k8s_openapi/v1_35/api/core/v1/
volume_projection.rs

1// Generated from definition io.k8s.api.core.v1.VolumeProjection
2
3/// Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.
4#[derive(Clone, Debug, Default, PartialEq)]
5pub struct VolumeProjection {
6    /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.
7    ///
8    /// Alpha, gated by the ClusterTrustBundleProjection feature gate.
9    ///
10    /// ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.
11    ///
12    /// Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem.  Esoteric PEM features such as inter-block comments and block headers are stripped.  Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.
13    pub cluster_trust_bundle: Option<crate::api::core::v1::ClusterTrustBundleProjection>,
14
15    /// configMap information about the configMap data to project
16    pub config_map: Option<crate::api::core::v1::ConfigMapProjection>,
17
18    /// downwardAPI information about the downwardAPI data to project
19    pub downward_api: Option<crate::api::core::v1::DownwardAPIProjection>,
20
21    /// Projects an auto-rotating credential bundle (private key and certificate chain) that the pod can use either as a TLS client or server.
22    ///
23    /// Kubelet generates a private key and uses it to send a PodCertificateRequest to the named signer.  Once the signer approves the request and issues a certificate chain, Kubelet writes the key and certificate chain to the pod filesystem.  The pod does not start until certificates have been issued for each podCertificate projected volume source in its spec.
24    ///
25    /// Kubelet will begin trying to rotate the certificate at the time indicated by the signer using the PodCertificateRequest.Status.BeginRefreshAt timestamp.
26    ///
27    /// Kubelet can write a single file, indicated by the credentialBundlePath field, or separate files, indicated by the keyPath and certificateChainPath fields.
28    ///
29    /// The credential bundle is a single file in PEM format.  The first PEM entry is the private key (in PKCS#8 format), and the remaining PEM entries are the certificate chain issued by the signer (typically, signers will return their certificate chain in leaf-to-root order).
30    ///
31    /// Prefer using the credential bundle format, since your application code can read it atomically.  If you use keyPath and certificateChainPath, your application must make two separate file reads. If these coincide with a certificate rotation, it is possible that the private key and leaf certificate you read may not correspond to each other.  Your application will need to check for this condition, and re-read until they are consistent.
32    ///
33    /// The named signer controls chooses the format of the certificate it issues; consult the signer implementation's documentation to learn how to use the certificates it issues.
34    pub pod_certificate: Option<crate::api::core::v1::PodCertificateProjection>,
35
36    /// secret information about the secret data to project
37    pub secret: Option<crate::api::core::v1::SecretProjection>,
38
39    /// serviceAccountToken is information about the serviceAccountToken data to project
40    pub service_account_token: Option<crate::api::core::v1::ServiceAccountTokenProjection>,
41}
42
43impl crate::DeepMerge for VolumeProjection {
44    fn merge_from(&mut self, other: Self) {
45        crate::DeepMerge::merge_from(&mut self.cluster_trust_bundle, other.cluster_trust_bundle);
46        crate::DeepMerge::merge_from(&mut self.config_map, other.config_map);
47        crate::DeepMerge::merge_from(&mut self.downward_api, other.downward_api);
48        crate::DeepMerge::merge_from(&mut self.pod_certificate, other.pod_certificate);
49        crate::DeepMerge::merge_from(&mut self.secret, other.secret);
50        crate::DeepMerge::merge_from(&mut self.service_account_token, other.service_account_token);
51    }
52}
53
54impl<'de> crate::serde::Deserialize<'de> for VolumeProjection {
55    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
56        #[allow(non_camel_case_types)]
57        enum Field {
58            Key_cluster_trust_bundle,
59            Key_config_map,
60            Key_downward_api,
61            Key_pod_certificate,
62            Key_secret,
63            Key_service_account_token,
64            Other,
65        }
66
67        impl<'de> crate::serde::Deserialize<'de> for Field {
68            fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
69                struct Visitor;
70
71                impl crate::serde::de::Visitor<'_> for Visitor {
72                    type Value = Field;
73
74                    fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
75                        f.write_str("field identifier")
76                    }
77
78                    fn visit_str<E>(self, v: &str) -> Result<Self::Value, E> where E: crate::serde::de::Error {
79                        Ok(match v {
