Merge pull request #256 from kcl-lang/kubevirt-0.3.0

chore: bump kubevirt 0.3.0
kcl-lang · Nov 4, 2024 · e0324e3 · e0324e3
2 parents fbdf0be + a8b4a20
commit e0324e3
Show file tree

Hide file tree

Showing 36 changed files with 27,337 additions and 936 deletions.
diff --git a/kubevirt/README.md b/kubevirt/README.md
@@ -4,5 +4,5 @@
 
 ## Resource
 
-+ Code sources are [here](https://github.com/kcl-lang/artifacthub/tree/main/kubevirt)
-+ Reference documents are [here][https://github.com/kcl-lang/artifacthub/tree/main/kubevirt/docs]
++ Code sources are [here](https://github.com/kcl-lang/modules/tree/main/kubevirt)
++ Reference documents are [here][https://github.com/kcl-lang/modules/tree/main/kubevirt/docs]
diff --git a/kubevirt/crds/kubevirt.yaml b/kubevirt/crds/kubevirt.yaml
diff --git a/kubevirt/docs/kubevirt.md b/kubevirt/docs/kubevirt.md
diff --git a/kubevirt/kcl.mod b/kubevirt/kcl.mod
@@ -1,6 +1,6 @@
 [package]
 name = "kubevirt"
-version = "0.2.1"
+version = "0.3.0"
 description = "`kubevirt` module contains definitions for kubevirt"
 
 [dependencies]

