diff --git a/blueprints/starter/README.md b/blueprints/starter/README.md
index f5564a5c..f6d3a8ab 100644
--- a/blueprints/starter/README.md
+++ b/blueprints/starter/README.md
@@ -41,36 +41,36 @@ timoni -n default delete blueprint
## Configuration
-| KEY | TYPE | DEFAULT | DESCRIPTION |
-|----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `metadata: name:` | `"module-name"` | `"module-name"` | Name must be unique within a namespace. Is required when creating resources. Name is primarily intended for creation idempotence and configuration definition. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names |
-| `metadata: namespace:` | `"default"` | `"default"` | Namespace defines the space within which each name must be unique. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces |
-| `metadata: annotations:` | `{}` | `{}` | Annotations is an unstructured key value map stored with a resource that may be set to store and retrieve arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations The annotations allows adding `metadata.annotations` to all resources. |
-| `metadata: labels:` | `{
"app.kubernetes.io/name": "module-name"
"app.kubernetes.io/version": "0.0.0-devel"
"app.kubernetes.io/managed-by": "timoni"
}` | `{"app.kubernetes.io/name": "module-name","app.kubernetes.io/version": "0.0.0-devel","app.kubernetes.io/managed-by": "timoni"}` | Map of string keys and values that can be used to organize and categorize (scope and select) objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels Standard Kubernetes labels: app name, version and managed-by. The labels allows adding `metadata.labels` to all resources. The `app.kubernetes.io/name` and `app.kubernetes.io/version` labels are automatically generated and can't be overwritten. |
-| `selector: labels:` | `{
"app.kubernetes.io/name": "module-name"
}` | `{"app.kubernetes.io/name": "module-name"}` | Map of string keys and values that can be used to organize and categorize (scope and select) objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels Standard Kubernetes label: app name. |
-| `image: repository:` | `*"docker.io/nginx" | string` | `"docker.io/nginx"` | Repository is the address of a container registry repository. An image repository is made up of slash-separated name components, optionally prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. |
-| `image: tag:` | `*"1-alpine" | strings.MaxRunes(128)` | `"1-alpine"` | Tag identifies an image in the repository. A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. |
-| `image: digest:` | `*"" | string` | `""` | Digest uniquely and immutably identifies an image in the repository. Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. |
-| `image: pullPolicy:` | `*"IfNotPresent" | "Always" | "Never"` | `"IfNotPresent"` | PullPolicy defines the pull policy for the image. By default, it is set to IfNotPresent. |
-| `pod: annotations:` | `{}` | `{}` | |
-| `pod: affinity:` | `*{
nodeAffinity: {
requiredDuringSchedulingIgnoredDuringExecution: {
nodeSelectorTerms: [{
matchExpressions: [{
key: "kubernetes.io/os"
operator: "In"
values: ["linux"]
}]
}]
}
}
} | {
nodeAffinity: {
requiredDuringSchedulingIgnoredDuringExecution: {
nodeSelectorTerms: [{
matchExpressions: [{
key: "kubernetes.io/os"
operator: "In"
values: ["linux"]
}]
}]
}
}
} | {}` | `{"nodeAffinity": {"requiredDuringSchedulingIgnoredDuringExecution": {"nodeSelectorTerms": [{"matchExpressions": [{"key": "kubernetes.io/os","operator": "In","values": ["linux"]}]}]}}}` | |
-| `pod: imagePullSecrets:` | `[...{
name!: strings.MaxRunes(256)
}]` | `[]` | |
-| `resources: limits:` | `{}` | `{}` | Limits describes the maximum amount of compute resources allowed. |
-| `resources: requests: cpu:` | `*"10m" | =~"^[1-9]\\d*m$"` | `"10m"` | |
-| `resources: requests: memory:` | `*"32Mi" | =~"^[1-9]\\d*(Mi|Gi)$"` | `"32Mi"` | |
-| `replicas:` | `*1 | >0 & int` | `1` | The number of pods replicas. By default, the number of replicas is 1. |
-| `securityContext: capabilities: drop:` | `*["ALL"] | [string]` | `["ALL"]` | Removed capabilities |