80                            "clusterTrustBundle" => Field::Key_cluster_trust_bundle,
81                            "configMap" => Field::Key_config_map,
82                            "downwardAPI" => Field::Key_downward_api,
83                            "podCertificate" => Field::Key_pod_certificate,
84                            "secret" => Field::Key_secret,
85                            "serviceAccountToken" => Field::Key_service_account_token,
86                            _ => Field::Other,
87                        })
88                    }
89                }
90
91                deserializer.deserialize_identifier(Visitor)
92            }
93        }
94
95        struct Visitor;
96
97        impl<'de> crate::serde::de::Visitor<'de> for Visitor {
98            type Value = VolumeProjection;
99
100            fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
101                f.write_str("VolumeProjection")
102            }
103
104            fn visit_map<A>(self, mut map: A) -> Result<Self::Value, A::Error> where A: crate::serde::de::MapAccess<'de> {
105                let mut value_cluster_trust_bundle: Option<crate::api::core::v1::ClusterTrustBundleProjection> = None;
106                let mut value_config_map: Option<crate::api::core::v1::ConfigMapProjection> = None;
107                let mut value_downward_api: Option<crate::api::core::v1::DownwardAPIProjection> = None;
108                let mut value_pod_certificate: Option<crate::api::core::v1::PodCertificateProjection> = None;
109                let mut value_secret: Option<crate::api::core::v1::SecretProjection> = None;
110                let mut value_service_account_token: Option<crate::api::core::v1::ServiceAccountTokenProjection> = None;
111
112                while let Some(key) = crate::serde::de::MapAccess::next_key::<Field>(&mut map)? {
113                    match key {
114                        Field::Key_cluster_trust_bundle => value_cluster_trust_bundle = crate::serde::de::MapAccess::next_value(&mut map)?,
115                        Field::Key_config_map => value_config_map = crate::serde::de::MapAccess::next_value(&mut map)?,
116                        Field::Key_downward_api => value_downward_api = crate::serde::de::MapAccess::next_value(&mut map)?,
117                        Field::Key_pod_certificate => value_pod_certificate = crate::serde::de::MapAccess::next_value(&mut map)?,
118                        Field::Key_secret => value_secret = crate::serde::de::MapAccess::next_value(&mut map)?,
119                        Field::Key_service_account_token => value_service_account_token = crate::serde::de::MapAccess::next_value(&mut map)?,
120                        Field::Other => { let _: crate::serde::de::IgnoredAny = crate::serde::de::MapAccess::next_value(&mut map)?; },
121                    }
122                }
123
124                Ok(VolumeProjection {
125                    cluster_trust_bundle: value_cluster_trust_bundle,
126                    config_map: value_config_map,
127                    downward_api: value_downward_api,
128                    pod_certificate: value_pod_certificate,
129                    secret: value_secret,
130                    service_account_token: value_service_account_token,
131                })
132            }
133        }
134
135        deserializer.deserialize_struct(
136            "VolumeProjection",
137            &[
138                "clusterTrustBundle",
139                "configMap",
140                "downwardAPI",
141                "podCertificate",
142                "secret",
143                "serviceAccountToken",
144            ],
145            Visitor,
146        )
147    }
148}
149
150impl crate::serde::Serialize for VolumeProjection {
151    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: crate::serde::Serializer {
152        let mut state = serializer.serialize_struct(
153            "VolumeProjection",
154            self.cluster_trust_bundle.as_ref().map_or(0, |_| 1) +
155            self.config_map.as_ref().map_or(0, |_| 1) +
156            self.downward_api.as_ref().map_or(0, |_| 1) +
157            self.pod_certificate.as_ref().map_or(0, |_| 1) +
158            self.secret.as_ref().map_or(0, |_| 1) +
159            self.service_account_token.as_ref().map_or(0, |_| 1),
160        )?;
161        if let Some(value) = &self.cluster_trust_bundle {
162            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "clusterTrustBundle", value)?;
163        }
164        if let Some(value) = &self.config_map {
165            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "configMap", value)?;
166        }
167        if let Some(value) = &self.downward_api {
168            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "downwardAPI", value)?;
169        }
170        if let Some(value) = &self.pod_certificate {
171            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "podCertificate", value)?;