diff --git a/kubevirt/v1/config_openshift_io_v1_api_server.k b/kubevirt/v1/config_openshift_io_v1_api_server.k
@@ -0,0 +1,209 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema APIServer:
+    r"""
+    APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.
+
+    Attributes
+    ----------
+    apiVersion : str, default is "config.openshift.io/v1", required
+        APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+    kind : str, default is "APIServer", required
+        Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+    metadata : v1.ObjectMeta, default is Undefined, optional
+        metadata
+    spec : ConfigOpenshiftIoV1APIServerSpec, default is Undefined, required
+        spec
+    status : any, default is Undefined, optional
+        status
+    """
+
+
+    apiVersion: "config.openshift.io/v1" = "config.openshift.io/v1"
+
+    kind: "APIServer" = "APIServer"
+
+    metadata?: v1.ObjectMeta
+
+    spec: ConfigOpenshiftIoV1APIServerSpec
+
+    status?: any
+
+
+schema ConfigOpenshiftIoV1APIServerSpec:
+    r"""
+    config openshift io v1 API server spec
+
+    Attributes
+    ----------
+    additionalCORSAllowedOrigins : [str], default is Undefined, optional
+        additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.
+    clientCA : ConfigOpenshiftIoV1APIServerSpecClientCA, default is Undefined, optional
+        client c a
+    encryption : ConfigOpenshiftIoV1APIServerSpecEncryption, default is Undefined, optional
+        encryption
+    servingCerts : ConfigOpenshiftIoV1APIServerSpecServingCerts, default is Undefined, optional
+        serving certs
+    tlsSecurityProfile : ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfile, default is Undefined, optional
+        tls security profile
+    """
+
+
+    additionalCORSAllowedOrigins?: [str]
+
+    clientCA?: ConfigOpenshiftIoV1APIServerSpecClientCA
+
+    encryption?: ConfigOpenshiftIoV1APIServerSpecEncryption
+
+    servingCerts?: ConfigOpenshiftIoV1APIServerSpecServingCerts
+
+    tlsSecurityProfile?: ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfile
+
+
+schema ConfigOpenshiftIoV1APIServerSpecClientCA:
+    r"""
+    clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.
+
+    Attributes
+    ----------
+    name : str, default is Undefined, required
+        name is the metadata.name of the referenced config map
+    """
+
+
+    name: str
+
+
+schema ConfigOpenshiftIoV1APIServerSpecEncryption:
+    r"""
+    encryption allows the configuration of encryption of resources at the datastore layer.
+
+    Attributes
+    ----------
+    $type : str, default is Undefined, optional
+        type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time.  Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. 
+         When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time.  The current authoritative list is: 
+           1. secrets   2. configmaps   3. routes.route.openshift.io   4. oauthaccesstokens.oauth.openshift.io   5. oauthauthorizetokens.oauth.openshift.io
+    """
+
+
+    $type?: "" | "identity" | "aescbc"
+
+
+schema ConfigOpenshiftIoV1APIServerSpecServingCerts:
+    r"""
+    servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.
+
+    Attributes
+    ----------
+    namedCertificates : [ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0], default is Undefined, optional
+        namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
+    """
+
+
+    namedCertificates?: [ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0]
+
+
+schema ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0:
+    r"""
+    APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
+
+    Attributes
+    ----------
+    names : [str], default is Undefined, optional
+        names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
+    servingCertificate : ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0ServingCertificate, default is Undefined, optional
+        serving certificate
+    """
+
+
+    names?: [str]
+
+    servingCertificate?: ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0ServingCertificate
+
+
+schema ConfigOpenshiftIoV1APIServerSpecServingCertsNamedCertificatesItems0ServingCertificate:
+    r"""
+    servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.
+
+    Attributes
+    ----------
+    name : str, default is Undefined, required
+        name is the metadata.name of the referenced secret
+    """
+
+
+    name: str
+
+
+schema ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfile:
+    r"""
+    tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. 
+     If unset, a default (which may change between releases) is chosen. Note that only Old and Intermediate profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.
+
+    Attributes
+    ----------
+    custom : ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfileCustom, default is Undefined, optional
+        custom
+    intermediate : any, default is Undefined, optional
+        intermediate is a TLS security profile based on: 
+         https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 
+         and looks like this (yaml): 
+           ciphers:     - TLS_AES_128_GCM_SHA256     - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256     - ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES256-GCM-SHA384     - ECDHE-RSA-AES256-GCM-SHA384     - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305     - DHE-RSA-AES128-GCM-SHA256     - DHE-RSA-AES256-GCM-SHA384   minTLSVersion: TLSv1.2
+    modern : any, default is Undefined, optional
+        modern is a TLS security profile based on: 
+         https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility 
+         and looks like this (yaml): 
+           ciphers:     - TLS_AES_128_GCM_SHA256     - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256   minTLSVersion: TLSv1.3 
+         NOTE: Currently unsupported.
+    old : any, default is Undefined, optional
+        old is a TLS security profile based on: 
+         https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility 
+         and looks like this (yaml): 
