Module Markdown Optional Fields

[nalum]

Based on feedback in cue-lang/cue#2783 this PR updates the Markdown document generation to pull the optional fields into the table data. This is done via the cue.Value.Fields() iterator.

[nalum]

@stefanprodan with some feedback from the cue team I've gotten this so it now will print the definition of the field, see the README for the blueprints starter module. I want to refine the module so that name and namespace are not output, but wanted to bring it to your attention.

[nalum]

I'm still not getting what I want from the labels and annotations though :/

[nalum]

I have pulled and rebased the latest main, this behaves in the same way. I think the changes here are worth merging, I'll spend some time digging into cue releases since the initial work on this and see if I can get the result I initially wanted for annotations and labels.

[stefanprodan]

Hey @nalum with this we remove the default column from the readme, would be possible to preserve it or we need to merge type with defaults? If so, I think we need to rename the type column to something else.

[nalum]

I removed it because the type information have use the type and the default in one result, I had not found a way to get both separately at the time, maybe there is a way now, I'll dig into that too. scratch that, it was doing this, I can't recall the reason for making that change now.

Do you want to hold off on merging this for now so?

[nalum]

Ah I think the goal was to show the cue type information as is. For example if we just had the type and default this would not show you the possible values:

| `test: startupAPICheck: service: type:` | `*"ClusterIP" \| "NodePort" \| "LoadBalancer" \| "ExternalName"` |

You would have this instead:

| `test: startupAPICheck: service: type:` | `string` | `ClusterIP` |

[nalum]

I guess this adds a requirement to understand cue syntax 🤔

[nalum]

Revisiting this, brought it up to date.

The following is the generated output for timoni mod show config ./blueprints/starter:

KEY	TYPE	DESCRIPTION
metadata: name:	"module-name"	Name must be unique within a namespace. Is required when creating resources. Name is primarily intended for creation idempotence and configuration definition. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
metadata: namespace:	"default"	Namespace defines the space within which each name must be unique. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
metadata: annotations:	{}	Annotations is an unstructured key value map stored with a resource that may be set to store and retrieve arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations The annotations allows adding metadata.annotations to all resources.
metadata: labels:	{ "app.kubernetes.io/name": "module-name" "app.kubernetes.io/version": "0.0.0-devel" "app.kubernetes.io/managed-by": "timoni"}	Map of string keys and values that can be used to organize and categorize (scope and select) objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels Standard Kubernetes labels: app name, version and managed-by. The labels allows adding metadata.labels to all resources. The app.kubernetes.io/name and app.kubernetes.io/version labels are automatically generated and can't be overwritten.
metadata: finalizers:	[...string]	Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/
selector: labels:	{ "app.kubernetes.io/name": "module-name"}	Map of string keys and values that can be used to organize and categorize (scope and select) objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels Standard Kubernetes label: app name.
image: repository:	*"docker.io/nginx" | string	Repository is the address of a container registry repository. An image repository is made up of slash-separated name components, optionally prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH.
image: tag:	*"1-alpine" | strings.MaxRunes(128)	Tag identifies an image in the repository. A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters.
image: digest:	*"" | string	Digest uniquely and immutably identifies an image in the repository. Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests.
image: pullPolicy:	*"IfNotPresent" | "Always" | "Never"	PullPolicy defines the pull policy for the image. By default, it is set to IfNotPresent.
pod: annotations:	{}
pod: affinity:	*{ nodeAffinity: { requiredDuringSchedulingIgnoredDuringExecution: { nodeSelectorTerms: [{ matchExpressions: [{ key: "kubernetes.io/os" operator: "In" values: ["linux"] }] }] } }} | {}
pod: imagePullSecrets:	[...{ name!: strings.MaxRunes(256)}]
resources: limits:	{}	Limits describes the maximum amount of compute resources allowed.
resources: requests: cpu:	*"10m" | =~"^[1-9]\\d*m$"
resources: requests: memory:	*"32Mi" | =~"^[1-9]\\d*(Mi|Gi)$"
replicas:	*1 | int & >0	The number of pods replicas. By default, the number of replicas is 1.
securityContext: allowPrivilegeEscalation:	*false | true	AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
securityContext: capabilities: add:	*["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string]	Added capabilities
securityContext: capabilities: drop:	*["ALL"] | [string]	Removed capabilities
securityContext: privileged:	*false | true	Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
securityContext: readOnlyRootFilesystem:	null | bool	Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
securityContext: runAsGroup:	null | int64	The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
securityContext: runAsNonRoot:	null | bool	Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
securityContext: runAsUser:	null | int64	The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
securityContext: seLinuxOptions:	null | {}	The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
securityContext: windowsOptions:	null | {}	The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
securityContext: procMount:	null | string	procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
securityContext: seccompProfile:	null | { type: string}	The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
service: annotations:	{}
service: port:	*80 | uint16 & >0

How are we feeling about this?