-| `securityContext: capabilities: add:` | `*["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string]` | `["CHOWN","NET_BIND_SERVICE","SETGID","SETUID"]` | Added capabilities |
-| `securityContext: privileged:` | `*false | true` | `false` | Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. |
-| `securityContext: seLinuxOptions:` | `null | {}` | ` ` | The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
-| `securityContext: windowsOptions:` | `null | {}` | ` ` | The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. |
-| `securityContext: runAsUser:` | `null | int64` | ` ` | The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
-| `securityContext: runAsGroup:` | `null | int64` | ` ` | The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
-| `securityContext: runAsNonRoot:` | `null | bool` | ` ` | Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
-| `securityContext: readOnlyRootFilesystem:` | `null | bool` | ` ` | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. |
-| `securityContext: allowPrivilegeEscalation:` | `*false | true` | `false` | AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. |
-| `securityContext: procMount:` | `null | string` | ` ` | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. |
-| `securityContext: seccompProfile:` | `null | {
type: string
}` | ` ` | The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. |
-| `service: annotations:` | `{}` | `{}` | |
-| `service: port:` | `*80 | uint16 & >0` | `80` | |
+| KEY | TYPE | DESCRIPTION |
+|----------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `metadata: name:` | `"module-name"` | Name must be unique within a namespace. Is required when creating resources. Name is primarily intended for creation idempotence and configuration definition. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names |
+| `metadata: namespace:` | `"default"` | Namespace defines the space within which each name must be unique. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces |
+| `metadata: annotations:` | `{}` | Annotations is an unstructured key value map stored with a resource that may be set to store and retrieve arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations The annotations allows adding `metadata.annotations` to all resources. |
+| `metadata: labels:` | `{ "app.kubernetes.io/name": "module-name" "app.kubernetes.io/version": "0.0.0-devel" "app.kubernetes.io/managed-by": "timoni"}` | Map of string keys and values that can be used to organize and categorize (scope and select) objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels Standard Kubernetes labels: app name, version and managed-by. The labels allows adding `metadata.labels` to all resources. The `app.kubernetes.io/name` and `app.kubernetes.io/version` labels are automatically generated and can't be overwritten. |
+| `selector: labels:` | `{ "app.kubernetes.io/name": "module-name"}` | Map of string keys and values that can be used to organize and categorize (scope and select) objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels Standard Kubernetes label: app name. |
+| `image: repository:` | `*"docker.io/nginx" \| string` | Repository is the address of a container registry repository. An image repository is made up of slash-separated name components, optionally prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. |
+| `image: tag:` | `*"1-alpine" \| strings.MaxRunes(128)` | Tag identifies an image in the repository. A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. |
+| `image: digest:` | `*"" \| string` | Digest uniquely and immutably identifies an image in the repository. Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. |
+| `image: pullPolicy:` | `*"IfNotPresent" \| "Always" \| "Never"` | PullPolicy defines the pull policy for the image. By default, it is set to IfNotPresent. |
+| `pod: annotations:` | `{}` | |
