ContainerImage.Pinniped/deploy_carvel/supervisor/schema-openapi.yml

openapi: 3.0.0
info:
  version: 0.1.0
  title: Schema for data values, generated by ytt
paths: {}
components:
  schemas:
    dataValues:
      type: object
      additionalProperties: false
      properties:
        app_name:
          type: string
          description: Namespace of pinniped-supervisor
          default: pinniped-supervisor
        namespace:
          type: string
          description: Creates a new namespace statically in yaml with the given name and installs the app into that namespace.
          default: pinniped-supervisor
        into_namespace:
          type: string
          nullable: true
          description: 'Overrides namespace.  This is actually confusingly worded. TODO: CAN WE REWRITE THIS ONE???'
          default: null
        custom_labels:
          type: object
          additionalProperties: false
          description: 'All resources created statically by yaml at install-time and all resources created dynamically by controllers at runtime will be labelled with `app: $app_name` and also with the labels specified here.'
          properties: {}
        replicas:
          type: integer
          description: Specify how many replicas of the Pinniped server to run.
          default: 2
        image_repo:
          type: string
          description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used.
          default: projects.registry.vmware.com/pinniped/pinniped-server
        image_digest:
          type: string
          nullable: true
          description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used.
          default: null
        image_tag:
          type: string
          description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used.
          default: latest
        image_pull_dockerconfigjson:
          type: object
          additionalProperties: false
          nullable: true
          properties:
            auths:
              type: object
              additionalProperties: false
              properties:
                https://registry.example.com:
                  type: object
                  additionalProperties: false
                  properties:
                    username:
                      type: string
                      default: USERNAME
                    password:
                      type: string
                      default: PASSWORD
                    auth:
                      type: string
                      default: BASE64_ENCODED_USERNAME_COLON_PASSWORD
        deprecated_service_http_nodeport_port:
          type: integer
          nullable: true
          description: will be removed in a future release; when specified, creates a NodePort Service with this `port` value, with port 8080 as its `targetPort`; e.g. 31234
          default: null
        deprecated_service_http_nodeport_nodeport:
          type: integer
          nullable: true
          description: will be removed in a future release; the `nodePort` value of the NodePort Service, optional when `deprecated_service_http_nodeport_port` is specified; e.g. 31234
          default: null
        deprecated_service_http_loadbalancer_port:
          type: integer
          nullable: true
          description: will be removed in a future release; when specified, creates a LoadBalancer Service with this `port` value, with port 8080 as its `targetPort`; e.g. 8443
          default: null
        deprecated_service_http_clusterip_port:
          type: integer
          nullable: true
          description: will be removed in a future release; when specified, creates a ClusterIP Service with this `port` value, with port 8080 as its `targetPort`; e.g. 8443
          default: null
        service_https_nodeport_port:
          type: integer
          nullable: true
          description: when specified, creates a NodePort Service with this `port` value, with port 8443 as its `targetPort`; e.g. 31243
          default: null
        service_https_nodeport_nodeport:
          type: integer
          nullable: true
          description: the `nodePort` value of the NodePort Service, optional when `service_https_nodeport_port` is specified; e.g. 31243
          default: null
        service_https_loadbalancer_port:
          type: integer
          nullable: true
          description: when specified, creates a LoadBalancer Service with this `port` value, with port 8443 as its `targetPort`; e.g. 8443
          default: null
        service_https_clusterip_port:
          type: integer
          nullable: true
          description: when specified, creates a ClusterIP Service with this `port` value, with port 8443 as its `targetPort`; e.g. 8443
          default: null
        service_loadbalancer_ip:
          type: string
          nullable: true
          description: The `loadBalancerIP` value of the LoadBalancer Service. Ignored unless service_https_loadbalancer_port is provided. e.g. 1.2.3.4
          default: null
        log_level:
          type: string
          nullable: true
          description: 'Specify the verbosity of logging: info ("nice to know" information), debug (developer information), trace (timing information),  or all (kitchen sink). Do not use trace or all on production systems, as credentials may get logged.'
          default: null
        deprecated_log_format:
          type: string
          nullable: true
          description: 'Specify the format of logging: json (for machine parsable logs) and text (for legacy klog formatted logs). By default, when this value is left unset, logs are formatted in json. This configuration is deprecated and will be removed in a future release at which point logs will always be formatted as json.'
