# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# 	http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
---
- name: orchestrator
  title: Orchestrator
  group: 2
  short: Fields relevant to container orchestrators.
  description: >
    Fields that describe the resources which container orchestrators manage or
    act upon.
  type: group
  fields:
    - name: cluster.name
      level: extended
      type: keyword
      description: >
        Name of the cluster.

    - name: cluster.id
      level: extended
      type: keyword
      description: >
        Unique ID of the cluster.        

    - name: cluster.url
      level: extended
      type: keyword
      description: >
        URL of the API used to manage the cluster.

    - name: cluster.version
      level: extended
      type: keyword
      description: >
        The version of the cluster.

    - name: type
      level: extended
      type: keyword
      example: kubernetes
      description: >
        Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry).

    - name: organization
      level: extended
      type: keyword
      example: elastic
      description: >
        Organization affected by the event (for multi-tenant orchestrator setups).

    - name: namespace
      level: extended
      type: keyword
      example: kube-system
      description: >
        Namespace in which the action is taking place.

    - name: resource.name
      level: extended
      type: keyword
      example: test-pod-cdcws
      description: >
        Name of the resource being acted upon.

    - name: resource.type
      level: extended
      type: keyword
      example: service
      description: >
        Type of resource being acted upon.

    - name: resource.parent.type
      level: extended
      type: keyword
      example: DaemonSet
      short: Type or kind of the parent resource associated with the event being observed.
      description: >
        Type or kind of the parent resource associated with the event being observed.
        In Kubernetes, this will be the name of a built-in workload resource (e.g., Deployment, StatefulSet, DaemonSet).

    - name: resource.ip
      level: extended
      type: ip
      short: IP address assigned to the resource associated with the event being observed.
      description: >
        IP address assigned to the resource associated with the event being observed.
        In the case of a Kubernetes Pod, this array would contain only one element: the IP of the Pod (as opposed to the Node on which the Pod is running).
      normalize:
        - array

    - name: resource.id
      level: extended
      type: keyword
      description: >
        Unique ID of the resource being acted upon.            

    - name: api_version
      level: extended
      example: v1beta1
      type: keyword
      description: >
        API version being used to carry out the action