172        }
173        if let Some(value) = &self.secret {
174            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "secret", value)?;
175        }
176        if let Some(value) = &self.service_account_token {
177            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "serviceAccountToken", value)?;
178        }
179        crate::serde::ser::SerializeStruct::end(state)
180    }
181}
182
183#[cfg(feature = "schemars")]
184impl crate::schemars::JsonSchema for VolumeProjection {
185    fn schema_name() -> std::borrow::Cow<'static, str> {
186        "io.k8s.api.core.v1.VolumeProjection".into()
187    }
188
189    fn json_schema(__gen: &mut crate::schemars::SchemaGenerator) -> crate::schemars::Schema {
190        crate::schemars::json_schema!({
191            "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.",
192            "type": "object",
193            "properties": {
194                "clusterTrustBundle": ({
195                    let mut schema_obj = __gen.subschema_for::<crate::api::core::v1::ClusterTrustBundleProjection>();
196                    schema_obj.ensure_object().insert("description".into(), "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written into the pod filesystem.  Esoteric PEM features such as inter-block comments and block headers are stripped.  Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.".into());
197                    schema_obj
198                }),
199                "configMap": ({
200                    let mut schema_obj = __gen.subschema_for::<crate::api::core::v1::ConfigMapProjection>();
201                    schema_obj.ensure_object().insert("description".into(), "configMap information about the configMap data to project".into());
202                    schema_obj
203                }),
204                "downwardAPI": ({
205                    let mut schema_obj = __gen.subschema_for::<crate::api::core::v1::DownwardAPIProjection>();
206                    schema_obj.ensure_object().insert("description".into(), "downwardAPI information about the downwardAPI data to project".into());
207                    schema_obj
208                }),
209                "podCertificate": ({
210                    let mut schema_obj = __gen.subschema_for::<crate::api::core::v1::PodCertificateProjection>();
211                    schema_obj.ensure_object().insert("description".into(), "Projects an auto-rotating credential bundle (private key and certificate chain) that the pod can use either as a TLS client or server.\n\nKubelet generates a private key and uses it to send a PodCertificateRequest to the named signer.  Once the signer approves the request and issues a certificate chain, Kubelet writes the key and certificate chain to the pod filesystem.  The pod does not start until certificates have been issued for each podCertificate projected volume source in its spec.\n\nKubelet will begin trying to rotate the certificate at the time indicated by the signer using the PodCertificateRequest.Status.BeginRefreshAt timestamp.\n\nKubelet can write a single file, indicated by the credentialBundlePath field, or separate files, indicated by the keyPath and certificateChainPath fields.\n\nThe credential bundle is a single file in PEM format.  The first PEM entry is the private key (in PKCS#8 format), and the remaining PEM entries are the certificate chain issued by the signer (typically, signers will return their certificate chain in leaf-to-root order).\n\nPrefer using the credential bundle format, since your application code can read it atomically.  If you use keyPath and certificateChainPath, your application must make two separate file reads. If these coincide with a certificate rotation, it is possible that the private key and leaf certificate you read may not correspond to each other.  Your application will need to check for this condition, and re-read until they are consistent.\n\nThe named signer controls chooses the format of the certificate it issues; consult the signer implementation's documentation to learn how to use the certificates it issues.".into());
212                    schema_obj
213                }),
214                "secret": ({
215                    let mut schema_obj = __gen.subschema_for::<crate::api::core::v1::SecretProjection>();
216                    schema_obj.ensure_object().insert("description".into(), "secret information about the secret data to project".into());
217                    schema_obj
218                }),
219                "serviceAccountToken": ({
220                    let mut schema_obj = __gen.subschema_for::<crate::api::core::v1::ServiceAccountTokenProjection>();
221                    schema_obj.ensure_object().insert("description".into(), "serviceAccountToken is information about the serviceAccountToken data to project".into());
222                    schema_obj
223                }),
224            },
225        })
226    }
227}