From 78146370004aced2d803620bd2f079339f6064f6 Mon Sep 17 00:00:00 2001 From: David Eads Date: Fri, 22 Mar 2024 14:56:31 -0400 Subject: [PATCH 1/4] add perma-disabled featuregates to markdown --- tools/codegen/cmd/featureset-markdown.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/codegen/cmd/featureset-markdown.go b/tools/codegen/cmd/featureset-markdown.go index f9d1ba2b126..6a143e96ef9 100644 --- a/tools/codegen/cmd/featureset-markdown.go +++ b/tools/codegen/cmd/featureset-markdown.go @@ -157,6 +157,9 @@ func getOrderedFeatureGates(info map[string]map[string]*featureGateInfo) []strin for _, featureGate := range byFeature.enabled.List() { counts[featureGate] = counts[featureGate] + 1 } + for _, featureGate := range byFeature.disabled.List() { + counts[featureGate] = counts[featureGate] + 0 + } } } From c43b32d222b86d993c30399143b531630251c141 Mon Sep 17 00:00:00 2001 From: David Eads Date: Fri, 22 Mar 2024 14:56:48 -0400 Subject: [PATCH 2/4] add DevPreviewNoUpgrade featureset --- config/v1/feature_gates.go | 116 ++--- config/v1/types_feature.go | 10 +- ...r_01_networks-DevPreviewNoUpgrade.crd.yaml | 433 ++++++++++++++++++ ...reGate-Hypershift-DevPreviewNoUpgrade.yaml | 196 ++++++++ ...ate-SelfManagedHA-DevPreviewNoUpgrade.yaml | 196 ++++++++ ...reGate-SingleNode-DevPreviewNoUpgrade.yaml | 190 ++++++++ 6 files changed, 1079 insertions(+), 62 deletions(-) create mode 100644 payload-manifests/crds/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml create mode 100644 payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml create mode 100644 payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml create mode 100644 payload-manifests/featuregates/featureGate-SingleNode-DevPreviewNoUpgrade.yaml diff --git a/config/v1/feature_gates.go b/config/v1/feature_gates.go index 2786c2b30df..ed8ba77b591 100644 --- a/config/v1/feature_gates.go +++ b/config/v1/feature_gates.go @@ -175,126 +175,126 @@ var ( reportProblemsToJiraComponent("apiserver-auth"). contactPerson("stlaz"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateServiceAccountTokenNodeBinding = newFeatureGate("ServiceAccountTokenNodeBinding"). reportProblemsToJiraComponent("apiserver-auth"). contactPerson("stlaz"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateServiceAccountTokenPodNodeInfo = newFeatureGate("ServiceAccountTokenPodNodeInfo"). reportProblemsToJiraComponent("apiserver-auth"). contactPerson("stlaz"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateValidatingAdmissionPolicy = newFeatureGate("ValidatingAdmissionPolicy"). reportProblemsToJiraComponent("kube-apiserver"). contactPerson("benluddy"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateGatewayAPI = newFeatureGate("GatewayAPI"). reportProblemsToJiraComponent("Routing"). contactPerson("miciah"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission"). reportProblemsToJiraComponent("auth"). contactPerson("stlaz"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateExternalCloudProvider = newFeatureGate("ExternalCloudProvider"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateExternalCloudProviderAzure = newFeatureGate("ExternalCloudProviderAzure"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateExternalCloudProviderGCP = newFeatureGate("ExternalCloudProviderGCP"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateExternalCloudProviderExternal = newFeatureGate("ExternalCloudProviderExternal"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("elmiko"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateCSIDriverSharedResource = newFeatureGate("CSIDriverSharedResource"). reportProblemsToJiraComponent("builds"). contactPerson("adkaplan"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateBuildCSIVolumes = newFeatureGate("BuildCSIVolumes"). reportProblemsToJiraComponent("builds"). contactPerson("adkaplan"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateNodeSwap = newFeatureGate("NodeSwap"). reportProblemsToJiraComponent("node"). contactPerson("ehashman"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateMachineAPIProviderOpenStack = newFeatureGate("MachineAPIProviderOpenStack"). reportProblemsToJiraComponent("openstack"). contactPerson("egarcia"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateInsightsConfigAPI = newFeatureGate("InsightsConfigAPI"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateDynamicResourceAllocation = newFeatureGate("DynamicResourceAllocation"). reportProblemsToJiraComponent("scheduling"). contactPerson("jchaloup"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateAzureWorkloadIdentity = newFeatureGate("AzureWorkloadIdentity"). reportProblemsToJiraComponent("cloud-credential-operator"). contactPerson("abutcher"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateMaxUnavailableStatefulSet = newFeatureGate("MaxUnavailableStatefulSet"). reportProblemsToJiraComponent("apps"). contactPerson("atiratree"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateEventedPLEG = newFeatureGate("EventedPLEG"). @@ -307,84 +307,84 @@ var ( reportProblemsToJiraComponent("Routing"). contactPerson("miciah"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateSigstoreImageVerification = newFeatureGate("SigstoreImageVerification"). reportProblemsToJiraComponent("node"). contactPerson("sgrunert"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateGCPLabelsTags = newFeatureGate("GCPLabelsTags"). reportProblemsToJiraComponent("Installer"). contactPerson("bhb"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateAlibabaPlatform = newFeatureGate("AlibabaPlatform"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateCloudDualStackNodeIPs = newFeatureGate("CloudDualStackNodeIPs"). reportProblemsToJiraComponent("machine-config-operator/platform-baremetal"). contactPerson("mkowalsk"). productScope(kubernetes). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateVSphereStaticIPs = newFeatureGate("VSphereStaticIPs"). reportProblemsToJiraComponent("splat"). contactPerson("rvanderp3"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateRouteExternalCertificate = newFeatureGate("RouteExternalCertificate"). reportProblemsToJiraComponent("router"). contactPerson("thejasn"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateAdminNetworkPolicy = newFeatureGate("AdminNetworkPolicy"). reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("tssurya"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateNetworkLiveMigration = newFeatureGate("NetworkLiveMigration"). reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("pliu"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateNetworkDiagnosticsConfig = newFeatureGate("NetworkDiagnosticsConfig"). reportProblemsToJiraComponent("Networking/cluster-network-operator"). contactPerson("kyrtapz"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateHardwareSpeed = newFeatureGate("HardwareSpeed"). reportProblemsToJiraComponent("etcd"). contactPerson("hasbro17"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateAutomatedEtcdBackup = newFeatureGate("AutomatedEtcdBackup"). reportProblemsToJiraComponent("etcd"). contactPerson("hasbro17"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateMachineAPIOperatorDisableMachineHealthCheckController = newFeatureGate("MachineAPIOperatorDisableMachineHealthCheckController"). @@ -397,21 +397,21 @@ var ( reportProblemsToJiraComponent("dns"). contactPerson("miciah"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateVSphereControlPlaneMachineset = newFeatureGate("VSphereControlPlaneMachineSet"). reportProblemsToJiraComponent("splat"). contactPerson("rvanderp3"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateMachineConfigNodes = newFeatureGate("MachineConfigNodes"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("cdoern"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateClusterAPIInstall = newFeatureGate("ClusterAPIInstall"). @@ -424,98 +424,98 @@ var ( reportProblemsToJiraComponent("Monitoring"). contactPerson("slashpai"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateInstallAlternateInfrastructureAWS = newFeatureGate("InstallAlternateInfrastructureAWS"). reportProblemsToJiraComponent("Installer"). contactPerson("padillon"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateGCPClusterHostedDNS = newFeatureGate("GCPClusterHostedDNS"). reportProblemsToJiraComponent("Installer"). contactPerson("barbacbd"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateMixedCPUsAllocation = newFeatureGate("MixedCPUsAllocation"). reportProblemsToJiraComponent("NodeTuningOperator"). contactPerson("titzhak"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateManagedBootImages = newFeatureGate("ManagedBootImages"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("djoshy"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateDisableKubeletCloudCredentialProviders = newFeatureGate("DisableKubeletCloudCredentialProviders"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(kubernetes). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateOnClusterBuild = newFeatureGate("OnClusterBuild"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("dkhater"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateSignatureStores = newFeatureGate("SignatureStores"). reportProblemsToJiraComponent("Cluster Version Operator"). contactPerson("lmohanty"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateKMSv1 = newFeatureGate("KMSv1"). reportProblemsToJiraComponent("kube-apiserver"). contactPerson("dgrisonnet"). productScope(kubernetes). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGatePinnedImages = newFeatureGate("PinnedImages"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("jhernand"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus"). reportProblemsToJiraComponent("Cluster Version Operator"). contactPerson("pmuller"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateTranslateStreamCloseWebsocketRequests = newFeatureGate("TranslateStreamCloseWebsocketRequests"). reportProblemsToJiraComponent("kube-apiserver"). contactPerson("akashem"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateVolumeGroupSnapshot = newFeatureGate("VolumeGroupSnapshot"). reportProblemsToJiraComponent("Storage / Kubernetes External Components"). contactPerson("fbertina"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateExternalOIDC = newFeatureGate("ExternalOIDC"). reportProblemsToJiraComponent("authentication"). contactPerson("stlaz"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). enableForClusterProfile(Hypershift, Default, TechPreviewNoUpgrade). mustRegister() @@ -523,76 +523,76 @@ var ( reportProblemsToJiraComponent("cluster-config"). contactPerson("deads"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGatePlatformOperators = newFeatureGate("PlatformOperators"). reportProblemsToJiraComponent("olm"). contactPerson("joe"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateNewOLM = newFeatureGate("NewOLM"). reportProblemsToJiraComponent("olm"). contactPerson("joe"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateExternalRouteCertificate = newFeatureGate("ExternalRouteCertificate"). reportProblemsToJiraComponent("network-edge"). contactPerson("miciah"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateBareMetalLoadBalancer = newFeatureGate("BareMetalLoadBalancer"). reportProblemsToJiraComponent("metal"). contactPerson("EmilienM"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(Default, DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateInsightsConfig = newFeatureGate("InsightsConfig"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateImagePolicy = newFeatureGate("ImagePolicy"). reportProblemsToJiraComponent("node"). contactPerson("rphillips"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateNodeDisruptionPolicy = newFeatureGate("NodeDisruptionPolicy"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("jerzhang"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateMetricsCollectionProfiles = newFeatureGate("MetricsCollectionProfiles"). reportProblemsToJiraComponent("Monitoring"). contactPerson("rexagod"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() FeatureGateVSphereDriverConfiguration = newFeatureGate("VSphereDriverConfiguration"). reportProblemsToJiraComponent("Storage / Kubernetes External Components"). contactPerson("rbednar"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(DevPreviewNoUpgrade, TechPreviewNoUpgrade). mustRegister() ) diff --git a/config/v1/types_feature.go b/config/v1/types_feature.go index 2efe16f4e62..ef2c0cc141c 100644 --- a/config/v1/types_feature.go +++ b/config/v1/types_feature.go @@ -43,16 +43,17 @@ var ( // this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES. TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade" + // DevPreviewNoUpgrade turns on dev preview features that are not part of the normal supported platform. Turning + // this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES. + DevPreviewNoUpgrade FeatureSet = "DevPreviewNoUpgrade" + // CustomNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. // Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations // your cluster may fail in an unrecoverable way. CustomNoUpgrade FeatureSet = "CustomNoUpgrade" - // TopologyManager enables ToplogyManager support. Upgrades are enabled with this feature. - LatencySensitive FeatureSet = "LatencySensitive" - // AllFixedFeatureSets are the featuresets that have known featuregates. Custom doesn't for instance. LatencySensitive is dead - AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade} + AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade} ) type FeatureGateSpec struct { @@ -67,6 +68,7 @@ type FeatureGateSelection struct { // +optional // +kubebuilder:validation:XValidation:rule="oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true",message="CustomNoUpgrade may not be changed" // +kubebuilder:validation:XValidation:rule="oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true",message="TechPreviewNoUpgrade may not be changed" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'DevPreviewNoUpgrade' ? self == 'DevPreviewNoUpgrade' : true",message="DevPreviewNoUpgrade may not be changed" FeatureSet FeatureSet `json:"featureSet,omitempty"` // customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. diff --git a/payload-manifests/crds/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..3acf1990560 --- /dev/null +++ b/payload-manifests/crds/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,433 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: networks.