From 42b1564cdba9b57d58c5a1b22b70a21c013bd5e4 Mon Sep 17 00:00:00 2001 From: Sebastian Florek Date: Mon, 3 Jun 2024 09:45:44 -0500 Subject: [PATCH] feat: add support for delete propagation policy (#9113) * add support for propagation policy to delete resource, update UI and regenerate API schema * fix gql schema * update schema * update schema * make fix * fix prettier --- modules/api/pkg/handler/apihandler.go | 6 +- modules/api/schema/swagger.json | 368 ++++++++---------- modules/common/client/types.go | 2 +- modules/common/client/verber.go | 20 +- modules/web/.meshrc.yml | 28 ++ modules/web/i18n/de/messages.de.xlf | 4 + modules/web/i18n/es/messages.es.xlf | 4 + modules/web/i18n/fr/messages.fr.xlf | 4 + modules/web/i18n/ja/messages.ja.xlf | 4 + modules/web/i18n/ko/messages.ko.xlf | 4 + modules/web/i18n/messages.xlf | 3 + modules/web/i18n/zh-Hans/messages.zh-Hans.xlf | 4 + .../i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf | 4 + modules/web/i18n/zh-Hant/messages.zh-Hant.xlf | 4 + modules/web/schema/schema.graphql | 259 +++++++----- modules/web/src/_theming.scss | 3 +- .../common/dialogs/deleteresource/dialog.ts | 26 +- .../common/dialogs/deleteresource/styles.scss | 42 ++ .../dialogs/deleteresource/template.html | 34 +- .../web/src/common/services/global/verber.ts | 11 +- 20 files changed, 503 insertions(+), 331 deletions(-) create mode 100644 modules/web/src/common/dialogs/deleteresource/styles.scss diff --git a/modules/api/pkg/handler/apihandler.go b/modules/api/pkg/handler/apihandler.go index 4a806777e7e3..193c36d45af8 100644 --- a/modules/api/pkg/handler/apihandler.go +++ b/modules/api/pkg/handler/apihandler.go @@ -885,6 +885,7 @@ func CreateHTTPAPIHandler(iManager integration.Manager) (*restful.Container, err Param(apiV1Ws.PathParameter("namespace", "namespace of the resource")). Param(apiV1Ws.PathParameter("name", "name of the resource")). Param(apiV1Ws.QueryParameter("deleteNow", "override graceful delete options and enforce immediate deletion")). + Param(apiV1Ws.QueryParameter("propagation", "override default delete propagation policy")). Returns(http.StatusNoContent, "", nil)) apiV1Ws.Route( apiV1Ws.GET("/_raw/{kind}/namespace/{namespace}/name/{name}").To(apiHandler.handleGetResource). @@ -912,6 +913,8 @@ func CreateHTTPAPIHandler(iManager integration.Manager) (*restful.Container, err Doc("deletes a non-namespaced resource"). Param(apiV1Ws.PathParameter("kind", "kind of the resource")). Param(apiV1Ws.PathParameter("name", "name of the resource")). + Param(apiV1Ws.QueryParameter("deleteNow", "override graceful delete options and enforce immediate deletion")). + Param(apiV1Ws.QueryParameter("propagation", "override default delete propagation policy")). Returns(http.StatusNoContent, "", nil)) apiV1Ws.Route( apiV1Ws.GET("/_raw/{kind}/name/{name}").To(apiHandler.handleGetResource). @@ -2355,9 +2358,10 @@ func (apiHandler *APIHandler) handleDeleteResource( kind := request.PathParameter("kind") namespace := request.PathParameters()["namespace"] name := request.PathParameter("name") + propagation := request.QueryParameter("propagation") deleteNow := request.QueryParameter("deleteNow") == "true" - if err := verber.Delete(kind, namespace, name, deleteNow); err != nil { + if err := verber.Delete(kind, namespace, name, propagation, deleteNow); err != nil { errors.HandleInternalError(response, err) return } diff --git a/modules/api/schema/swagger.json b/modules/api/schema/swagger.json index a38272b7ca7b..869201f555b7 100644 --- a/modules/api/schema/swagger.json +++ b/modules/api/schema/swagger.json @@ -210,6 +210,18 @@ "name": "name", "in": "path", "required": true + }, + { + "type": "string", + "description": "override graceful delete options and enforce immediate deletion", + "name": "deleteNow", + "in": "query" + }, + { + "type": "string", + "description": "override default delete propagation policy", + "name": "propagation", + "in": "query" } ], "responses": { @@ -451,6 +463,12 @@ "description": "override graceful delete options and enforce immediate deletion", "name": "deleteNow", "in": "query" + }, + { + "type": "string", + "description": "override default delete propagation policy", + "name": "propagation", + "in": "query" } ], "responses": { @@ -9471,7 +9489,7 @@ "$ref": "#/definitions/error" }, "lastChecked": { - "type": "string" + "$ref": "#/definitions/v1.Time" } } }, @@ -9552,8 +9570,8 @@ }, "clusterrole.ClusterRoleDetail": { "required": [ - "objectMeta", "typeMeta", + "objectMeta", "rules", "errors" ], @@ -9682,10 +9700,10 @@ ], "properties": { "lastProbeTime": { - "type": "string" + "$ref": "#/definitions/v1.Time" }, "lastTransitionTime": { - "type": "string" + "$ref": "#/definitions/v1.Time" }, "message": { "type": "string" @@ -9738,10 +9756,10 @@ "format": "int32" }, "firstSeen": { - "type": "string" + "$ref": "#/definitions/v1.Time" }, "lastSeen": { - "type": "string" + "$ref": "#/definitions/v1.Time" }, "message": { "type": "string" @@ -10034,7 +10052,7 @@ } }, "lastSchedule": { - "type": "string" + "$ref": "#/definitions/v1.Time" }, "objectMeta": { "$ref": "#/definitions/types.ObjectMeta" @@ -10052,13 +10070,13 @@ }, "cronjob.CronJobDetail": { "required": [ + "objectMeta", + "typeMeta", "schedule", "suspend", "active", "lastSchedule", "containerImages", - "objectMeta", - "typeMeta", "concurrencyPolicy", "startingDeadlineSeconds", "errors" @@ -10084,7 +10102,7 @@ } }, "lastSchedule": { - "type": "string" + "$ref": "#/definitions/v1.Time" }, "objectMeta": { "$ref": "#/definitions/types.ObjectMeta" @@ -10176,11 +10194,11 @@ }, "daemonset.DaemonSetDetail": { "required": [ - "initContainerImages", "objectMeta", "typeMeta", "podInfo", "containerImages", + "initContainerImages", "errors" ], "properties": { @@ -10320,7 +10338,7 @@ "type": "string" }, "cpuRequirement": { - "type": "string" + "$ref": "#/definitions/resource.Quantity" }, "description": { "type": "string" @@ -10338,7 +10356,7 @@ } }, "memoryRequirement": { - "type": "string" + "$ref": "#/definitions/resource.Quantity" }, "name": { "type": "string" @@ -10401,11 +10419,11 @@ }, "deployment.DeploymentDetail": { "required": [ + "pods", + "containerImages", "initContainerImages", "objectMeta", "typeMeta", - "pods", - "containerImages", "selector", "statusInfo", "conditions", @@ -10576,10 +10594,10 @@ ], "properties": { "maxSurge": { - "type": "string" + "$ref": "#/definitions/intstr.IntOrString" }, "maxUnavailable": { - "type": "string" + "$ref": "#/definitions/intstr.IntOrString" } } }, @@ -10720,13 +10738,13 @@ }, "horizontalpodautoscaler.HorizontalPodAutoscalerDetail": { "required": [ - "objectMeta", - "typeMeta", "scaleTargetRef", "minReplicas", "maxReplicas", "currentCPUUtilizationPercentage", "targetCPUUtilizationPercentage", + "objectMeta", + "typeMeta", "currentReplicas", "desiredReplicas", "lastScaleTime" @@ -10745,7 +10763,7 @@ "format": "int32" }, "lastScaleTime": { - "type": "string" + "$ref": "#/definitions/v1.Time" }, "maxReplicas": { "type": "integer", @@ -10853,10 +10871,10 @@ }, "ingress.IngressDetail": { "required": [ - "hosts", "objectMeta", "typeMeta", "endpoints", + "hosts", "spec", "status", "errors" @@ -10960,6 +10978,26 @@ } } }, + "intstr.IntOrString": { + "required": [ + "Type", + "IntVal", + "StrVal" + ], + "properties": { + "IntVal": { + "type": "integer", + "format": "int32" + }, + "StrVal": { + "type": "string" + }, + "Type": { + "type": "integer", + "format": "int64" + } + } + }, "job.Job": { "required": [ "objectMeta", @@ -11003,13 +11041,13 @@ }, "job.JobDetail": { "required": [ - "initContainerImages", "parallelism", "jobStatus", "objectMeta", "typeMeta", "podInfo", "containerImages", + "initContainerImages", "completions", "errors" ], @@ -11343,8 +11381,8 @@ }, "networkpolicy.NetworkPolicyDetail": { "required": [ - "typeMeta", "objectMeta", + "typeMeta", "podSelector", "errors" ], @@ -11503,10 +11541,10 @@ }, "node.NodeDetail": { "required": [ + "objectMeta", "typeMeta", "ready", "allocatedResources", - "objectMeta", "phase", "podCIDR", "providerID", @@ -11679,16 +11717,16 @@ }, "persistentvolume.PersistentVolumeDetail": { "required": [ - "objectMeta", - "capacity", - "reason", "typeMeta", + "capacity", "accessModes", "reclaimPolicy", - "storageClass", "mountOptions", - "status", "claim", + "reason", + "objectMeta", + "storageClass", + "status", "message", "persistentVolumeSource" ], @@ -11806,13 +11844,13 @@ }, "persistentvolumeclaim.PersistentVolumeClaimDetail": { "required": [ - "capacity", - "accessModes", - "storageClass", "objectMeta", "typeMeta", "status", - "volume" + "volume", + "capacity", + "accessModes", + "storageClass" ], "properties": { "accessModes": { @@ -12275,11 +12313,11 @@ }, "replicaset.ReplicaSetDetail": { "required": [ + "containerImages", + "initContainerImages", "objectMeta", "typeMeta", "podInfo", - "containerImages", - "initContainerImages", "selector", "horizontalPodAutoscalerList", "errors" @@ -12389,11 +12427,11 @@ }, "replicationcontroller.ReplicationControllerDetail": { "required": [ + "objectMeta", "typeMeta", "podInfo", "containerImages", "initContainerImages", - "objectMeta", "labelSelector", "errors" ], @@ -12769,9 +12807,9 @@ }, "secret.SecretDetail": { "required": [ + "type", "objectMeta", "typeMeta", - "type", "data" ], "properties": { @@ -12858,13 +12896,13 @@ }, "service.ServiceDetail": { "required": [ - "clusterIP", - "objectMeta", "typeMeta", "internalEndpoint", "externalEndpoints", "selector", "type", + "clusterIP", + "objectMeta", "endpointList", "sessionAffinity", "errors" @@ -13403,7 +13441,7 @@ } }, "creationTimestamp": { - "type": "string" + "$ref": "#/definitions/v1.Time" }, "labels": { "type": "object", @@ -13470,6 +13508,22 @@ } } }, + "v1.AppArmorProfile": { + "description": "AppArmorProfile defines a pod or container's AppArmor settings.", + "required": [ + "type" + ], + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied. Valid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + } + }, "v1.AzureDiskVolumeSource": { "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "required": [ @@ -13885,7 +13939,7 @@ "properties": { "startedAt": { "description": "Time at which the container was last (re-)started", - "type": "string" + "$ref": "#/definitions/v1.Time" } } }, @@ -13906,7 +13960,7 @@ }, "finishedAt": { "description": "Time at which the container last terminated", - "type": "string" + "$ref": "#/definitions/v1.Time" }, "message": { "description": "Message regarding the last termination of the container", @@ -13923,7 +13977,7 @@ }, "startedAt": { "description": "Time at which previous execution of the container started", - "type": "string" + "$ref": "#/definitions/v1.Time" } } }, @@ -13997,6 +14051,13 @@ "state": { "description": "State holds details about the container's current condition.", "$ref": "#/definitions/v1.ContainerState" + }, + "volumeMounts": { + "description": "Status of volume mounts.", + "type": "array", + "items": { + "$ref": "#/definitions/v1.VolumeMountStatus" + } } } }, @@ -14019,7 +14080,7 @@ ], "properties": { "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", "$ref": "#/definitions/v1.ObjectFieldSelector" }, "mode": { @@ -14063,7 +14124,7 @@ }, "sizeLimit": { "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" + "$ref": "#/definitions/resource.Quantity" } } }, @@ -14166,6 +14227,9 @@ } } }, + "v1.FieldsV1": { + "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:\u003cname\u003e', where \u003cname\u003e is the name of a field in a struct, or key in a map 'v:\u003cvalue\u003e', where \u003cvalue\u003e is the exact json formatted value of a list item 'i:\u003cindex\u003e', where \u003cindex\u003e is position of a item in a list 'k:\u003ckeys\u003e', where \u003ckeys\u003e is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff" + }, "v1.FlexPersistentVolumeSource": { "description": "FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.", "required": [ @@ -14372,7 +14436,7 @@ }, "port": { "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - "type": "string" + "$ref": "#/definitions/intstr.IntOrString" }, "scheme": { "description": "Scheme to use for connecting to the host. Defaults to HTTP.", @@ -14663,14 +14727,6 @@ } } }, - "v1.IngressRuleValue": { - "description": "IngressRuleValue represents a rule to apply against incoming requests. If the rule is satisfied, the request is routed to the