          default: null
        run_as_user:
          type: integer
          description: run_as_user specifies the user ID that will own the process, see the Dockerfile for the reasoning behind this choice
          default: 65532
        run_as_group:
          type: integer
          description: run_as_group specifies the group ID that will own the process, see the Dockerfile for the reasoning behind this choice
          default: 65532
        api_group_suffix:
          type: string
          description: Specify the API group suffix for all Pinniped API groups. By default, this is set to pinniped.dev, so Pinniped API groups will look like foo.pinniped.dev, authentication.concierge.pinniped.dev, etc. As an example, if this is set to tuna.io, then Pinniped API groups will look like foo.tuna.io. authentication.concierge.tuna.io, etc.
          default: pinniped.dev
        https_proxy:
          type: string
          nullable: true
          description: Set the standard golang HTTPS_PROXY and NO_PROXY environment variables on the Supervisor containers. These will be used when the Supervisor makes backend-to-backend calls to upstream identity providers using HTTPS, e.g. when the Supervisor fetches discovery documents, JWKS keys, and tokens from an upstream OIDC Provider. The Supervisor never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY.
          default: null
        no_proxy:
          type: string
          description: NO_PROXY environment variable. do not proxy Kubernetes endpoints
          default: $(KUBERNETES_SERVICE_HOST),169.254.169.254,127.0.0.1,localhost,.svc,.cluster.local
        endpoints:
          type: object
          additionalProperties: false
          nullable: true
          description: Control the HTTP and HTTPS listeners of the Supervisor.
          properties:
            https:
              type: object
              additionalProperties: false
              properties:
                network:
                  type: string
                  default: tcp | unix | disabled
                address:
                  type: string
                  default: host:port when network=tcp or /pinniped_socket/socketfile.sock when network=unix
        deprecated_insecure_accept_external_unencrypted_http_requests:
          type: boolean
          description: Optionally override the validation on the endpoints.http value which checks that only loopback interfaces are used.
          default: false
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`openapi: 3.0.0`
			`info:`
			`version: 0.1.0`
			`title: Schema for data values, generated by ytt`
			`paths: {}`
			`components:`
			`schemas:`
			`dataValues:`
			`type: object`
			`additionalProperties: false`
			`properties:`
			`app_name:`
			`type: string`
			`description: Namespace of pinniped-supervisor`
			`default: pinniped-supervisor`
			`namespace:`
			`type: string`
			`description: Creates a new namespace statically in yaml with the given name and installs the app into that namespace.`
			`default: pinniped-supervisor`
			`into_namespace:`
			`type: string`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: 'Overrides namespace. This is actually confusingly worded. TODO: CAN WE REWRITE THIS ONE???'`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`custom_labels:`
			`type: object`
			`additionalProperties: false`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: 'All resources created statically by yaml at install-time and all resources created dynamically by controllers at runtime will be labelled with `app: $app_name` and also with the labels specified here.'
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`properties: {}`
			`replicas:`
			`type: integer`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: Specify how many replicas of the Pinniped server to run.`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: 2`
			`image_repo:`
			`type: string`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used.`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: projects.registry.vmware.com/pinniped/pinniped-server`
			`image_digest:`
			`type: string`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used.`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`image_tag:`
			`type: string`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used.`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: latest`
			`image_pull_dockerconfigjson:`
			`type: object`
			`additionalProperties: false`
			`nullable: true`
			`properties:`
			`auths:`
			`type: object`
			`additionalProperties: false`
			`properties:`
			`https://registry.example.com:`
			`type: object`
			`additionalProperties: false`
			`properties:`
			`username:`
			`type: string`
			`default: USERNAME`
			`password:`
			`type: string`
			`default: PASSWORD`
			`auth:`
			`type: string`
			`default: BASE64_ENCODED_USERNAME_COLON_PASSWORD`
			`deprecated_service_http_nodeport_port:`
			`type: integer`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: will be removed in a future release; when specified, creates a NodePort Service with this `port` value, with port 8080 as its `targetPort`; e.g. 31234
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`deprecated_service_http_nodeport_nodeport:`
			`type: integer`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: will be removed in a future release; the `nodePort` value of the NodePort Service, optional when `deprecated_service_http_nodeport_port` is specified; e.g. 31234
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`deprecated_service_http_loadbalancer_port:`
			`type: integer`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: will be removed in a future release; when specified, creates a LoadBalancer Service with this `port` value, with port 8080 as its `targetPort`; e.g. 8443