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Network holds cluster-wide information about Network. The canonical + name is `cluster`. It is used to configure the desired network configuration, + such as: IP address pools for services/pod IPs, network plugin, etc. Please + view network.spec for an explanation on what applies when configuring this + resource. \n Compatibility level 1: Stable within a major release for a + minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration. As a general + rule, this SHOULD NOT be read directly. Instead, you should consume + the NetworkStatus, as it indicates the currently deployed configuration. + Currently, most spec fields are immutable after installation. Please + view the individual ones for further details on each. + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. This field is immutable + after installation. + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses + from which pod IPs are allocated. + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each + node. If this field is not used by the plugin, it can be left + unset. + format: int32 + minimum: 0 + type: integer + type: object + type: array + externalIP: + description: externalIP defines configuration for controllers that + affect Service.ExternalIP. If nil, then ExternalIP is not allowed + to be set. + properties: + autoAssignCIDRs: + description: autoAssignCIDRs is a list of CIDRs from which to + automatically assign Service.ExternalIP. These are assigned + when the service is of type LoadBalancer. In general, this is + only useful for bare-metal clusters. In Openshift 3.x, this + was misleadingly called "IngressIPs". Automatically assigned + External IPs are not affected by any ExternalIPPolicy rules. + Currently, only one entry may be provided. + items: + type: string + type: array + policy: + description: policy is a set of restrictions applied to the ExternalIP + field. If nil or empty, then ExternalIP is not allowed to be + set. + properties: + allowedCIDRs: + description: allowedCIDRs is the list of allowed CIDRs. + items: + type: string + type: array + rejectedCIDRs: + description: rejectedCIDRs is the list of disallowed CIDRs. + These take precedence over allowedCIDRs. + items: + type: string + type: array + type: object + type: object + networkDiagnostics: + description: "networkDiagnostics defines network diagnostics configuration. + \n Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. + If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics + flag in network.operator.openshift.io is set to true, the network + diagnostics feature will be disabled." + properties: + mode: + description: "mode controls the network diagnostics mode \n When + omitted, this means the user has no opinion and the platform + is left to choose reasonable defaults. These defaults are subject + to change over time. The current default is All." + enum: + - "" + - All + - Disabled + type: string + sourcePlacement: + description: "sourcePlacement controls the scheduling of network + diagnostics source deployment \n See NetworkDiagnosticsSourcePlacement + for more details about default values." + properties: + nodeSelector: + additionalProperties: + type: string + description: "nodeSelector is the node selector applied to + network diagnostics components \n When omitted, this means + the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change + over time. The current default is `kubernetes.io/os: linux`." + type: object + tolerations: + description: "tolerations is a list of tolerations applied + to network diagnostics components \n When omitted, this + means the user has no opinion and the platform is left to + choose reasonable defaults. These defaults are subject to + change over time. The current default is an empty list." + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + targetPlacement: + description: "targetPlacement controls the scheduling of network + diagnostics target daemonset \n See NetworkDiagnosticsTargetPlacement + for more details about default values." + properties: + nodeSelector: + additionalProperties: + type: string + description: "nodeSelector is the node selector applied to + network diagnostics components \n When omitted, this means + the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change + over time. The current default is `kubernetes.io/os: linux`." + type: object + tolerations: + description: "tolerations is a list of tolerations applied + to network diagnostics components \n When omitted, this + means the user has no opinion and the platform is left to + choose reasonable defaults. These defaults are subject to + change over time. The current default is `- operator: \"Exists\"` + which means that all taints are tolerated." + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + networkType: + description: 'NetworkType is the plugin that is to be deployed (e.g. + OpenShiftSDN). This should match a value that the cluster-network-operator + understands, or else no networking will be installed. Currently + supported values are: - OpenShiftSDN This field is immutable after + installation.' + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support + a single entry here. This field is immutable after installation. + items: + type: string + type: array + serviceNodePortRange: + description: The port range allowed for Services of type NodePort. + If not specified, the default of 30000-32767 will be used. Such + Services without a NodePort specified will have one automatically + allocated from this range. This parameter can be updated after the + cluster is installed. + pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + type: object + x-kubernetes-validations: + - message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement + when networkDiagnostics.mode is Disabled + rule: '!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) + || self.networkDiagnostics.mode!=''Disabled'' || !has(self.networkDiagnostics.sourcePlacement) + && !has(self.networkDiagnostics.targetPlacement)' + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses + from which pod IPs are allocated. + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each + node. If this field is not used by the plugin, it can be left + unset. + format: int32 + minimum: 0 + type: integer + type: object + type: array + clusterNetworkMTU: + description: ClusterNetworkMTU is the MTU for inter-pod networking. + type: integer + conditions: + description: 'conditions represents the observations of a network.config + current state. Known .status.conditions.type are: "NetworkTypeMigrationInProgress", + "NetworkTypeMigrationMTUReady", "NetworkTypeMigrationTargetCNIAvailable", + "NetworkTypeMigrationTargetCNIInUse", "NetworkTypeMigrationOriginalCNIPurged" + and "NetworkDiagnosticsAvailable"' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + migration: + description: Migration contains the cluster network migration configuration. + properties: + mtu: + description: MTU contains the MTU migration configuration. + properties: + machine: + description: Machine contains MTU migration configuration + for the machine's uplink. + properties: + from: + description: From is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: To is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: Network contains MTU migration configuration + for the default network. + properties: + from: + description: From is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: To is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: 'NetworkType is the target plugin that is to be deployed. + Currently supported values are: OpenShiftSDN, OVNKubernetes' + enum: + - OpenShiftSDN + - OVNKubernetes + type: string + type: object + networkType: + description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support + a single entry here. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml new file mode 100644 index 00000000000..09c68052a67 --- /dev/null +++ b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml @@ -0,0 +1,196 @@ +{ + "apiVersion": "config.openshift.io/v1", + "kind": "FeatureGate", + "metadata": { + "annotations": { + "include.release.openshift.io/ibm-cloud-managed": "false-except-for-the-config-operator" + }, + "creationTimestamp": null, + "name": "cluster" + }, + "spec": { + "featureSet": "DevPreviewNoUpgrade" + }, + "status": { + "featureGates": [ + { + "disabled": [ + { + "name": "ClusterAPIInstall" + }, + { + "name": "DisableKubeletCloudCredentialProviders" + }, + { + "name": "EventedPLEG" + }, + { + "name": "MachineAPIOperatorDisableMachineHealthCheckController" + }, + { + "name": "MetricsCollectionProfiles" + }, + { + "name": "NodeDisruptionPolicy" + } + ], + "enabled": [ + { + "name": "AdminNetworkPolicy" + }, + { + "name": "AlertingRules" + }, + { + "name": "AlibabaPlatform" + }, + { + "name": "AutomatedEtcdBackup" + }, + { + "name": "AzureWorkloadIdentity" + }, + { + "name": "BareMetalLoadBalancer" + }, + { + "name": "BuildCSIVolumes" + }, + { + "name": "CSIDriverSharedResource" + }, + { + "name": "CloudDualStackNodeIPs" + }, + { + "name": "DNSNameResolver" + }, + { + "name": "DynamicResourceAllocation" + }, + { + "name": "Example" + }, + { + "name": "ExternalCloudProvider" + }, + { + "name": "ExternalCloudProviderAzure" + }, + { + "name": "ExternalCloudProviderExternal" + }, + { + "name": "ExternalCloudProviderGCP" + }, + { + "name": "ExternalOIDC" + }, + { + "name": "ExternalRouteCertificate" + }, + { + "name": "GCPClusterHostedDNS" + }, + { + "name": "GCPLabelsTags" + }, + { + "name": "GatewayAPI" + }, + { + "name": "HardwareSpeed" + }, + { + "name": "ImagePolicy" + }, + { + "name": "InsightsConfig" + }, + { + "name": "InsightsConfigAPI" + }, + { + "name": "InsightsOnDemandDataGather" + }, + { + "name": "InstallAlternateInfrastructureAWS" + }, + { + "name": "KMSv1" + }, + { + "name": "MachineAPIProviderOpenStack" + }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "MaxUnavailableStatefulSet" + }, + { + "name": "MetricsServer" + }, + { + "name": "MixedCPUsAllocation" + }, + { + "name": "NetworkLiveMigration" + }, + { + "name": "NewOLM" + }, + { + "name": "NodeSwap" + }, + { + "name": "OnClusterBuild" + }, + { + "name": "OpenShiftPodSecurityAdmission" + }, + { + "name": "PinnedImages" + }, + { + "name": "PlatformOperators" + }, + { + "name": "PrivateHostedZoneAWS" + }, + { + "name": "RouteExternalCertificate" + }, + { + "name": "SignatureStores" + }, + { + "name": "SigstoreImageVerification" + }, + { + "name": "TranslateStreamCloseWebsocketRequests" + }, + { + "name": "UpgradeStatus" + }, + { + "name": "VSphereControlPlaneMachineSet" + }, + { + "name": "VSphereStaticIPs" + }, + { + "name": "ValidatingAdmissionPolicy" + }, + { + "name": "VolumeGroupSnapshot" + } + ], + "version": "" + } + ] + } +} diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml new file mode 100644 index 00000000000..d89cb6732ea --- /dev/null +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml @@ -0,0 +1,196 @@ +{ + "apiVersion": "config.openshift.io/v1", + "kind": "FeatureGate", + "metadata": { + "annotations": { + "include.release.openshift.io/self-managed-high-availability": "false-except-for-the-config-operator" + }, + "creationTimestamp": null, + "name": "cluster" + }, + "spec": { + "featureSet": "DevPreviewNoUpgrade" + }, + "status": { + "featureGates": [ + { + "disabled": [ + { + "name": "ClusterAPIInstall" + }, + { + "name": "DisableKubeletCloudCredentialProviders" + }, + { + "name": "EventedPLEG" + }, + { + "name": "MachineAPIOperatorDisableMachineHealthCheckController" + }, + { + "name": "MetricsCollectionProfiles" + }, + { + "name": "NodeDisruptionPolicy" + } + ], + "enabled": [ + { + "name": "AdminNetworkPolicy" + }, + { + "name": "AlertingRules" + }, + { + "name": "AlibabaPlatform" + }, + { + "name": "AutomatedEtcdBackup" + }, + { + "name": "AzureWorkloadIdentity" + }, + { + "name": "BareMetalLoadBalancer" + }, + { + "name": "BuildCSIVolumes" + }, + { + "name": "CSIDriverSharedResource" + }, + { + "name": "CloudDualStackNodeIPs" + }, + { + "name": "DNSNameResolver" + }, + { + "name": "DynamicResourceAllocation" + }, + { + "name": "Example" + }, + { + "name": "ExternalCloudProvider" + }, + { + "name": "ExternalCloudProviderAzure" + }, + { + "name": "ExternalCloudProviderExternal" + }, + { + "name": "ExternalCloudProviderGCP" + }, + { + "name": "ExternalOIDC" + }, + { + "name": "ExternalRouteCertificate" + }, + { + "name": "GCPClusterHostedDNS" + }, + { + "name": "GCPLabelsTags" + }, + { + "name": "GatewayAPI" + }, + { + "name": "HardwareSpeed" + }, + { + "name": "ImagePolicy" + }, + { + "name": "InsightsConfig" + }, + { + "name": "InsightsConfigAPI" + }, + { + "name": "InsightsOnDemandDataGather" + }, + { + "name": "InstallAlternateInfrastructureAWS" + }, + { + "name": "KMSv1" + }, + { + "name": "MachineAPIProviderOpenStack" + }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "MaxUnavailableStatefulSet" + }, + { + "name": "MetricsServer" + }, + { + "name": "MixedCPUsAllocation" + }, + { + "name": "NetworkLiveMigration" + }, + { + "name": "NewOLM" + }, + { + "name": "NodeSwap" + }, + { + "name": "OnClusterBuild" + }, + { + "name": "OpenShiftPodSecurityAdmission" + }, + { + "name": "PinnedImages" + }, + { + "name": "PlatformOperators" + }, + { + "name": "PrivateHostedZoneAWS" + }, + { + "name": "RouteExternalCertificate" + }, + { + "name": "SignatureStores" + }, + { + "name": "SigstoreImageVerification" + }, + { + "name": "TranslateStreamCloseWebsocketRequests" + }, + { + "name": "UpgradeStatus" + }, + { + "name": "VSphereControlPlaneMachineSet" + }, + { + "name": "VSphereStaticIPs" + }, + { + "name": "ValidatingAdmissionPolicy" + }, + { + "name": "VolumeGroupSnapshot" + } + ], + "version": "" + } + ] + } +} diff --git a/payload-manifests/featuregates/featureGate-SingleNode-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SingleNode-DevPreviewNoUpgrade.yaml new file mode 100644 index 00000000000..e36030b90eb --- /dev/null +++ b/payload-manifests/featuregates/featureGate-SingleNode-DevPreviewNoUpgrade.yaml @@ -0,0 +1,190 @@ +{ + "apiVersion": "config.openshift.io/v1", + "kind": "FeatureGate", + "metadata": { + "annotations": { + "include.release.openshift.io/single-node-developer": "false-except-for-the-config-operator" + }, + "creationTimestamp": null, + "name": "cluster" + }, + "spec": { + "featureSet": "DevPreviewNoUpgrade" + }, + "status": { + "featureGates": [ + { + "disabled": [ + { + "name": "ClusterAPIInstall" + }, + { + "name": "DisableKubeletCloudCredentialProviders" + }, + { + "name": "EventedPLEG" + }, + { + "name": "MachineAPIOperatorDisableMachineHealthCheckController" + } + ], + "enabled": [ + { + "name": "AdminNetworkPolicy" + }, + { + "name": "AlertingRules" + }, + { + "name": "AlibabaPlatform" + }, + { + "name": "AutomatedEtcdBackup" + }, + { + "name": "AzureWorkloadIdentity" + }, + { + "name": "BareMetalLoadBalancer" + }, + { + "name": "BuildCSIVolumes" + }, + { + "name": "CSIDriverSharedResource" + }, + { + "name": "CloudDualStackNodeIPs" + }, + { + "name": "DNSNameResolver" + }, + { + "name": "DynamicResourceAllocation" + }, + { + "name": "Example" + }, + { + "name": "ExternalCloudProvider" + }, + { + "name": "ExternalCloudProviderAzure" + }, + { + "name": "ExternalCloudProviderExternal" + }, + { + "name": "ExternalCloudProviderGCP" + }, + { + "name": "ExternalOIDC" + }, + { + "name": "ExternalRouteCertificate" + }, + { + "name": "GCPClusterHostedDNS" + }, + { + "name": "GCPLabelsTags" + }, + { + "name": "GatewayAPI" + }, + { + "name": "HardwareSpeed" + }, + { + "name": "ImagePolicy" + }, + { + "name": "InsightsConfig" + }, + { + "name": "InsightsConfigAPI" + }, + { + "name": "InsightsOnDemandDataGather" + }, + { + "name": "InstallAlternateInfrastructureAWS" + }, + { + "name": "KMSv1" + }, + { + "name": "MachineAPIProviderOpenStack" + }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "MaxUnavailableStatefulSet" + }, + { + "name": "MetricsServer" + }, + { + "name": "MixedCPUsAllocation" + }, + { + "name": "NetworkLiveMigration" + }, + { + "name": "NewOLM" + }, + { + "name": "NodeSwap" + }, + { + "name": "OnClusterBuild" + }, + { + "name": "OpenShiftPodSecurityAdmission" + }, + { + "name": "PinnedImages" + }, + { + "name": "PlatformOperators" + }, + { + "name": "PrivateHostedZoneAWS" + }, + { + "name": "RouteExternalCertificate" + }, + { + "name": "SignatureStores" + }, + { + "name": "SigstoreImageVerification" + }, + { + "name": "TranslateStreamCloseWebsocketRequests" + }, + { + "name": "UpgradeStatus" + }, + { + "name": "VSphereControlPlaneMachineSet" + }, + { + "name": "VSphereStaticIPs" + }, + { + "name": "ValidatingAdmissionPolicy" + }, + { + "name": "VolumeGroupSnapshot" + } + ], + "version": "" + } + ] + } +} From ef21ee7c3d0590ac431e81059172615e2addbbe3 Mon Sep 17 00:00:00 2001 From: David Eads Date: Fri, 22 Mar 2024 15:30:35 -0400 Subject: [PATCH 3/4] update tooling to auto-find new featuresets --- ...usterversions-DevPreviewNoUpgrade.crd.yaml | 781 +++++ ...SelfManagedHA-DevPreviewNoUpgrade.crd.yaml | 553 ++++ ...0_config-operator_01_featuregates.crd.yaml | 3 + ...frastructures-DevPreviewNoUpgrade.crd.yaml | 2149 +++++++++++++ ...r_01_networks-DevPreviewNoUpgrade.crd.yaml | 433 +++ ...01_schedulers-DevPreviewNoUpgrade.crd.yaml | 130 + .../AAA_ungated.yaml | 3 + ...or_01_backups-DevPreviewNoUpgrade.crd.yaml | 142 + ...imagepolicies-DevPreviewNoUpgrade.crd.yaml | 398 +++ ...imagepolicies-DevPreviewNoUpgrade.crd.yaml | 398 +++ ...tsdatagathers-DevPreviewNoUpgrade.crd.yaml | 88 + ...leconfigtypes-DevPreviewNoUpgrade.crd.yaml | 201 ++ ...leconfigtypes-DevPreviewNoUpgrade.crd.yaml | 131 + features.md | 123 +- ...1_datagathers-DevPreviewNoUpgrade.crd.yaml | 435 +++ ...rollerconfigs-DevPreviewNoUpgrade.crd.yaml | 2759 +++++++++++++++++ ...neconfigpools-DevPreviewNoUpgrade.crd.yaml | 629 ++++ ...neconfignodes-DevPreviewNoUpgrade.crd.yaml | 366 +++ ...chineosbuilds-DevPreviewNoUpgrade.crd.yaml | 300 ++ ...hineosconfigs-DevPreviewNoUpgrade.crd.yaml | 352 +++ ...nnedimagesets-DevPreviewNoUpgrade.crd.yaml | 165 + ...nameresolvers-DevPreviewNoUpgrade.crd.yaml | 245 ++ ...etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml | 277 ++ ...onfigurations-DevPreviewNoUpgrade.crd.yaml | 1293 ++++++++ ...tercsidrivers-DevPreviewNoUpgrade.crd.yaml | 408 +++ ...1_etcdbackups-DevPreviewNoUpgrade.crd.yaml | 158 + ...nager_01_olms-DevPreviewNoUpgrade.crd.yaml | 179 ++ ...SelfManagedHA-DevPreviewNoUpgrade.crd.yaml | 553 ++++ ...0_config-operator_01_featuregates.crd.yaml | 3 + ...frastructures-DevPreviewNoUpgrade.crd.yaml | 2149 +++++++++++++ ...01_schedulers-DevPreviewNoUpgrade.crd.yaml | 130 + ...reGate-Hypershift-DevPreviewNoUpgrade.yaml | 36 +- ...ate-SelfManagedHA-DevPreviewNoUpgrade.yaml | 36 +- ...reGate-SingleNode-DevPreviewNoUpgrade.yaml | 190 -- ...formoperators-DevPreviewNoUpgrade.crd.yaml | 159 + .../routes-DevPreviewNoUpgrade.crd.yaml | 678 ++++ tools/codegen/cmd/featureset-markdown.go | 7 +- tools/codegen/pkg/manifestmerge/filters.go | 50 +- tools/codegen/pkg/manifestmerge/generator.go | 42 +- tools/codegen/pkg/utils/featureset.go | 9 +- 40 files changed, 16846 insertions(+), 295 deletions(-) create mode 100644 config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml create mode 100644 config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml create mode 100644 config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml create mode 100644 config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml create mode 100644 config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_schedulers-DevPreviewNoUpgrade.crd.yaml create mode 100644 config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_backups-DevPreviewNoUpgrade.crd.yaml create mode 100644 config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clusterimagepolicies-DevPreviewNoUpgrade.crd.yaml create mode 100644 config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_imagepolicies-DevPreviewNoUpgrade.crd.yaml create mode 100644 config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-DevPreviewNoUpgrade.crd.yaml create mode 100644 example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-DevPreviewNoUpgrade.crd.yaml create mode 100644 example/v1alpha1/zz_generated.crd-manifests/0000_50_my-operator_01_notstableconfigtypes-DevPreviewNoUpgrade.crd.yaml create mode 100644 insights/v1alpha1/zz_generated.crd-manifests/0000_10_insights_01_datagathers-DevPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigpools-DevPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes-DevPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosbuilds-DevPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosconfigs-DevPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_pinnedimagesets-DevPreviewNoUpgrade.crd.yaml create mode 100644 network/v1alpha1/zz_generated.crd-manifests/0000_70_dns_00_dnsnameresolvers-DevPreviewNoUpgrade.crd.yaml create mode 100644 operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml create mode 100644 operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml create mode 100644 operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml create mode 100644 operator/v1alpha1/zz_generated.crd-manifests/0000_10_etcd_01_etcdbackups-DevPreviewNoUpgrade.crd.yaml create mode 100644 operator/v1alpha1/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-DevPreviewNoUpgrade.crd.yaml create mode 100644 payload-manifests/crds/0000_10_config-operator_01_authentications-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml create mode 100644 payload-manifests/crds/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml create mode 100644 payload-manifests/crds/0000_10_config-operator_01_schedulers-DevPreviewNoUpgrade.crd.yaml delete mode 100644 payload-manifests/featuregates/featureGate-SingleNode-DevPreviewNoUpgrade.yaml create mode 100644 platform/v1alpha1/zz_generated.crd-manifests/platformoperators-DevPreviewNoUpgrade.crd.yaml create mode 100644 route/v1/zz_generated.crd-manifests/routes-DevPreviewNoUpgrade.crd.yaml diff --git a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..f4be4a6f79b --- /dev/null +++ b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,781 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/495 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: clusterversions.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ClusterVersion + listKind: ClusterVersionList + plural: clusterversions + singular: clusterversion + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.history[?(@.state=="Completed")].version + name: Version + type: string + - jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime + name: Since + type: date + - jsonPath: .status.conditions[?