specified backend. Currently mixing different types of rules in a single Ingress is disallowed, so exactly one of the following must be set.", - "properties": { - "http": { - "$ref": "#/definitions/v1.HTTPIngressRuleValue" - } - } - }, "v1.IngressServiceBackend": { "description": "IngressServiceBackend references a Kubernetes Service as a Backend.", "required": [ @@ -14842,7 +14898,7 @@ }, "fieldsV1": { "description": "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type.", - "type": "string" + "$ref": "#/definitions/v1.FieldsV1" }, "manager": { "description": "Manager is an identifier of the workflow managing these fields.", @@ -14858,7 +14914,7 @@ }, "time": { "description": "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over.", - "type": "string" + "$ref": "#/definitions/v1.Time" } } }, @@ -14948,7 +15004,7 @@ }, "port": { "description": "port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", - "type": "string" + "$ref": "#/definitions/intstr.IntOrString" }, "protocol": { "description": "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", @@ -15058,7 +15114,7 @@ }, "creationTimestamp": { "description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "type": "string" + "$ref": "#/definitions/v1.Time" }, "deletionGracePeriodSeconds": { "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", @@ -15067,7 +15123,7 @@ }, "deletionTimestamp": { "description": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "type": "string" + "$ref": "#/definitions/v1.Time" }, "finalizers": { "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", @@ -15227,7 +15283,7 @@ "type": "string" }, "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", "type": "string" }, "volumeMode": { @@ -15384,6 +15440,10 @@ "v1.PodSecurityContext": { "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", "properties": { + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/v1.AppArmorProfile" + }, "fsGroup": { "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw ", "type": "integer", @@ -15550,27 +15610,6 @@ } } }, - "v1.ProbeHandler": { - "description": "ProbeHandler defines a specific action that should be taken in a probe. One and only one of the fields must be specified.", - "properties": { - "exec": { - "description": "Exec specifies the action to take.", - "$ref": "#/definitions/v1.ExecAction" - }, - "grpc": { - "description": "GRPC specifies an action involving a GRPC port.", - "$ref": "#/definitions/v1.GRPCAction" - }, - "httpGet": { - "description": "HTTPGet specifies the http request to perform.", - "$ref": "#/definitions/v1.HTTPGetAction" - }, - "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", - "$ref": "#/definitions/v1.TCPSocketAction" - } - } - }, "v1.ProjectedVolumeSource": { "description": "Represents a projected volume source", "required": [ @@ -15736,7 +15775,7 @@ }, "divisor": { "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "type": "string" + "$ref": "#/definitions/resource.Quantity" }, "resource": { "description": "Required: resource to select", @@ -16014,6 +16053,10 @@ "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/v1.AppArmorProfile" + }, "capabilities": { "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", "$ref": "#/definitions/v1.Capabilities" @@ -16197,7 +16240,7 @@ }, "port": { "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - "type": "string" + "$ref": "#/definitions/intstr.IntOrString" } } }, @@ -16218,7 +16261,7 @@ }, "timeAdded": { "description": "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", - "type": "string" + "$ref": "#/definitions/v1.Time" }, "value": { "description": "The taint value corresponding to the taint key.", @@ -16226,6 +16269,17 @@ } } }, + "v1.Time": { + "required": [ + "Time" + ], + "properties": { + "Time": { + "type": "string", + "format": "date-time" + } + } + }, "v1.TypeMeta": { "description": "TypeMeta describes an individual object in an API response or request with strings representing the type of the object and its API schema version. Structures that are versioned or persisted should inline TypeMeta.", "properties": { @@ -16414,6 +16468,31 @@ } } }, + "v1.VolumeMountStatus": { + "description": "VolumeMountStatus shows status of volume mounts.", + "required": [ + "name", + "mountPath" + ], + "properties": { + "mountPath": { + "description": "MountPath corresponds to the original VolumeMount.", + "type": "string" + }, + "name": { + "description": "Name corresponds to the name of the original VolumeMount.", + "type": "string" + }, + "readOnly": { + "description": "ReadOnly corresponds to the original VolumeMount.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly must be set to Disabled, Enabled, or unspecified (for non-readonly mounts). An IfPossible value in the original VolumeMount must be translated to Disabled or Enabled, depending on the mount result.", + "type": "string" + } + } + }, "v1.VolumeProjection": { "description": "Projection that may be projected along with other supported volume types", "properties": { @@ -16458,127 +16537,6 @@ } } }, - "v1.VolumeSource": { - "description": "Represents the source of a volume to mount. Only one of its members may be specified.", - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "$ref": "#/definitions/v1.AWSElasticBlockStoreVolumeSource" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", - "$ref": "#/definitions/v1.AzureDiskVolumeSource" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", - "$ref": "#/definitions/v1.AzureFileVolumeSource" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", - "$ref": "#/definitions/v1.CephFSVolumeSource" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "$ref": "#/definitions/v1.CinderVolumeSource" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "$ref": "#/definitions/v1.ConfigMapVolumeSource" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", - "$ref": "#/definitions/v1.CSIVolumeSource" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "$ref": "#/definitions/v1.DownwardAPIVolumeSource" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "$ref": "#/definitions/v1.EmptyDirVolumeSource" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", - "$ref": "#/definitions/v1.EphemeralVolumeSource" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "$ref": "#/definitions/v1.FCVolumeSource" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", - "$ref": "#/definitions/v1.FlexVolumeSource" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", - "$ref": "#/definitions/v1.FlockerVolumeSource" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "$ref": "#/definitions/v1.GCEPersistentDiskVolumeSource" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - "$ref": "#/definitions/v1.GitRepoVolumeSource" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md", - "$ref": "#/definitions/v1.GlusterfsVolumeSource" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "$ref": "#/definitions/v1.HostPathVolumeSource" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md", - "$ref": "#/definitions/v1.ISCSIVolumeSource" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "$ref": "#/definitions/v1.NFSVolumeSource" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "$ref": "#/definitions/v1.PersistentVolumeClaimVolumeSource" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", - "$ref": "#/definitions/v1.PhotonPersistentDiskVolumeSource" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", - "$ref": "#/definitions/v1.PortworxVolumeSource" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "$ref": "#/definitions/v1.ProjectedVolumeSource" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", - "$ref": "#/definitions/v1.QuobyteVolumeSource" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md", - "$ref": "#/definitions/v1.RBDVolumeSource" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", - "$ref": "#/definitions/v1.ScaleIOVolumeSource" - }, - "secret": { - "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "$ref": "#/definitions/v1.SecretVolumeSource" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", - "$ref": "#/definitions/v1.StorageOSVolumeSource" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", - "$ref": "#/definitions/v1.VsphereVirtualDiskVolumeSource" - } - } - }, "v1.VsphereVirtualDiskVolumeSource": { "description": "Represents a vSphere volume resource.", "required": [ diff --git a/modules/common/client/types.go b/modules/common/client/types.go index 8cdccb10bd7f..5e835e2329ce 100644 --- a/modules/common/client/types.go +++ b/modules/common/client/types.go @@ -46,5 +46,5 @@ const ( type ResourceVerber interface { Update(object *unstructured.Unstructured) error Get(kind string, namespace string, name string) (runtime.Object, error) - Delete(kind string, namespace string, name string, deleteNow bool) error + Delete(kind string, namespace string, name string, propagationPolicy string, deleteNow bool) error } diff --git a/modules/common/client/verber.go b/modules/common/client/verber.go index cc04b63821af..1158bafd27b5 100644 --- a/modules/common/client/verber.go +++ b/modules/common/client/verber.go @@ -109,15 +109,28 @@ func (v *resourceVerber) buildGroupVersionResourceCache(resourceList []*metav1.A return nil } +func (v *resourceVerber) toDeletePropagationPolicy(propagation string) metav1.DeletionPropagation { + switch metav1.DeletionPropagation(propagation) { + case metav1.DeletePropagationBackground: + return metav1.DeletePropagationBackground + case metav1.DeletePropagationForeground: + return metav1.DeletePropagationForeground + case metav1.DeletePropagationOrphan: + return metav1.DeletePropagationOrphan + } + + // Do cascade delete by default, as this is what users typically expect. + return metav1.DeletePropagationForeground +} + // Delete deletes the resource of the given kind in the given namespace with the given name. -func (v *resourceVerber) Delete(kind string, namespace string, name string, deleteNow bool) error { +func (v *resourceVerber) Delete(kind string, namespace string, name string, propagationPolicy string, deleteNow bool) error { gvr, err := v.groupVersionResourceFromKind(kind) if err != nil { return err } - // Do cascade delete by default, as this is what users typically expect. - defaultPropagationPolicy := metav1.DeletePropagationForeground + defaultPropagationPolicy := v.toDeletePropagationPolicy(propagationPolicy) defaultDeleteOptions := metav1.DeleteOptions{ PropagationPolicy: &defaultPropagationPolicy, } @@ -127,6 +140,7 @@ func (v *resourceVerber) Delete(kind string, namespace string, name string, dele defaultDeleteOptions.GracePeriodSeconds = &gracePeriodSeconds } + klog.V(1).InfoS("deleting resource", "kind", kind, "namespace", namespace, "name", name, "propagationPolicy", propagationPolicy, "deleteNow", deleteNow) return v.client.Resource(gvr).Namespace(namespace).Delete(context.TODO(), name, defaultDeleteOptions) } diff --git a/modules/web/.meshrc.yml b/modules/web/.meshrc.yml index c2ee22ed0b80..6c176e404c5b 100644 --- a/modules/web/.meshrc.yml +++ b/modules/web/.meshrc.yml @@ -30,6 +30,10 @@ sources: type Map { map: ObjMap! } + type StringWrapper { + string: String! + optionalString: String + } type StateWrapper { state: ContainerState! } @@ -64,6 +68,12 @@ sources: to: type: Map field: map + - from: + type: v1_ResourceFieldSelector + field: divisor + to: + type: StringWrapper + field: optionalString - from: type: v1_ResourceRequirements field: requests @@ -106,3 +116,21 @@ sources: to: type: StateWrapper field: state + - from: + type: deployment_AppDeploymentSpec + field: cpuRequirement + to: + type: StringWrapper + field: string + - from: + type: deployment_AppDeploymentSpec + field: memoryRequirement + to: + type: StringWrapper + field: string + - from: + type: v1_EmptyDirVolumeSource + field: sizeLimit + to: + type: StringWrapper + field: optionalString diff --git a/modules/web/i18n/de/messages.de.xlf b/modules/web/i18n/de/messages.de.xlf index 96ea41ecfa99..7cc0ae67af7c 100644 --- a/modules/web/i18n/de/messages.de.xlf +++ b/modules/web/i18n/de/messages.de.xlf @@ -2664,6 +2664,10 @@ Memory Memory + + Propagation policy + Propagation policy + \ No newline at end of file diff --git a/modules/web/i18n/es/messages.es.xlf b/modules/web/i18n/es/messages.es.xlf index f99a120c8428..e64853438f9f 100644 --- a/modules/web/i18n/es/messages.es.xlf +++ b/modules/web/i18n/es/messages.es.xlf @@ -2656,6 +2656,10 @@ Memory Memory + + Propagation policy + Propagation policy + \ No newline at end of file diff --git a/modules/web/i18n/fr/messages.fr.xlf b/modules/web/i18n/fr/messages.fr.xlf index 58309ad95547..bc77e878c845 100644 --- a/modules/web/i18n/fr/messages.fr.xlf +++ b/modules/web/i18n/fr/messages.fr.xlf @@ -2652,6 +2652,10 @@ Memory Memory + + Propagation policy + Propagation policy + \ No newline at end of file diff --git a/modules/web/i18n/ja/messages.ja.xlf b/modules/web/i18n/ja/messages.ja.xlf index 4db5864a976c..1f9d717cdee6 100644 --- a/modules/web/i18n/ja/messages.ja.xlf +++ b/modules/web/i18n/ja/messages.ja.xlf @@ -2656,6 +2656,10 @@ Memory Memory + + Propagation policy + Propagation policy + \ No newline at end of file diff --git a/modules/web/i18n/ko/messages.ko.xlf b/modules/web/i18n/ko/messages.ko.xlf index 0cbe952a1b7e..fcb7c745d935 100644 --- a/modules/web/i18n/ko/messages.ko.xlf +++ b/modules/web/i18n/ko/messages.ko.xlf @@ -2656,6 +2656,10 @@ Memory Memory + + Propagation policy + Propagation policy + \ No newline at end of file diff --git a/modules/web/i18n/messages.xlf b/modules/web/i18n/messages.xlf index 4887c64305f5..f7c1eea5fb71 100644 --- a/modules/web/i18n/messages.xlf +++ b/modules/web/i18n/messages.xlf @@ -1967,6 +1967,9 @@ Image + + Propagation policy + \ No newline at end of file diff --git a/modules/web/i18n/zh-Hans/messages.zh-Hans.xlf b/modules/web/i18n/zh-Hans/messages.zh-Hans.xlf index 61b3b4d9fe4d..1e583b9957d6 100644 --- a/modules/web/i18n/zh-Hans/messages.zh-Hans.xlf +++ b/modules/web/i18n/zh-Hans/messages.zh-Hans.xlf @@ -2656,6 +2656,10 @@ Memory Memory + + Propagation policy + Propagation policy + \ No newline at end of file diff --git a/modules/web/i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf b/modules/web/i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf index 461faca714ca..293b31172e4c 100644 --- a/modules/web/i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf +++ b/modules/web/i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf @@ -2656,6 +2656,10 @@ Memory Memory + + Propagation policy + Propagation policy + \ No newline at end of file diff --git a/modules/web/i18n/zh-Hant/messages.zh-Hant.xlf b/modules/web/i18n/zh-Hant/messages.zh-Hant.xlf index 82abbd18f274..4bc5d7eb76f7 100644 --- a/modules/web/i18n/zh-Hant/messages.zh-Hant.xlf +++ b/modules/web/i18n/zh-Hant/messages.zh-Hant.xlf @@ -2656,6 +2656,10 @@ Memory Memory + + Propagation policy + Propagation policy + \ No newline at end of file diff --git a/modules/web/schema/schema.graphql b/modules/web/schema/schema.graphql index 30aca25bca50..94855706b100 100755 --- a/modules/web/schema/schema.graphql +++ b/modules/web/schema/schema.graphql @@ -2004,13 +2004,22 @@ type clusterrole_ClusterRole { type types_ObjectMeta { annotations: JSON - creationTimestamp: String + creationTimestamp: v1_Time labels: JSON name: String namespace: String uid: String } +type v1_Time { + Time: DateTime! +} + +""" +A date-time string at UTC, such as 2007-12-03T10:15:30Z, compliant with the `date-time` format outlined in section 5.6 of the RFC 3339 profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. +""" +scalar DateTime + type types_TypeMeta { kind: String restartable: Boolean @@ -2161,8 +2170,8 @@ type types_CustomResourceDefinitionDetail { } type common_Condition { - lastProbeTime: String! - lastTransitionTime: String! + lastProbeTime: v1_Time! + lastTransitionTime: v1_Time! message: String! reason: String! status: String! @@ -2215,8 +2224,8 @@ type common_EventList { type common_Event { count: Int! - firstSeen: String! - lastSeen: String! + firstSeen: v1_Time! + lastSeen: v1_Time! message: String! object: String! objectKind: String @@ -2240,7 +2249,7 @@ type cronjob_CronJobList { type cronjob_CronJob { active: Int! containerImages: [String]! - lastSchedule: String! + lastSchedule: v1_Time! objectMeta: types_ObjectMeta! schedule: String! suspend: Boolean! @@ -2260,7 +2269,7 @@ type cronjob_CronJobDetail { concurrencyPolicy: String! containerImages: [String]! errors: [JSON]! - lastSchedule: String! + lastSchedule: v1_Time! objectMeta: types_ObjectMeta! schedule: String! startingDeadlineSeconds: BigInt! @@ -2298,11 +2307,6 @@ type api_MetricPoint { value: Int! } -""" -A date-time string at UTC, such as 2007-12-03T10:15:30Z, compliant with the `date-time` format outlined in section 5.6 of the RFC 3339 profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. -""" -scalar DateTime - type job_Job { containerImages: [String]! initContainerImages: [String]! @@ -2490,8 +2494,14 @@ type deployment_DeploymentDetail { } type deployment_RollingUpdateStrategy { - maxSurge: String! - maxUnavailable: String! + maxSurge: intstr_IntOrString! + maxUnavailable: intstr_IntOrString! +} + +type intstr_IntOrString { + IntVal: Int! + StrVal: String! + Type: BigInt! } type deployment_StatusInfo { @@ -2542,7 +2552,7 @@ type horizontalpodautoscaler_HorizontalPodAutoscalerDetail { currentCPUUtilizationPercentage: Int! currentReplicas: Int! desiredReplicas: Int! - lastScaleTime: String! + lastScaleTime: v1_Time! maxReplicas: Int! minReplicas: Int! objectMeta: types_ObjectMeta! @@ -2643,7 +2653,7 @@ type v1_IngressRule { Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. - + host can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). Requests will be matched against the Host field in the following way: 1. If host is precise, the request matches this rule if the http host header is equal to Host. 2. If host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule. """ host: String @@ -2899,10 +2909,7 @@ type v1_NetworkPolicyPort { endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. """ endPort: Int - """ - port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. - """ - port: String + port: intstr_IntOrString """ protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. """ @@ -3048,10 +3055,7 @@ type v1_Taint { effect: String! """Required. The taint key to be applied to a node.""" key: String! - """ - TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. - """ - timeAdded: String + timeAdded: v1_Time """The taint value corresponding