+           ciphers:     - TLS_AES_128_GCM_SHA256     - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256     - ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES256-GCM-SHA384     - ECDHE-RSA-AES256-GCM-SHA384     - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305     - DHE-RSA-AES128-GCM-SHA256     - DHE-RSA-AES256-GCM-SHA384     - DHE-RSA-CHACHA20-POLY1305     - ECDHE-ECDSA-AES128-SHA256     - ECDHE-RSA-AES128-SHA256     - ECDHE-ECDSA-AES128-SHA     - ECDHE-RSA-AES128-SHA     - ECDHE-ECDSA-AES256-SHA384     - ECDHE-RSA-AES256-SHA384     - ECDHE-ECDSA-AES256-SHA     - ECDHE-RSA-AES256-SHA     - DHE-RSA-AES128-SHA256     - DHE-RSA-AES256-SHA256     - AES128-GCM-SHA256     - AES256-GCM-SHA384     - AES128-SHA256     - AES256-SHA256     - AES128-SHA     - AES256-SHA     - DES-CBC3-SHA   minTLSVersion: TLSv1.0
+    $type : str, default is Undefined, optional
+        type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: 
+         https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations 
+         The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be reduced. 
+         Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.
+    """
+
+
+    custom?: ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfileCustom
+
+    intermediate?: any
+
+    modern?: any
+
+    old?: any
+
+    $type?: str
+
+
+schema ConfigOpenshiftIoV1APIServerSpecTLSSecurityProfileCustom:
+    r"""
+    custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: 
+       ciphers:     - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305     - ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   minTLSVersion: TLSv1.1
+
+    Attributes
+    ----------
+    ciphers : [str], default is Undefined, optional
+        ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake.  Operators may remove entries their operands do not support.  For example, to use DES-CBC3-SHA  (yaml): 
+           ciphers:     - DES-CBC3-SHA
+    minTLSVersion : str, default is Undefined, optional
+        minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): 
+           minTLSVersion: TLSv1.1 
+         NOTE: currently the highest minTLSVersion allowed is VersionTLS12
+    """
+
+
+    ciphers?: [str]
+
+    minTLSVersion?: str
+
+
diff --git a/kubevirt/v1/config_openshift_io_v1_authentication.k b/kubevirt/v1/config_openshift_io_v1_authentication.k
@@ -0,0 +1,129 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema ConfigAuthentication:
+    r"""
+    Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.
+
+    Attributes
+    ----------
+    apiVersion : str, default is "config.openshift.io/v1", required
+        APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+    kind : str, default is "Authentication", required
+        Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+    metadata : v1.ObjectMeta, default is Undefined, optional
+        metadata
+    spec : ConfigOpenshiftIoV1AuthenticationSpec, default is Undefined, required
+        spec
+    status : ConfigOpenshiftIoV1AuthenticationStatus, default is Undefined, optional
+        status
+    """
+
+
+    apiVersion: "config.openshift.io/v1" = "config.openshift.io/v1"
+
+    kind: "Authentication" = "Authentication"
+
+    metadata?: v1.ObjectMeta
+
+    spec: ConfigOpenshiftIoV1AuthenticationSpec
+
+    status?: ConfigOpenshiftIoV1AuthenticationStatus
+
+
+schema ConfigOpenshiftIoV1AuthenticationSpec:
+    r"""
+    spec holds user settable values for configuration
+
+    Attributes
+    ----------
+    oauthMetadata : ConfigOpenshiftIoV1AuthenticationSpecOauthMetadata, default is Undefined, optional
+        oauth metadata
+    $type : str, default is Undefined, optional
+        type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
+    webhookTokenAuthenticators : [ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0], default is Undefined, optional
+        webhookTokenAuthenticators configures remote token reviewers. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API.  This is required to honor bearer tokens that are provisioned by an external authentication service. The namespace for these secrets is openshift-config.
+    """
+
+
+    oauthMetadata?: ConfigOpenshiftIoV1AuthenticationSpecOauthMetadata
+
+    $type?: str
+
+    webhookTokenAuthenticators?: [ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0]
+
+
+schema ConfigOpenshiftIoV1AuthenticationSpecOauthMetadata:
+    r"""
+    oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.
+
+    Attributes
+    ----------
+    name : str, default is Undefined, required
+        name is the metadata.name of the referenced config map
+    """
+
+
+    name: str
+
+
+schema ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0:
+    r"""
+    webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator
+
+    Attributes
+    ----------
+    kubeConfig : ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0KubeConfig, default is Undefined, optional
+        kube config
+    """
+
+
+    kubeConfig?: ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0KubeConfig
+
+
+schema ConfigOpenshiftIoV1AuthenticationSpecWebhookTokenAuthenticatorsItems0KubeConfig:
+    r"""
+    kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.
+
+    Attributes
+    ----------
+    name : str, default is Undefined, required
+        name is the metadata.name of the referenced secret
+    """
+
+
+    name: str
+
+
+schema ConfigOpenshiftIoV1AuthenticationStatus:
+    r"""
+    status holds observed values from the cluster. They may not be overridden.
+
+    Attributes
+    ----------
+    integratedOAuthMetadata : ConfigOpenshiftIoV1AuthenticationStatusIntegratedOAuthMetadata, default is Undefined, optional
+        integrated o auth metadata
+    """
+
+
+    integratedOAuthMetadata?: ConfigOpenshiftIoV1AuthenticationStatusIntegratedOAuthMetadata
+
+
+schema ConfigOpenshiftIoV1AuthenticationStatusIntegratedOAuthMetadata:
+    r"""
+    integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.
+
+    Attributes
+    ----------
+    name : str, default is Undefined, required
+        name is the metadata.name of the referenced config map
+    """
+
+
+    name: str
+
+