(@.type=="Progressing")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: "ClusterVersion is the configuration for the ClusterVersionOperator. + This is where parameters related to automatic updates can be set. \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the desired state of the cluster version - the operator + will work to ensure that the desired version is applied to the cluster. + properties: + capabilities: + description: capabilities configures the installation of optional, + core cluster components. A null value here is identical to an empty + object; see the child properties for default semantics. + properties: + additionalEnabledCapabilities: + description: additionalEnabledCapabilities extends the set of + managed capabilities beyond the baseline defined in baselineCapabilitySet. The + default is an empty set. + items: + description: ClusterVersionCapability enumerates optional, core + cluster components. + enum: + - openshift-samples + - baremetal + - marketplace + - Console + - Insights + - Storage + - CSISnapshot + - NodeTuning + - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry + - OperatorLifecycleManager + - CloudCredential + - Ingress + - CloudControllerManager + type: string + type: array + x-kubernetes-list-type: atomic + baselineCapabilitySet: + description: baselineCapabilitySet selects an initial set of optional + capabilities to enable, which can be extended via additionalEnabledCapabilities. If + unset, the cluster will choose a default, and the default may + change over time. The current default is vCurrent. + enum: + - None + - v4.11 + - v4.12 + - v4.13 + - v4.14 + - v4.15 + - v4.16 + - vCurrent + type: string + type: object + channel: + description: channel is an identifier for explicitly requesting that + a non-default set of updates be applied to this cluster. The default + channel will be contain stable updates that are appropriate for + production clusters. + type: string + clusterID: + description: clusterID uniquely identifies this cluster. This is expected + to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + in hexadecimal values). This is a required field. + type: string + desiredUpdate: + description: "desiredUpdate is an optional field that indicates the + desired value of the cluster version. Setting this value will trigger + an upgrade (if the current version does not match the desired version). + The set of recommended update values is listed as part of available + updates in status, and setting values outside that range may cause + the upgrade to fail. \n Some of the fields are inter-related with + restrictions and meanings described here. 1. image is specified, + version is specified, architecture is specified. API validation + error. 2. image is specified, version is specified, architecture + is not specified. You should not do this. version is silently ignored + and image is used. 3. image is specified, version is not specified, + architecture is specified. API validation error. 4. image is specified, + version is not specified, architecture is not specified. image is + used. 5. image is not specified, version is specified, architecture + is specified. version and desired architecture are used to select + an image. 6. image is not specified, version is specified, architecture + is not specified. version and current architecture are used to select + an image. 7. image is not specified, version is not specified, architecture + is specified. API validation error. 8. image is not specified, version + is not specified, architecture is not specified. API validation + error. \n If an upgrade fails the operator will halt and report + status about the failing component. Setting the desired update value + back to the previous version will cause a rollback to be attempted. + Not all rollbacks will succeed." + properties: + architecture: + description: architecture is an optional field that indicates + the desired value of the cluster architecture. In this context + cluster architecture means either a single architecture or a + multi architecture. architecture can only be set to Multi thereby + only allowing updates from single to multi architecture. If + architecture is set, image cannot be set and version must be + set. Valid values are 'Multi' and empty. + enum: + - Multi + - "" + type: string + force: + description: force allows an administrator to update to an image + that has failed verification or upgradeable checks. This option + should only be used when the authenticity of the provided image + has been verified out of band because the provided image will + run with full administrative access to the cluster. Do not use + this flag with images that comes from unknown or potentially + malicious sources. + type: boolean + image: + description: image is a container image location that contains + the update. image should be used when the desired version does + not exist in availableUpdates or history. When image is set, + version is ignored. When image is set, version should be empty. + When image is set, architecture cannot be specified. + type: string + version: + description: version is a semantic version identifying the update + version. version is ignored if image is specified and required + if architecture is specified. + type: string + type: object + x-kubernetes-validations: + - message: cannot set both Architecture and Image + rule: 'has(self.architecture) && has(self.image) ? (self.architecture + == '''' || self.image == '''') : true' + - message: Version must be set if Architecture is set + rule: 'has(self.architecture) && self.architecture != '''' ? self.version + != '''' : true' + overrides: + description: overrides is list of overides for components that are + managed by cluster version operator. Marking a component unmanaged + will prevent the operator from creating or updating the object. + items: + description: ComponentOverride allows overriding cluster version + operator's behavior for a component. + properties: + group: + description: group identifies the API group that the kind is + in. + type: string + kind: + description: kind indentifies which object to override. + type: string + name: + description: name is the component's name. + type: string + namespace: + description: namespace is the component's namespace. If the + resource is cluster scoped, the namespace should be empty. + type: string + unmanaged: + description: 'unmanaged controls if cluster version operator + should stop managing the resources in this cluster. Default: + false' + type: boolean + required: + - group + - kind + - name + - namespace + - unmanaged + type: object + type: array + x-kubernetes-list-map-keys: + - kind + - group + - namespace + - name + x-kubernetes-list-type: map + signatureStores: + description: "signatureStores contains the upstream URIs to verify + release signatures and optional reference to a config map by name + containing the PEM-encoded CA bundle. \n By default, CVO will use + existing signature stores if this property is empty. The CVO will + check the release signatures in the local ConfigMaps first. It will + search for a valid signature in these stores in parallel only when + local ConfigMaps did not include a valid signature. Validation will + fail if none of the signature stores reply with valid signature + before timeout. Setting signatureStores will replace the default + signature stores with custom signature stores. Default stores can + be used with custom signature stores by adding them manually. \n + A maximum of 32 signature stores may be configured." + items: + description: SignatureStore represents the URL of custom Signature + Store + properties: + ca: + description: ca is an optional reference to a config map by + name containing the PEM-encoded CA bundle. It is used as a + trust anchor to validate the TLS certificate presented by + the remote server. The key "ca.crt" is used to locate the + data. If specified and the config map or expected key is not + found, the signature store is not honored. If the specified + ca data is not valid, the signature store is not honored. + If empty, we fall back to the CA configured via Proxy, which + is appended to the default system roots. The namespace for + this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + url: + description: url contains the upstream custom signature store + URL. url should be a valid absolute http/https URI of an upstream + signature store as per rfc1738. This must be provided and + cannot be empty. + type: string + x-kubernetes-validations: + - message: url must be a valid absolute URL + rule: isURL(self) + required: + - url + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + upstream: + description: upstream may be used to specify the preferred update + server. By default it will use the appropriate update server for + the cluster and region. + type: string + required: + - clusterID + type: object + status: + description: status contains information about the available updates and + any in-progress updates. + properties: + availableUpdates: + description: availableUpdates contains updates recommended for this + cluster. Updates which appear in conditionalUpdates but not in availableUpdates + may expose this cluster to known issues. This list may be empty + if no updates are recommended, if the update service is unavailable, + or if an invalid channel has been specified. + items: + description: Release represents an OpenShift release image and associated + metadata. + properties: + channels: + description: channels is the set of Cincinnati channels to which + the release currently belongs. + items: + type: string + type: array + x-kubernetes-list-type: set + image: + description: image is a container image location that contains + the update. When this field is part of spec, image is optional + if version is specified and the availableUpdates field contains + a matching version. + type: string + url: + description: url contains information about this release. This + URL is set by the 'url' metadata property on a release or + the metadata returned by the update API and should be displayed + as a link in user interfaces. The URL field may not be set + for test or nightly releases. + type: string + version: + description: version is a semantic version identifying the update + version. When this field is part of spec, version is optional + if image is specified. + type: string + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + capabilities: + description: capabilities describes the state of optional, core cluster + components. + properties: + enabledCapabilities: + description: enabledCapabilities lists all the capabilities that + are currently managed. + items: + description: ClusterVersionCapability enumerates optional, core + cluster components. + enum: + - openshift-samples + - baremetal + - marketplace + - Console + - Insights + - Storage + - CSISnapshot + - NodeTuning + - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry + - OperatorLifecycleManager + - CloudCredential + - Ingress + - CloudControllerManager + type: string + type: array + x-kubernetes-list-type: atomic + knownCapabilities: + description: knownCapabilities lists all the capabilities known + to the current cluster. + items: + description: ClusterVersionCapability enumerates optional, core + cluster components. + enum: + - openshift-samples + - baremetal + - marketplace + - Console + - Insights + - Storage + - CSISnapshot + - NodeTuning + - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry + - OperatorLifecycleManager + - CloudCredential + - Ingress + - CloudControllerManager + type: string + type: array + x-kubernetes-list-type: atomic + type: object + conditionalUpdates: + description: conditionalUpdates contains the list of updates that + may be recommended for this cluster if it meets specific required + conditions. Consumers interested in the set of updates that are + actually recommended for this cluster should use availableUpdates. + This list may be empty if no updates are recommended, if the update + service is unavailable, or if an empty or invalid channel has been + specified. + items: + description: ConditionalUpdate represents an update which is recommended + to some clusters on the version the current cluster is reconciling, + but which may not be recommended for the current cluster. + properties: + conditions: + description: 'conditions represents the observations of the + conditional update''s current status. Known types are: * Recommended, + for whether the update is recommended for the current cluster.' + items: + description: "Condition contains details for one aspect of + the current state of this API Resource. --- This struct + is intended for direct use as an array at the field path + .status.conditions. For example, \n type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: \"Available\", \"Progressing\", + and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields + }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should + be when the underlying condition changed. If that is + not known, then using the time when the API field changed + is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, + if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the + current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. The value