to the taint key.""" value: String } @@ -3842,14 +3846,18 @@ ResourceFieldSelector represents container resources (cpu, memory) and their out type v1_ResourceFieldSelector { """Container name: required for volumes, optional for env vars""" containerName: String - """ - Specifies the output format of the exposed resources, defaults to "1" - """ divisor: String """Required: resource to select""" resource: String! } +type resource_Quantity5 { + Format: String! + d: resource_infDecAmount! + i: resource_int64Amount! + s: String! +} + """SecretKeySelector selects a key of a Secret.""" type v1_SecretKeySelector { """The key of the secret to select from. Must be a valid secret key.""" @@ -3911,7 +3919,7 @@ type v1_GRPCAction { port: Int! """ Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - + If this is not specified, the default behavior is defined by gRPC. """ service: String! @@ -3927,10 +3935,7 @@ type v1_HTTPGetAction { httpHeaders: [v1_HTTPHeader] """Path to access on the HTTP server.""" path: String - """ - Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - """ - port: String! + port: intstr_IntOrString! """Scheme to use for connecting to the host. Defaults to HTTP.""" scheme: String } @@ -3949,19 +3954,16 @@ type v1_HTTPHeader { type v1_TCPSocketAction { """Optional: Host name to connect to, defaults to the pod IP.""" host: String - """ - Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - """ - port: String! + port: intstr_IntOrString! } """ResourceRequirements describes the compute resource requirements.""" type v1_ResourceRequirements { """ Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - + This field is immutable. It can only be set for containers. """ claims: [v1_ResourceClaim] @@ -3981,15 +3983,15 @@ type v1_ResourceClaim { Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ """ type query_handleGetPodDetail_containers_items_resources_limits { - additionalProperties: [resource_Quantity5_entry] @dictionary(subgraph: "api") + additionalProperties: [resource_Quantity6_entry] @dictionary(subgraph: "api") } -type resource_Quantity5_entry { +type resource_Quantity6_entry { key: ID! - value: resource_Quantity5 + value: resource_Quantity6 } -type resource_Quantity5 { +type resource_Quantity6 { Format: String! d: resource_infDecAmount! i: resource_int64Amount! @@ -4000,15 +4002,15 @@ type resource_Quantity5 { Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ """ type query_handleGetPodDetail_containers_items_resources_requests { - additionalProperties: [resource_Quantity6_entry] @dictionary(subgraph: "api") + additionalProperties: [resource_Quantity7_entry] @dictionary(subgraph: "api") } -type resource_Quantity6_entry { +type resource_Quantity7_entry { key: ID! - value: resource_Quantity6 + value: resource_Quantity7 } -type resource_Quantity6 { +type resource_Quantity7 { Format: String! d: resource_infDecAmount! i: resource_int64Amount! @@ -4023,6 +4025,7 @@ type v1_SecurityContext { AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. """ allowPrivilegeEscalation: Boolean + appArmorProfile: v1_AppArmorProfile capabilities: v1_Capabilities """ Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. @@ -4053,6 +4056,21 @@ type v1_SecurityContext { windowsOptions: v1_WindowsSecurityContextOptions } +"""AppArmorProfile defines a pod or container's AppArmor settings.""" +type v1_AppArmorProfile { + """ + localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". + """ + localhostProfile: String + """ + type indicates which kind of AppArmor profile will be applied. Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + """ + type: String! +} + """Adds and removes POSIX capabilities from running containers.""" type v1_Capabilities { """Added capabilities""" @@ -4083,7 +4101,7 @@ type v1_SeccompProfile { localhostProfile: String """ type indicates which kind of seccomp profile will be applied. Valid options are: - + Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. """ type: String! @@ -4133,7 +4151,7 @@ type v1_ContainerStatus { name: String! """ Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field). - + The value is typically used to determine whether a container is ready to accept traffic. """ ready: Boolean! @@ -4147,21 +4165,23 @@ type v1_ContainerStatus { """ started: Boolean state: v1_ContainerState + """Status of volume mounts.""" + volumeMounts: [v1_VolumeMountStatus] } """ AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize. """ type query_handleGetPodDetail_containers_items_status_allocatedResources { - additionalProperties: [resource_Quantity7_entry] @dictionary(subgraph: "api") + additionalProperties: [resource_Quantity8_entry] @dictionary(subgraph: "api") } -type resource_Quantity7_entry { +type resource_Quantity8_entry { key: ID! - value: resource_Quantity7 + value: resource_Quantity8 } -type resource_Quantity7 { +type resource_Quantity8 { Format: String! d: resource_infDecAmount! i: resource_int64Amount! @@ -4179,8 +4199,7 @@ type v1_ContainerState { """ContainerStateRunning is a running state of a container.""" type v1_ContainerStateRunning { - """Time at which the container was last (re-)started""" - startedAt: String + startedAt: v1_Time } """ContainerStateTerminated is a terminated state of a container.""" @@ -4189,16 +4208,14 @@ type v1_ContainerStateTerminated { containerID: String """Exit status from the last termination of the container""" exitCode: Int! - """Time at which the container last terminated""" - finishedAt: String + finishedAt: v1_Time """Message regarding the last termination of the container""" message: String """(brief) reason from the last termination of the container""" reason: String """Signal from the last termination of the container""" signal: Int - """Time at which previous execution of the container started""" - startedAt: String + startedAt: v1_Time } """ContainerStateWaiting is a waiting state of a container.""" @@ -4209,6 +4226,20 @@ type v1_ContainerStateWaiting { reason: String } +"""VolumeMountStatus shows status of volume mounts.""" +type v1_VolumeMountStatus { + """MountPath corresponds to the original VolumeMount.""" + mountPath: String! + """Name corresponds to the name