+| `pod: affinity:` | `*{ nodeAffinity: { requiredDuringSchedulingIgnoredDuringExecution: { nodeSelectorTerms: [{ matchExpressions: [{ key: "kubernetes.io/os" operator: "In" values: ["linux"] }] }] } }} \| { nodeAffinity: { requiredDuringSchedulingIgnoredDuringExecution: { nodeSelectorTerms: [{ matchExpressions: [{ key: "kubernetes.io/os" operator: "In" values: ["linux"] }] }] } }} \| {}` | |
+| `pod: imagePullSecrets:` | `[...{ name!: strings.MaxRunes(256)}]` | |
+| `resources: limits:` | `{}` | Limits describes the maximum amount of compute resources allowed. |
+| `resources: requests: cpu:` | `*"10m" \| =~"^[1-9]\\d*m$"` | |
+| `resources: requests: memory:` | `*"32Mi" \| =~"^[1-9]\\d*(Mi\|Gi)$"` | |
+| `replicas:` | `*1 \| >0 & int` | The number of pods replicas. By default, the number of replicas is 1. |
+| `securityContext: capabilities: drop:` | `*["ALL"] \| [string]` | Removed capabilities |
+| `securityContext: capabilities: add:` | `*["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] \| [string]` | Added capabilities |
+| `securityContext: privileged:` | `*false \| true` | Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. |
+| `securityContext: seLinuxOptions:` | `null \| {}` | The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
+| `securityContext: windowsOptions:` | `null \| {}` | The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. |
+| `securityContext: runAsUser:` | `null \| int64` | The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
+| `securityContext: runAsGroup:` | `null \| int64` | The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. |
+| `securityContext: runAsNonRoot:` | `null \| bool` | Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
+| `securityContext: readOnlyRootFilesystem:` | `null \| bool` | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. |
+| `securityContext: allowPrivilegeEscalation:` | `*false \| true` | AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. |
+| `securityContext: procMount:` | `null \| string` | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. |
+| `securityContext: seccompProfile:` | `null \| { type: string}` | The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. |
+| `service: annotations:` | `{}` | |
+| `service: port:` | `*80 \| uint16 & >0` | |
diff --git a/cmd/timoni/mod_show_config.go b/cmd/timoni/mod_show_config.go
index 32b06f0e..e58e1459 100644
--- a/cmd/timoni/mod_show_config.go
+++ b/cmd/timoni/mod_show_config.go
@@ -130,7 +130,7 @@ func runConfigShowModCmd(cmd *cobra.Command, args []string) error {
return describeErr(f.GetModuleRoot(), "failed to get config structure", err)
}
- header := []string{"Key", "Type", "Default", "Description"}
+ header := []string{"Key", "Type", "Description"}
if configShowModArgs.output == "" {
printMarkDownTable(rootCmd.OutOrStdout(), header, rows)
diff --git a/internal/engine/get_config.go b/internal/engine/get_config.go
index 118e17e4..614437d3 100644
--- a/internal/engine/get_config.go
+++ b/internal/engine/get_config.go
@@ -156,24 +156,21 @@ func getField(v cue.Value) []string {
}
if !noDoc {
- defaultVal, _ := v.Default()
- valueBytes, _ := defaultVal.MarshalJSON()
-
- value := strings.ReplaceAll(string(valueBytes), "\":", "\": ")
- value = strings.ReplaceAll(value, "\":[", "\": [")
- value = strings.ReplaceAll(value, "},", "}, ")
- value = strings.ReplaceAll(value, "|", "\\|")
-
- if len(value) == 0 {
- value = " "
+ fieldType := strings.ReplaceAll(fmt.Sprintf("%v", v), "\n", "")
+ fieldType = strings.ReplaceAll(fieldType, "|", "\\|")
+ fieldType = strings.ReplaceAll(fieldType, "\":", "\": ")
+ fieldType = strings.ReplaceAll(fieldType, "\":[", "\": [")
+ fieldType = strings.ReplaceAll(fieldType, "},", "}, ")
+
+ if len(fieldType) == 0 {
+ fieldType = " "
}
field := strings.Replace(v.Path().String(), "timoni.instance.config.", "", 1)
match := labelDomain.FindStringSubmatch(field)
row = append(row, fmt.Sprintf("`%s:`", strings.ReplaceAll(match[1], ".", ": ")+match[2]))
- row = append(row, fmt.Sprintf("`%s`", strings.ReplaceAll(fmt.Sprintf("%v", v), "\n", "
")))
- row = append(row, fmt.Sprintf("`%s`", value))
+ row = append(row, fmt.Sprintf("`%s`", fieldType))
row = append(row, fmt.Sprintf("%s", doc))
}