projected ConfigMap volume
19983+ definitions from where to take the trust certs.
19984+ items:
19985+ description: |-
19986+ Adapts a ConfigMap into a projected volume.
19987+
19988+ The contents of the target ConfigMap's Data field will be presented in a
19989+ projected volume as files using the keys in the Data field as the file names,
19990+ unless the items element is populated with specific mappings of keys to paths.
19991+ Note that this is identical to a configmap volume source without the default
19992+ mode.
19993+ properties:
19994+ items:
19995+ description: |-
19996+ items if unspecified, each key-value pair in the Data field of the referenced
19997+ ConfigMap will be projected into the volume as a file whose name is the
19998+ key and content is the value. If specified, the listed keys will be
19999+ projected into the specified paths, and unlisted keys will not be
20000+ present. If a key is specified which is not present in the ConfigMap,
20001+ the volume setup will error unless it is marked optional. Paths must be
20002+ relative and may not contain the '..' path or start with '..'.
20003+ items:
20004+ description: Maps a string key to a path within a
20005+ volume.
20006+ properties:
20007+ key:
20008+ description: key is the key to project.
20009+ type: string
20010+ mode:
20011+ description: |-
20012+ mode is Optional: mode bits used to set permissions on this file.
20013+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
20014+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
20015+ If not specified, the volume defaultMode will be used.
20016+ This might be in conflict with other options that affect the file
20017+ mode, like fsGroup, and the result can be other mode bits set.
20018+ format: int32
20019+ type: integer
20020+ path:
20021+ description: |-
20022+ path is the relative path of the file to map the key to.
20023+ May not be an absolute path.
20024+ May not contain the path element '..'.
20025+ May not start with the string '..'.
20026+ type: string
20027+ required:
20028+ - key
20029+ - path
20030+ type: object
20031+ type: array
20032+ x-kubernetes-list-type: atomic
20033+ name:
20034+ default: ""
20035+ description: |-
20036+ Name of the referent.
20037+ This field is effectively required, but due to backwards compatibility is
20038+ allowed to be empty. Instances of this type with an empty value here are
20039+ almost certainly wrong.
20040+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
20041+ type: string
20042+ optional:
20043+ description: optional specify whether the ConfigMap
20044+ or its keys must be defined
20045+ type: boolean
20046+ type: object
20047+ x-kubernetes-map-type: atomic
20048+ type: array
20049+ dropImageCertificates:
20050+ description: DropImageCertificates will remove all certs that
20051+ are present in the image, leaving only those explicitly
20052+ configured here.
20053+ type: boolean
20054+ secrets:
20055+ description: Secrets is a list of projected Secret volume
20056+ definitions from where to take the trust certs.
20057+ items:
20058+ description: |-
20059+ Adapts a secret into a projected volume.
20060+
20061+ The contents of the target Secret's Data field will be presented in a
20062+ projected volume as files using the keys in the Data field as the file names.
20063+ Note that this is identical to a secret volume source without the default
20064+ mode.
20065+ properties:
20066+ items:
20067+ description: |-
20068+ items if unspecified, each key-value pair in the Data field of the referenced
20069+ Secret will be projected into the volume as a file whose name is the
20070+ key and content is the value. If specified, the listed keys will be
20071+ projected into the specified paths, and unlisted keys will not be
20072+ present. If a key is specified which is not present in the Secret,
20073+ the volume setup will error unless it is marked optional. Paths must be
20074+ relative and may not contain the '..' path or start with '..'.
20075+ items:
20076+ description: Maps a string key to a path within a
20077+ volume.
20078+ properties:
20079+ key:
20080+ description: key is the key to project.
20081+ type: string
20082+ mode:
20083+ description: |-
20084+ mode is Optional: mode bits used to set permissions on this file.
20085+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
20086+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
20087+ If not specified, the volume defaultMode will be used.
20088+ This might be in conflict with other options that affect the file
20089+ mode, like fsGroup, and the result can be other mode bits set.
20090+ format: int32
20091+ type: integer
20092+ path:
20093+ description: |-
20094+ path is the relative path of the file to map the key to.
20095+ May not be an absolute path.
20096+ May not contain the path element '..'.
20097+ May not start with the string '..'.
20098+ type: string
20099+ required:
20100+ - key
20101+ - path
20102+ type: object
20103+ type: array
20104+ x-kubernetes-list-type: atomic
20105+ name:
20106+ default: ""
20107+ description: |-
20108+ Name of the referent.
20109+ This field is effectively required, but due to backwards compatibility is
20110+ allowed to be empty. Instances of this type with an empty value here are
20111+ almost certainly wrong.
20112+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
20113+ type: string
20114+ optional:
20115+ description: optional field specify whether the Secret
20116+ or its key must be defined
20117+ type: boolean
20118+ type: object
20119+ x-kubernetes-map-type: atomic
20120+ type: array
20121+ type: object
1989120122 verifytls:
1989220123 description: VerifyTLS defines whether repo server API should
1989320124 be accessed using strict TLS validation
0 commit comments