of the original VolumeMount.""" + name: String! + """ReadOnly corresponds to the original VolumeMount.""" + readOnly: Boolean + """ + RecursiveReadOnly must be set to Disabled, Enabled, or unspecified (for non-readonly mounts). An IfPossible value in the original VolumeMount must be translated to Disabled or Enabled, depending on the mount result. + """ + recursiveReadOnly: String +} + type pod_VolumeMount { mountPath: String! name: String! @@ -4423,9 +4454,6 @@ type v1_EmptyDirVolumeSource { medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir """ medium: String - """ - sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - """ sizeLimit: String } @@ -4452,31 +4480,21 @@ type v1_ObjectMeta { Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations """ annotations: JSON - """ - CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. - - Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - """ - creationTimestamp: String + creationTimestamp: v1_Time """ Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. """ deletionGracePeriodSeconds: BigInt - """ - DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. - - Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - """ - deletionTimestamp: String + deletionTimestamp: v1_Time """ Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. """ finalizers: [String] """ GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - + If this field is specified and the generated name exists, the server will return a 409. - + Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency """ generateName: String @@ -4498,7 +4516,7 @@ type v1_ObjectMeta { name: String """ Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - + Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces """ namespace: String @@ -4508,7 +4526,7 @@ type v1_ObjectMeta { ownerReferences: [v1_OwnerReference] """ An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - + Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency """ resourceVersion: String @@ -4518,7 +4536,7 @@ type v1_ObjectMeta { selfLink: String """ UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - + Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids """ uid: String @@ -4537,9 +4555,13 @@ type v1_ManagedFieldsEntry { """ fieldsType: String """ - FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. + FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. + + Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:', where is the name of a field in a struct, or key in a map 'v:', where is the exact json formatted value of a list item 'i:', where is position of a item in a list 'k:', where is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set. + + The exact format is defined in sigs.k8s.io/structured-merge-diff """ - fieldsV1: String + fieldsV1: JSON """Manager is an identifier of the workflow managing these fields.""" manager: String """ @@ -4550,10 +4572,7 @@ type v1_ManagedFieldsEntry { Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. """ subresource: String - """ - Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. - """ - time: String + time: v1_Time } """ @@ -4599,7 +4618,7 @@ type v1_PersistentVolumeClaimSpec { """ storageClassName: String """ - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. """ volumeAttributesClassName: String """ @@ -4639,15 +4658,15 @@ type v1_VolumeResourceRequirements { Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ """ type query_handleGetPodDetail_containers_items_volumeMounts_items_volume_ephemeral_volumeClaimTemplate_spec_resources_limits { - additionalProperties: [resource_Quantity8_entry] @dictionary(subgraph: "api") + additionalProperties: [resource_Quantity9_entry] @dictionary(subgraph: "api") } -type resource_Quantity8_entry { +type resource_Quantity9_entry { key: ID! - value: resource_Quantity8 + value: resource_Quantity9 } -type resource_Quantity8 { +type resource_Quantity9 { Format: String! d: resource_infDecAmount! i: resource_int64Amount! @@ -4658,15 +4677,15 @@ type resource_Quantity8 { Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ """ type query_handleGetPodDetail_containers_items_volumeMounts_items_volume_ephemeral_volumeClaimTemplate_spec_resources_requests { - additionalProperties: [resource_Quantity9_entry] @dictionary(subgraph: "api") + additionalProperties: [resource_Quantity10_entry] @dictionary(subgraph: "api") } -type resource_Quantity9_entry { +type resource_Quantity10_entry { key: ID! - value: resource_Quantity9 + value: resource_Quantity10 } -type resource_Quantity9 { +type resource_Quantity10 { Format: String! d: resource_infDecAmount! i: resource_int64Amount! @@ -5014,9 +5033,10 @@ type controller_ResourceOwner { PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext. """ type v1_PodSecurityContext { + appArmorProfile: v1_AppArmorProfile """ A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - + 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw """ fsGroup: BigInt @@ -5190,14 +5210,14 @@ type endpoint_Endpoint { type v1_EndpointPort { """ The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either: - + * Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - + * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - + * Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol. """ appProtocol: String @@ -5313,11 +5333,13 @@ type Mutation { metricNames: String """Aggregations to be performed for each metric (default: sum)""" aggregations: String - """namespace of the resource""" - namespace: String! """override graceful delete options and enforce immediate deletion""" deleteNow: String - ): Void @httpOperation(subgraph: "api", path: "/api/v1/_raw/{args.kind}/name/{args.name}", operationSpecificHeaders: "{\"Content-Type\":\"application/json\",\"Accept\":\"application/json\"}", httpMethod: DELETE, queryParamArgMap: "{\"filterBy\":\"filterBy\",\"sortBy\":\"sortBy\",\"itemsPerPage\":\"itemsPerPage\",\"page\":\"page\",\"metricNames\":\"metricNames\",\"aggregations\":\"aggregations\"}") @httpOperation(subgraph: "api", path: "/api/v1/_raw/{args.kind}/namespace/{args.namespace}/name/{args.name}", operationSpecificHeaders: "{\"Content-Type\":\"application/json\",\"Accept\":\"application/json\"}", httpMethod: DELETE, queryParamArgMap: "{\"filterBy\":\"filterBy\",\"sortBy\":\"sortBy\",\"itemsPerPage\":\"itemsPerPage\",\"page\":\"page\",\"metricNames\":\"metricNames\",\"aggregations\":\"aggregations\",\"deleteNow\":\"deleteNow\"}") + """override default delete propagation policy""" + propagation: String + """namespace of the resource""" + namespace: String! + ): Void @httpOperation(subgraph: "api", path: "/api/v1/_raw/{args.kind}/name/{args.name}", operationSpecificHeaders: "{\"Content-Type\":\"application/json\",\"Accept\":\"application/json\"}", httpMethod: DELETE, queryParamArgMap: "{\"filterBy\":\"filterBy\",\"sortBy\":\"sortBy\",\"itemsPerPage\":\"itemsPerPage\",\"page\":\"page\",\"metricNames\":\"metricNames\",\"aggregations\":\"aggregations\",\"deleteNow\":\"deleteNow\",\"propagation\":\"propagation\"}") @httpOperation(subgraph: "api", path: "/api/v1/_raw/{args.kind}/namespace/{args.namespace}/name/{args.name}", operationSpecificHeaders: "{\"Content-Type\":\"application/json\",\"Accept\":\"application/json\"}", httpMethod: DELETE, queryParamArgMap: "{\"filterBy\":\"filterBy\",\"sortBy\":\"sortBy\",\"itemsPerPage\":\"itemsPerPage\",\"page\":\"page\",\"metricNames\":\"metricNames\",\"aggregations\":\"aggregations\",\"deleteNow\":\"deleteNow\",\"propagation\":\"propagation\"}") """creates an application based on provided deployment.AppDeploymentSpec""" handleDeploy( """ @@ -5640,12 +5662,12 @@ input deployment_AppDeploymentSpec_Input { containerCommand: String! containerCommandArgs: String! containerImage: String! - cpuRequirement: String! + cpuRequirement: resource_Quantity_Input5! description: String! imagePullSecret: String! isExternal: Boolean! labels: [deployment_Label_Input]! - memoryRequirement: String! + memoryRequirement: resource_Quantity_Input5! name: String! namespace: String! portMappings: [deployment_PortMapping_Input]! @@ -5654,6 +5676,32 @@ input deployment_AppDeploymentSpec_Input { variables: [deployment_EnvironmentVariable_Input]! } +input resource_Quantity_Input5 { + Format: String! + d: resource_infDecAmount_Input! + i: resource_int64Amount_Input! + s: String! +} + +input resource_infDecAmount_Input { + Dec: inf_Dec_Input! +} + +input inf_Dec_Input { + scale: Int! + unscaled: big_Int_Input! +} + +input big_Int_Input { + abs: [Int]! + neg: Boolean! +} + +input resource_int64Amount_Input { + scale: Int! + value: BigInt! +} + input deployment_Label_Input { key: String! value: String! @@ -5762,6 +5810,11 @@ type Map { map: ObjMap! } +type StringWrapper { + string: String! + optionalString: String +} + type StateWrapper { state: ContainerState! -} \ No newline at end of file +} diff --git a/modules/web/src/_theming.scss b/modules/web/src/_theming.scss index 2bbad827b159..a7abf0a2a5a3 100644 --- a/modules/web/src/_theming.scss +++ b/modules/web/src/_theming.scss @@ -253,7 +253,8 @@ } .kd-namespace-select-input-border, - .kd-shell-toolbar-select { + .kd-shell-toolbar-select, + .kd-dialog-propagation-select { border-bottom: 1px solid $border !important; } diff --git a/modules/web/src/common/dialogs/deleteresource/dialog.ts b/modules/web/src/common/dialogs/deleteresource/dialog.ts index a65f796e2182..85ea429afa33 100644 --- a/modules/web/src/common/dialogs/deleteresource/dialog.ts +++ b/modules/web/src/common/dialogs/deleteresource/dialog.ts @@ -16,20 +16,34 @@ import {Component, Inject} from '@angular/core'; import {MAT_DIALOG_DATA, MatDialogRef} from '@angular/material/dialog'; import {ResourceMeta} from '../../services/global/actionbar'; +enum DeletionPropagation { + DeletePropagationBackground = 'Background', + DeletePropagationForeground = 'Foreground', + DeletePropagationOrphan = 'Orphan', +} + +export interface DeleteOptions { + deleteNow: boolean; + propagation: DeletionPropagation; +} + @Component({ selector: 'kd-delete-resource-dialog', templateUrl: 'template.html', + styleUrls: ['./styles.scss'], }) export class DeleteResourceDialogComponent { - isDeleteNowChecked = false; - cancelDelete = 'cancelDelete'; + options: DeleteOptions; constructor( public dialogRef: MatDialogRef, @Inject(MAT_DIALOG_DATA) public data: ResourceMeta - ) {} - - onNoClick(): void { - this.dialogRef.close(); + ) { + this.options = { + deleteNow: false, + propagation: DeletionPropagation.DeletePropagationBackground, + }; } + + protected readonly DeletionPropagation = DeletionPropagation; } diff --git a/modules/web/src/common/dialogs/deleteresource/styles.scss b/modules/web/src/common/dialogs/deleteresource/styles.scss new file mode 100644 index 000000000000..2a81aa30b7c8 --- /dev/null +++ b/modules/web/src/common/dialogs/deleteresource/styles.scss @@ -0,0 +1,42 @@ +// Copyright 2017 The Kubernetes Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +@use '../../../variables' as *; + +@mixin option { + display: block; + font-size: $body-font-size-base; + margin-top: $baseline-grid; + padding-left: $baseline-grid; +} + +.kd-dialog-propagation-select-container { + @include option; + + padding-top: $baseline-grid; +} + +.kd-dialog-propagation-select { + margin-left: $baseline-grid; + width: fit-content; + + .md-select-value { + font-size: $title-font-size-base; + min-width: 20 * $baseline-grid; + } +} + +.kd-dialog-delete-checkbox { + @include option; +} diff --git a/modules/web/src/common/dialogs/deleteresource/template.html b/modules/web/src/common/dialogs/deleteresource/template.html index a887761c42fb..24f4bf72ea09 100644 --- a/modules/web/src/common/dialogs/deleteresource/template.html +++ b/modules/web/src/common/dialogs/deleteresource/template.html @@ -27,11 +27,30 @@ ? -
+
+ Propagation policy + + + {{ propagation }} + + +
+ + +
Delete now (sets delete grace period to 1 second instead of the default, which is usually 30 @@ -49,8 +68,9 @@ kubectl delete -n {{ data.objectMeta.namespace }} - --now - {{ data.typeMeta.kind }} {{ data.objectMeta.name }} + --now + {{ data.typeMeta.kind }} {{ data.objectMeta.name }} + --cascade={{ options.propagation.toLocaleLowerCase() }}
@@ -60,7 +80,7 @@ mat-button color="primary" id="confirm-delete" - [mat-dialog-close]="isDeleteNowChecked" + [mat-dialog-close]="options" i18n > Delete @@ -68,7 +88,7 @@