should + be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across + resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability + to deconflict is important. The regex it matches is + (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + release: + description: release is the target of the update. + properties: + channels: + description: channels is the set of Cincinnati channels + to which the release currently belongs. + items: + type: string + type: array + x-kubernetes-list-type: set + image: + description: image is a container image location that contains + the update. When this field is part of spec, image is + optional if version is specified and the availableUpdates + field contains a matching version. + type: string + url: + description: url contains information about this release. + This URL is set by the 'url' metadata property on a release + or the metadata returned by the update API and should + be displayed as a link in user interfaces. The URL field + may not be set for test or nightly releases. + type: string + version: + description: version is a semantic version identifying the + update version. When this field is part of spec, version + is optional if image is specified. + type: string + type: object + risks: + description: risks represents the range of issues associated + with updating to the target release. The cluster-version operator + will evaluate all entries, and only recommend the update if + there is at least one entry and all entries recommend the + update. + items: + description: ConditionalUpdateRisk represents a reason and + cluster-state for not recommending a conditional update. + properties: + matchingRules: + description: matchingRules is a slice of conditions for + deciding which clusters match the risk and which do + not. The slice is ordered by decreasing precedence. + The cluster-version operator will walk the slice in + order, and stop after the first it can successfully + evaluate. If no condition can be successfully evaluated, + the update will not be recommended. + items: + description: ClusterCondition is a union of typed cluster + conditions. The 'type' property determines which + of the type-specific properties are relevant. When + evaluated on a cluster, the condition may match, not + match, or fail to evaluate. + properties: + promql: + description: promQL represents a cluster condition + based on PromQL. + properties: + promql: + description: PromQL is a PromQL query classifying + clusters. This query query should return a + 1 in the match case and a 0 in the does-not-match + case. Queries which return no time series, + or which return values besides 0 or 1, are + evaluation failures. + type: string + required: + - promql + type: object + type: + description: type represents the cluster-condition + type. This defines the members and semantics of + any additional properties. + enum: + - Always + - PromQL + type: string + required: + - type + type: object + minItems: 1 + type: array + x-kubernetes-list-type: atomic + message: + description: message provides additional information about + the risk of updating, in the event that matchingRules + match the cluster state. This is only to be consumed + by humans. It may contain Line Feed characters (U+000A), + which should be rendered as new lines. + minLength: 1 + type: string + name: + description: name is the CamelCase reason for not recommending + a conditional update, in the event that matchingRules + match the cluster state. + minLength: 1 + type: string + url: + description: url contains information about this risk. + format: uri + minLength: 1 + type: string + required: + - matchingRules + - message + - name + - url + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - release + - risks + type: object + type: array + x-kubernetes-list-type: atomic + conditions: + description: conditions provides information about the cluster version. + The condition "Available" is set to true if the desiredUpdate has + been reached. The condition "Progressing" is set to true if an update + is being applied. The condition "Degraded" is set to true if an + update is currently blocked by a temporary or permanent error. Conditions + are only valid for the current desiredUpdate when metadata.generation + is equal to status.generation. + items: + description: ClusterOperatorStatusCondition represents the state + of the operator's managed and monitored components. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. It + may contain Line Feed characters (U+000A), which should be + rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's + current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + desired: + description: desired is the version that the cluster is reconciling + towards. If the cluster is not yet fully initialized desired will + be set with the information available, which may be an image or + a tag. + properties: + channels: + description: channels is the set of Cincinnati channels to which + the release currently belongs. + items: + type: string + type: array + x-kubernetes-list-type: set + image: + description: image is a container image location that contains + the update. When this field is part of spec, image is optional + if version is specified and the availableUpdates field contains + a matching version. + type: string + url: + description: url contains information about this release. This + URL is set by the 'url' metadata property on a release or the + metadata returned by the update API and should be displayed + as a link in user interfaces. The URL field may not be set for + test or nightly releases. + type: string + version: + description: version is a semantic version identifying the update + version. When this field is part of spec, version is optional + if image is specified. + type: string + type: object + history: + description: history contains a list of the most recent versions applied + to the cluster. This value may be empty during cluster startup, + and then will be updated when a new update is being applied. The + newest update is first in the list and it is ordered by recency. + Updates in the history have state Completed if the rollout completed + - if an update was failing or halfway applied the state will be + Partial. Only a limited amount of update history is preserved. + items: + description: UpdateHistory is a single attempted update to the cluster. + properties: + acceptedRisks: + description: acceptedRisks records risks which were accepted + to initiate the update. For example, it may menition an Upgradeable=False + or missing signature that was overriden via desiredUpdate.force, + or an update that was initiated despite not being in the availableUpdates + set of recommended update targets. + type: string + completionTime: + description: completionTime, if set, is when the update was + fully applied. The update that is currently being applied + will have a null completion time. Completion time will always + be set for entries that are not the current update (usually + to the started time of the next update). + format: date-time + nullable: true + type: string + image: + description: image is a container image location that contains + the update. This value is always populated. + type: string + startedTime: + description: startedTime is the time at which the update was + started. + format: date-time + type: string + state: + description: state reflects whether the update was fully applied. + The Partial state indicates the update is not fully applied, + while the Completed state indicates the update was successfully + rolled out at least once (all parts of the update successfully + applied). + type: string + verified: + description: verified indicates whether the provided update + was properly verified before it was installed. If this is + false the cluster may not be trusted. Verified does not cover + upgradeable checks that depend on the cluster state at the + time when the update target was accepted. + type: boolean + version: + description: version is a semantic version identifying the update + version. If the requested image does not define a version, + or if a failure occurs retrieving the image, this value may + be empty. + type: string + required: + - completionTime + - image + - startedTime + - state + - verified + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration reports which version of the spec + is being synced. If this value is not equal to metadata.generation, + then the desired and conditions fields may represent a previous + version. + format: int64 + type: integer + versionHash: + description: versionHash is a fingerprint of the content that the + cluster will be updated with. It is used by the operator to avoid + unnecessary work and is for internal use only. + type: string + required: + - availableUpdates + - desired + - observedGeneration + - versionHash + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: the `baremetal` capability requires the `MachineAPI` capability, + which is neither explicitly or implicitly enabled in this cluster, please + enable the `MachineAPI` capability + rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) + && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' + in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' + in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) + && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) + && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' + - message: the `marketplace` capability requires the `OperatorLifecycleManager` + capability, which is neither explicitly or implicitly enabled in this + cluster, please enable the `OperatorLifecycleManager` capability + rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) + && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' + in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' + in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) + && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) + && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) + : true' + served: true + storage: true + subresources: + status: {} diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..028ae8f3f53 --- /dev/null +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,553 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: authentications.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Authentication + listKind: AuthenticationList + plural: authentications + singular: authentication + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Authentication specifies cluster-wide settings for authentication + (like OAuth and webhook token authenticators). The canonical name of an + instance is `cluster`. \n Compatibility level 1: Stable within a major release + for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + oauthMetadata: + description: 'oauthMetadata contains the discovery endpoint data for + OAuth 2.0 Authorization Server Metadata for an external OAuth server. + This discovery document can be viewed from its served location: + oc get --raw ''/.well-known/oauth-authorization-server'' For further + details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + If oauthMetadata.name is non-empty, this value has precedence over + any metadata reference stored in status. The key "oauthMetadata" + is used to locate the data. If specified and the config map or expected + key is not found, no metadata is served. If the specified metadata + is not valid, no metadata is served. The namespace for this config + map is openshift-config.' + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + oidcProviders: + description: "OIDCProviders are OIDC identity providers that can issue + tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". + \n At most one provider can be configured." + items: + properties: + claimMappings: + description: ClaimMappings describes rules on how to transform + information from an ID token into a cluster identity + properties: + groups: + description: Groups is a name of the claim that should be + used to construct groups for the cluster identity. The + referenced claim must use array of strings values. + properties: + claim: + description: Claim is a JWT token claim to be used in + the mapping + type: string + prefix: + description: "Prefix is a string to prefix the value + from the token in the result of the claim mapping. + \n By default, no prefixing occurs. \n Example: if + `prefix` is set to \"myoidc:\"\" and the `claim` in + JWT contains an array of strings \"a\", \"b\" and + \ \"c\", the mapping will result in an array of string + \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." + type: string + required: + - claim + type: object + username: + description: "Username is a name of the claim that should + be used to construct usernames for the cluster identity. + \n Default value: \"sub\"" + properties: + claim: + description: Claim is a JWT token claim to be used in + the mapping + type: string + prefix: + properties: + prefixString: + minLength: 1 + type: string + required: + - prefixString + type: object + prefixPolicy: + description: "PrefixPolicy specifies how a prefix should + apply. \n By default, claims other than `email` will + be prefixed with the issuer URL to prevent naming + clashes with other plugins. \n Set to \"NoPrefix\" + to disable prefixing. \n Example: (1) `prefix` is + set to \"myoidc:\" and `claim` is set to \"username\". + If the JWT claim `username` contains value `userA`, + the resulting mapped value will be \"myoidc:userA\". + (2) `prefix` is set to \"myoidc:\" and `claim` is + set to \"email\". If the JWT `email` claim contains + value \"userA@myoidc.tld\", the resulting mapped value + will be \"myoidc:userA@myoidc.tld\". (3) `prefix` + is unset, `issuerURL` is set to `https://myoidc.tld`, + the JWT claims include \"username\":\"userA\" and + \"email\":\"userA@myoidc.tld\", and `claim` is set + to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" + (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" + enum: + - "" + - NoPrefix + - Prefix + type: string + required: + - claim + type: object + x-kubernetes-validations: + - message: prefix must be set if prefixPolicy is 'Prefix', + but must remain unset otherwise + rule: 'has(self.prefixPolicy) && self.prefixPolicy == + ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) + > 0) : !has(self.prefix)' + type: object + claimValidationRules: + description: ClaimValidationRules are rules that are applied + to validate token claims to authenticate users. + items: + properties: + requiredClaim: + description: RequiredClaim allows configuring a required + claim name and its expected value + properties: + claim: + description: Claim is a name of a required claim. + Only claims with string values are supported. + minLength: 1 + type: string + requiredValue: + description: RequiredValue is the required value for + the claim. + minLength: 1 + type: string + required: + - claim + - requiredValue + type: object + type: + default: RequiredClaim + description: Type sets the type of the validation rule + enum: + - RequiredClaim + type: string + type: object + type: array + x-kubernetes-list-type: atomic + issuer: + description: Issuer describes atributes of the OIDC token issuer + properties: + audiences: + description: Audiences is an array of audiences that the + token was issued for. Valid tokens must include at least + one of these values in their "aud" claim. Must be set + to exactly one value. + items: + minLength: 1 + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + issuerCertificateAuthority: + description: CertificateAuthority is a reference to a config + map in the configuration namespace. The .data of the configMap + must contain the "ca-bundle.crt" key. If unset, system + trust is used instead. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + issuerURL: + description: URL is the serving URL of the token issuer. + Must use the https:// scheme. + pattern: ^https:\/\/[^\s] + type: string + required: + - audiences + - issuerURL + type: object + name: + description: Name of the OIDC provider + minLength: 1 + type: string + oidcClients: + description: OIDCClients contains configuration for the platform's + clients that need to request tokens from the issuer + items: + properties: + clientID: + description: ClientID is the identifier of the OIDC client + from the OIDC provider + minLength: 1 + type: string + clientSecret: + description: ClientSecret refers to a secret in the `openshift-config` + namespace that contains the client secret in the `clientSecret` + key of the `.data` field + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + componentName: + description: ComponentName is the name of the component + that is supposed to consume this client configuration + maxLength: 256 + minLength: 1 + type: string + componentNamespace: + description: ComponentNamespace is the namespace of the + component that is supposed to consume this client configuration + maxLength: 63 + minLength: 1 + type: string + extraScopes: + description: ExtraScopes is an optional set of scopes + to request tokens with. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - clientID + - componentName + - componentNamespace + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - componentNamespace + - componentName + x-kubernetes-list-type: map + required: + - issuer + - name + type: object + maxItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceAccountIssuer: + description: 'serviceAccountIssuer is the identifier of the bound + service account token issuer. The default is https://kubernetes.default.svc + WARNING: Updating this field will not result in immediate invalidation + of all bound tokens with the previous issuer value. Instead, the + tokens issued by previous service account issuer will continue to + be trusted for a time period chosen by the platform (currently set + to 24h). This time period is subject to change over time. This allows + internal components to transition to use new service account issuer + without service distruption.' + type: string + type: + description: type identifies the cluster managed, user facing authentication + mode in use. Specifically, it manages the component that responds + to login attempts. The default is IntegratedOAuth. + enum: + - "" + - None + - IntegratedOAuth + - OIDC + type: string + webhookTokenAuthenticator: + description: "webhookTokenAuthenticator configures a remote token + reviewer. These remote authentication webhooks can be used to verify + bearer tokens via the tokenreviews.authentication.k8s.io REST API. + This is required to honor bearer tokens that are provisioned by + an external authentication service. \n Can only be set if \"Type\" + is set to \"None\"." + properties: + kubeConfig: + description: "kubeConfig references a secret that contains kube + config file data which describes how to access the remote webhook + service. The namespace for the referenced secret is openshift-config. + \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + \n The key \"kubeConfig\" is used to locate the data. If the + secret or expected key is not found, the webhook is not honored. + If the specified kube config data is not valid, the webhook + is not honored." + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + required: + - name + type: object + required: + - kubeConfig + type: object + webhookTokenAuthenticators: + description: webhookTokenAuthenticators is DEPRECATED, setting it + has no effect. + items: + description: deprecatedWebhookTokenAuthenticator holds the necessary + configuration options for a remote token authenticator. It's the + same as WebhookTokenAuthenticator but it's missing the 'required' + validation on KubeConfig field. + properties: + kubeConfig: + description: 'kubeConfig contains kube config file data which + describes how to access the remote webhook service. For further + details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + The key "kubeConfig" is used to locate the data. If the secret + or expected key is not found, the webhook is not honored. + If the specified kube config data is not valid, the webhook + is not honored. The namespace for this secret is determined + by the point of use.' + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + integratedOAuthMetadata: + description: 'integratedOAuthMetadata contains the discovery endpoint + data for OAuth 2.0 Authorization Server Metadata for the in-cluster + integrated OAuth server. This discovery document can be viewed from + its served location: oc get --raw ''/.well-known/oauth-authorization-server'' + For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + This contains the observed value based on cluster state. An explicitly + set value in spec.oauthMetadata has precedence over this field. + This field has no meaning if authentication spec.type is not set + to IntegratedOAuth. The key "oauthMetadata" is used to locate the + data. If the config map or expected key is not found, no metadata + is served. If the specified metadata is not valid, no metadata is + served. The namespace for this config map is openshift-config-managed.' + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + oidcClients: + description: OIDCClients is where participating operators place the + current OIDC client status for OIDC clients that can be customized + by the cluster-admin. + items: + properties: + componentName: + description: ComponentName is the name of the component that + will consume a client configuration. + maxLength: 256 + minLength: 1 + type: string + componentNamespace: + description: ComponentNamespace is the namespace of the component + that will consume a client configuration. + maxLength: 63 + minLength: 1 + type: string + conditions: + description: "Conditions are used to communicate the state of + the `oidcClients` entry. \n Supported conditions include Available, + Degraded and Progressing. \n If Available is true, the component + is successfully using the configured client. If Degraded is + true, that means something has gone wrong trying to handle + the client configuration. If Progressing is true, that means + the component is taking some action related to the `oidcClients` + entry." + items: + description: "Condition contains details for one aspect of + the current state of this API Resource. --- This struct + is intended for direct use as an array at the field path + .status.conditions. For example, \n type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: \"Available\", \"Progressing\", + and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields + }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should + be when the underlying condition changed. If that is + not known, then using the time when the API field changed + is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, + if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the + current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. The value should + be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across + resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability + to deconflict is important. The regex it matches is + (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + consumingUsers: + description: ConsumingUsers is a slice of ServiceAccounts that + need to have read permission on the `clientSecret` secret. + items: + description: ConsumingUser is an alias for string which we + add validation to. Currently only service accounts are supported. + maxLength: 512 + minLength: 1 + pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + maxItems: 5 + type: array + x-kubernetes-list-type: set + currentOIDCClients: + description: CurrentOIDCClients is a list of clients that the + component is currently using. + items: + properties: + clientID: + description: ClientID is the identifier of the OIDC client + from the OIDC provider + minLength: 1 + type: string + issuerURL: + description: URL is the serving URL of the token issuer. + Must use the https:// scheme. + pattern: ^https:\/\/[^\s] + type: string + oidcProviderName: + description: OIDCName refers to the `name` of the provider + from `oidcProviders` + minLength: 1 + type: string + required: + - clientID + - issuerURL + - oidcProviderName + type: object + type: array + x-kubernetes-list-map-keys: + - issuerURL + - clientID + x-kubernetes-list-type: map + required: + - componentName + - componentNamespace + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - componentNamespace + - componentName + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: all oidcClients in the oidcProviders must match their componentName + and componentNamespace to either a previously configured oidcClient or + they must exist in the status.oidcClients + rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) + || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace + == specC.componentNamespace && statusC.componentName == specC.componentName) + || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, + oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, + oldC.componentNamespace == specC.componentNamespace && oldC.componentName + == specC.componentName)))))' + served: true + storage: true + subresources: + status: {} diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_featuregates.