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`deprecated_service_http_clusterip_port:`
			`type: integer`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: will be removed in a future release; when specified, creates a ClusterIP Service with this `port` value, with port 8080 as its `targetPort`; e.g. 8443
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`service_https_nodeport_port:`
			`type: integer`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: when specified, creates a NodePort Service with this `port` value, with port 8443 as its `targetPort`; e.g. 31243
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`service_https_nodeport_nodeport:`
			`type: integer`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: the `nodePort` value of the NodePort Service, optional when `service_https_nodeport_port` is specified; e.g. 31243
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`service_https_loadbalancer_port:`
			`type: integer`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: when specified, creates a LoadBalancer Service with this `port` value, with port 8443 as its `targetPort`; e.g. 8443
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`service_https_clusterip_port:`
			`type: integer`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: when specified, creates a ClusterIP Service with this `port` value, with port 8443 as its `targetPort`; e.g. 8443
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`service_loadbalancer_ip:`
			`type: string`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			description: The `loadBalancerIP` value of the LoadBalancer Service. Ignored unless service_https_loadbalancer_port is provided. e.g. 1.2.3.4
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`log_level:`
			`type: string`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: 'Specify the verbosity of logging: info ("nice to know" information), debug (developer information), trace (timing information), or all (kitchen sink). Do not use trace or all on production systems, as credentials may get logged.'`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`deprecated_log_format:`
			`type: string`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: 'Specify the format of logging: json (for machine parsable logs) and text (for legacy klog formatted logs). By default, when this value is left unset, logs are formatted in json. This configuration is deprecated and will be removed in a future release at which point logs will always be formatted as json.'`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`run_as_user:`
			`type: integer`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: run_as_user specifies the user ID that will own the process, see the Dockerfile for the reasoning behind this choice`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: 65532`
			`run_as_group:`
			`type: integer`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: run_as_group specifies the group ID that will own the process, see the Dockerfile for the reasoning behind this choice`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: 65532`
			`api_group_suffix:`
			`type: string`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: Specify the API group suffix for all Pinniped API groups. By default, this is set to pinniped.dev, so Pinniped API groups will look like foo.pinniped.dev, authentication.concierge.pinniped.dev, etc. As an example, if this is set to tuna.io, then Pinniped API groups will look like foo.tuna.io. authentication.concierge.tuna.io, etc.`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: pinniped.dev`
			`https_proxy:`
			`type: string`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: Set the standard golang HTTPS_PROXY and NO_PROXY environment variables on the Supervisor containers. These will be used when the Supervisor makes backend-to-backend calls to upstream identity providers using HTTPS, e.g. when the Supervisor fetches discovery documents, JWKS keys, and tokens from an upstream OIDC Provider. The Supervisor never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY.`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: null`
			`no_proxy:`
			`type: string`
Update supervisor values.yaml to a schema doc. Make @nullable work - see build.sh for documented script to run to generate: ytt --file concierge/config/values.yaml --data-values-schema-inspect --output openapi-v3 > concierge/schema-openapi.yml 2023-08-21 21:07:37 +00:00			`description: NO_PROXY environment variable. do not proxy Kubernetes endpoints`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: $(KUBERNETES_SERVICE_HOST),169.254.169.254,127.0.0.1,localhost,.svc,.cluster.local`
			`endpoints:`
			`type: object`
			`additionalProperties: false`
			`nullable: true`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: Control the HTTP and HTTPS listeners of the Supervisor.`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`properties:`
			`https:`
			`type: object`
			`additionalProperties: false`
			`properties:`
			`network:`
			`type: string`
			`default: tcp \| unix \| disabled`
			`address:`
			`type: string`
			`default: host:port when network=tcp or /pinniped_socket/socketfile.sock when network=unix`
			`deprecated_insecure_accept_external_unencrypted_http_requests:`
			`type: boolean`
WIP: update the schema gen for supervisor the ./build.sh for the ytt invocation for this. there is more work to do here, this gets us started. many of our multiline descriptions need to be assessed. do we want both? the description and also the schema text? 2023-08-21 20:54:00 +00:00			`description: Optionally override the validation on the endpoints.http value which checks that only loopback interfaces are used.`
add supervisor package, schema, metadata files 2023-08-21 20:19:06 +00:00			`default: false`