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_featuregates.crd.yaml index b179eee0ab0..c27cb73e2d3 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_featuregates.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_featuregates.crd.yaml @@ -80,6 +80,9 @@ spec: - message: TechPreviewNoUpgrade may not be changed rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade'' : true' + - message: DevPreviewNoUpgrade may not be changed + rule: 'oldSelf == ''DevPreviewNoUpgrade'' ? self == ''DevPreviewNoUpgrade'' + : true' type: object status: description: status holds observed values from the cluster. They may not diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..5e12ca8e224 --- /dev/null +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,2149 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: infrastructures.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Infrastructure holds cluster-wide information about Infrastructure. + \ The canonical name is `cluster` \n Compatibility level 1: Stable within + a major release for a minimum of 12 months or 3 minor releases (whichever + is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing + the cloud provider configuration file. This configuration file is + used to configure the Kubernetes cloud provider integration when + using the built-in cloud provider integration or the external cloud + controller manager. The namespace for this config map is openshift-config. + \n cloudConfig should only be consumed by the kube_cloud_config + controller. The controller is responsible for using the user configuration + in the spec for various platforms and combining that with the user + provided ConfigMap in this field to create a stitched kube cloud + config. The controller generates a ConfigMap `kube-cloud-config` + in `openshift-config-managed` namespace with the kube cloud config + is stored in `cloud.conf` key. All the clients are expected to use + the generated ConfigMap only." + properties: + key: + description: Key allows pointing to a specific key/value inside + of the configmap. This is useful for logical file references. + type: string + name: + type: string + type: object + platformSpec: + description: platformSpec holds desired information specific to the + underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba + Cloud infrastructure provider. + type: object + aws: + description: AWS contains settings specific to the Amazon Web + Services infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration + of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + pattern: ^https:// + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure + provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal + platform. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IP addresses, + one from IPv4 family and one from IPv6. In single stack + clusters a single IP address is expected. When omitted, + values from the status.apiServerInternalIPs will be used. + Once set, the list cannot be completely removed (but its + second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 + address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IP + addresses, one from IPv4 family and one from IPv6. In single + stack clusters a single IP address is expected. When omitted, + values from the status.ingressIPs will be used. Once set, + the list cannot be completely removed (but its second entry + can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address + and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. Each network is provided + in the CIDR format and should be IPv4 or IPv6, for example + "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix + Metal infrastructure provider. + type: object + external: + description: ExternalPlatformType represents generic infrastructure + provider. Platform-specific components should be supplemented + separately. + properties: + platformName: + default: Unknown + description: PlatformName holds the arbitrary string representing + the infrastructure provider name, expected to be set at + the installation time. This field is solely for informational + and reporting purposes and is not expected to be used for + decision-making. + type: string + x-kubernetes-validations: + - message: platform name cannot be changed once set + rule: oldSelf == 'Unknown' || self == oldSelf + type: object + gcp: + description: GCP contains settings specific to the Google Cloud + Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt + infrastructure provider. + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix + infrastructure provider. + properties: + failureDomains: + description: failureDomains configures failure domains information + for the Nutanix platform. When set, the failure domains + defined here may be used to spread Machines across prism + element clusters to improve fault tolerance of the cluster. + items: + description: NutanixFailureDomain configures failure domain + information for the Nutanix platform. + properties: + cluster: + description: cluster is to identify the cluster (the + Prism Element under management of the Prism Central), + in which the Machine's VM will be created. The cluster + identifier (uuid or name) can be obtained from the + Prism Central console or using the prism_central API. + properties: + name: + description: name is the resource name in the PC. + It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use + for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource in + the PC. It cannot be empty if the type is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type + is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) + : !has(self.uuid)' + - message: name configuration is required when type + is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) + : !has(self.name)' + name: + description: name defines the unique name of a failure + domain. Name is required and must be at most 64 characters + in length. It must consist of only lower case alphanumeric + characters and hyphens (-). It must start and end + with an alphanumeric character. This value is arbitrary + and is used to identify the failure domain within + the platform. + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + type: string + subnets: + description: subnets holds a list of identifiers (one + or more) of the cluster's network subnets for the + Machine's VM to connect to. The subnet identifiers + (uuid or name) can be obtained from the Prism Central + console or using the prism_central API. + items: + description: NutanixResourceIdentifier holds the identity + of a Nutanix PC resource (cluster, image, subnet, + etc.) + properties: + name: + description: name is the resource name in the + PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use + for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource + in the PC. It cannot be empty if the type is + UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type + is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) + : !has(self.uuid)' + - message: name configuration is required when type + is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) + : !has(self.name)' + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + required: + - cluster + - name + - subnets + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + prismCentral: + description: prismCentral holds the endpoint address and port + to access the Nutanix Prism Central. When a cluster-wide + proxy is installed, by default, this endpoint will be accessed + via the proxy. Should you wish for communication with this + endpoint not to be proxied, please add the endpoint to the + proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS name + or IP address) of the Nutanix Prism Central or Element + (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the Nutanix + Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + prismElements: + description: prismElements holds one or more endpoint address + and port data to access the Nutanix Prism Elements (clusters) + of the Nutanix Prism Central. Currently we only support + one Prism Element (cluster) for an OpenShift cluster, where + all the Nutanix resources (VMs, subnets, volumes, etc.) + used in the OpenShift cluster are located. In the future, + we may support Nutanix resources (VMs, etc.) spread over + multiple Prism Elements (clusters) of the Prism Central. + items: + description: NutanixPrismElementEndpoint holds the name + and endpoint data for a Prism Element (cluster) + properties: + endpoint: + description: endpoint holds the endpoint address and + port data of the Prism Element (cluster). When a cluster-wide + proxy is installed, by default, this endpoint will + be accessed via the proxy. Should you wish for communication + with this endpoint not to be proxied, please add the + endpoint to the proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS + name or IP address) of the Nutanix Prism Central + or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the + Nutanix Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + name: + description: name is the name of the Prism Element (cluster). + This value will correspond with the cluster field + configured on other resources (eg Machines, PVCs, + etc). + maxLength: 256 + type: string + required: + - endpoint + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - prismCentral + - prismElements + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack + infrastructure provider. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IP addresses, + one from IPv4 family and one from IPv6. In single stack + clusters a single IP address is expected. When omitted, + values from the status.apiServerInternalIPs will be used. + Once set, the list cannot be completely removed (but its + second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 + address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IP + addresses, one from IPv4 family and one from IPv6. In single + stack clusters a single IP address is expected. When omitted, + values from the status.ingressIPs will be used. Once set, + the list cannot be completely removed (but its second entry + can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address + and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. Each network is provided + in the CIDR format and should be IPv4 or IPv6, for example + "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure + provider. + type: object + powervs: + description: PowerVS contains settings specific to the IBM Power + Systems Virtual Servers infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints + which will override the default service endpoints of a Power + VS service. + items: + description: PowervsServiceEndpoint stores the configuration + of a custom url to override existing defaults of PowerVS + Services. + properties: + name: + description: name is the name of the Power VS service. + Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api + ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller + Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + description: type is the underlying infrastructure provider for + the cluster. This value controls whether infrastructure automation + such as service load balancers, dynamic volume provisioning, + machine creation and deletion, and other integrations are enabled. + If None, no infrastructure automation is enabled. Allowed values + are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", + "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", + "Nutanix" and "None". Individual components may not support + all platforms, and must handle unrecognized platforms as None + if they do not support that platform. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the VSphere + infrastructure provider. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IP addresses, + one from IPv4 family and one from IPv6. In single stack + clusters a single IP address is expected. When omitted, + values from the status.apiServerInternalIPs will be used. + Once set, the list cannot be completely removed (but its + second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 + address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + failureDomains: + description: failureDomains contains the definition of region, + zone and the vCenter topology. If this is omitted failure + domains (regions and zones) will not be used. + items: + description: VSpherePlatformFailureDomainSpec holds the + region and zone failure domain and the vCenter topology + of that failure domain. + properties: + name: + description: name defines the arbitrary but unique name + of a failure domain. + maxLength: 256 + minLength: 1 + type: string + region: + description: region defines the name of a region tag + that will be attached to a vCenter datacenter. The + tag category in vCenter must be named openshift-region. + maxLength: 80 + minLength: 1 + type: string + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name + or the IP address of the vCenter server. --- + maxLength: 255 + minLength: 1 + type: string + topology: + description: Topology describes a given failure domain + using vSphere constructs + properties: + computeCluster: + description: computeCluster the absolute path of + the vCenter cluster in which virtual machine will + be located. The absolute path is of the form //host/. + The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*? + type: string + datacenter: + description: datacenter is the name of vCenter datacenter + in which virtual machines will be located. The + maximum length of the datacenter name is 80 characters. + maxLength: 80 + type: string + datastore: + description: datastore is the absolute path of the + datastore in which the virtual machine is located. + The absolute path is of the form //datastore/ + The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/datastore/.*? + type: string + folder: + description: folder is the absolute path of the + folder where virtual machines are located. The + absolute path is of the form //vm/. + The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/vm/.*? + type: string + networks: + description: networks is the list of port group + network names within this failure domain. Currently, + we only support a single interface per RHCOS virtual + machine. The available networks (port groups) + can be listed using `govc ls 'network/*'` The + single interface should be the absolute path of + the form //network/. + items: + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + resourcePool: + description: resourcePool is the absolute path of + the resource pool where virtual machines will + be created. The absolute path is of the form //host//Resources/. + The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*?/Resources.* + type: string + template: + description: "template is the full inventory path + of the virtual machine or template that will be + cloned when creating new machines in this failure + domain. The maximum length of the path is 2048 + characters. \n When omitted, the template will + be calculated by the control plane machineset + operator based on the region and zone defined + in VSpherePlatformFailureDomainSpec. For example, + for zone=zonea, region=region1, and infrastructure + name=test, the template path would be calculated + as //vm/test-rhcos-region1-zonea." + maxLength: 2048 + minLength: 1 + pattern: ^/.*?/vm/.*? + type: string + required: + - computeCluster + - datacenter + - datastore + - networks + type: object + zone: + description: zone defines the name of a zone tag that + will be attached to a vCenter cluster. The tag category + in vCenter must be named openshift-zone. + maxLength: 80 + minLength: 1 + type: string + required: + - name + - region + - server + - topology + - zone + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IP + addresses, one from IPv4 family and one from IPv6. In single + stack clusters a single IP address is expected. When omitted, + values from the status.ingressIPs will be used. Once set, + the list cannot be completely removed (but its second entry + can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address + and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. Each network is provided + in the CIDR format and should be IPv4 or IPv6, for example + "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeNetworking: + description: nodeNetworking contains the definition of internal + and external network constraints for assigning the node's + networking. If this field is omitted, networking defaults + to the legacy address selection behavior which is to only + support a single address and return the first one found. + properties: + external: + description: external represents the network configuration + of the node that is externally routable. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses + in subnet ranges will be excluded when selecting + the IP address from the VirtualMachine's VM for + use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + x-kubernetes-list-type: atomic + network: + description: network VirtualMachine's VM Network names + that will be used to when searching for status.addresses + fields. Note that if internal.networkSubnetCIDR + and external.networkSubnetCIDR are not set, then + the vNIC associated to this network must only have + a single IP address assigned to it. The available + networks (port groups) can be listed using `govc + ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's + network interfaces included in the fields' CIDRs + that will be used in respective status.addresses + fields. --- + items: + format: cidr + type: string + type: array + x-kubernetes-list-type: set + type: object + internal: + description: internal represents the network configuration + of the node that is routable only within the cluster. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses + in subnet ranges will be excluded when selecting + the IP address from the VirtualMachine's VM for + use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + x-kubernetes-list-type: atomic + network: + description: network VirtualMachine's VM Network names + that will be used to when searching for status.addresses + fields. Note that if internal.networkSubnetCIDR + and external.networkSubnetCIDR are not set, then + the vNIC associated to this network must only have + a single IP address assigned to it. The available + networks (port groups) can be listed using `govc + ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's + network interfaces included in the fields' CIDRs + that will be used in respective status.addresses + fields. --- + items: + format: cidr + type: string + type: array + x-kubernetes-list-type: set + type: object + type: object + vcenters: + description: vcenters holds the connection details for services + to communicate with vCenter. Currently, only a single vCenter + is supported. --- + items: + description: VSpherePlatformVCenterSpec stores the vCenter + connection fields. This is used by the vSphere CCM. + properties: + datacenters: + description: The vCenter Datacenters in which the RHCOS + vm guests are located. This field will be used by + the Cloud Controller Manager. Each datacenter listed + here should be used within a topology. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + port: + description: port is the TCP port that will be used + to communicate to the vCenter endpoint. When omitted, + this means the user has no opinion and it is up to + the platform to choose a sensible default, which is + subject to change over time. + format: int32 + maximum: 32767 + minimum: 1 + type: integer + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name + or the IP address of the vCenter server. --- + maxLength: 255 + type: string + required: + - datacenters + - server + type: object + maxItems: 1 + minItems: 0 + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme 'https', + address and optionally a port (defaulting to 443). apiServerInternalURL + can be used by components like kubelets, to contact the Kubernetes + API server using the infrastructure provider rather than Kubernetes + networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', address + and optionally a port (defaulting to 443). apiServerURL can be + used by components like the web console to tell users where to find + the Kubernetes API. + type: string + controlPlaneTopology: + default: HighlyAvailable + description: controlPlaneTopology expresses the expectations for operands + that normally run on control nodes. The default is 'HighlyAvailable', + which represents the behavior operators have in a "normal" cluster. + The 'SingleReplica' mode will be used in single-node deployments + and the operators should not configure the operand for highly-available + operation The 'External' mode indicates that the control plane is + hosted externally to the cluster and that its components are not + visible within the cluster. + enum: + - HighlyAvailable + - SingleReplica + - External + type: string + cpuPartitioning: + default: None + description: cpuPartitioning expresses if CPU partitioning is a currently + enabled feature in the cluster. CPU Partitioning means that this + cluster can support partitioning workloads to specific CPU Sets. + Valid values are "None" and "AllNodes". When omitted, the default + value is "None". The default value of "None" indicates that no nodes + will be setup with CPU partitioning. The "AllNodes" value indicates + that all nodes have been setup with CPU partitioning, and can then + be further configured via the PerformanceProfile API. + enum: + - None + - AllNodes + type: string + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the + SRV records for discovering etcd servers and clients. For more info: + https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery + deprecated: as of 4.7, this field is no longer set or honored. It + will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with + a human friendly name. Once set it should not be changed. Must be + of max length 27 and must have only alphanumeric or hyphen characters. + type: string + infrastructureTopology: + default: HighlyAvailable + description: 'infrastructureTopology expresses the expectations for + infrastructure services that do not run on control plane nodes, + usually indicated by a node selector for a `role` value other than + `master`. The default is ''HighlyAvailable'', which represents the + behavior operators have in a "normal" cluster. The ''SingleReplica'' + mode will be used in single-node deployments and the operators should + not configure the operand for highly-available operation NOTE: External + topology mode is not applicable for this field.' + enum: + - HighlyAvailable + - SingleReplica + type: string + platform: + description: "platform is the underlying infrastructure provider for + the cluster. \n Deprecated: Use platformStatus.type instead." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + platformStatus: + description: platformStatus holds status information specific to the + underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba + Cloud infrastructure provider. + properties: + region: + description: region specifies the region for Alibaba Cloud + resources created for the cluster. + pattern: ^[0-9A-Za-z-]+$ + type: string + resourceGroupID: + description: resourceGroupID is the ID of the resource group + for the cluster. + pattern: ^(rg-[0-9A-Za-z]+)?$ + type: string + resourceTags: + description: resourceTags is a list of additional tags to + apply to Alibaba Cloud resources created for the cluster. + items: + description: AlibabaCloudResourceTag is the set of tags + to add to apply to resources. + properties: + key: + description: key is the key of the tag. + maxLength: 128 + minLength: 1 + type: string + value: + description: value is the value of the tag. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + required: + - region + type: object + aws: + description: AWS contains settings specific to the Amazon Web + Services infrastructure provider. + properties: + region: + description: region holds the default AWS region for new AWS + resources created by the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to + apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html + for information on tagging AWS resources. AWS supports a + maximum of 50 tags per resource. OpenShift reserves 25 tags + for its use, leaving 25 tags available for the user. + items: + description: AWSResourceTag is a tag to apply to AWS resources + created for the cluster. + properties: + key: + description: key is the key of the tag + maxLength: 128 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + value: + description: value is the value of the tag. Some AWS + service do not support empty values. Since tags are + added to resources in many services, the length of + the tag value must meet the requirements of all services. + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 25 + type: array + x-kubernetes-list-type: atomic + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration + of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + pattern: ^https:// + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure + provider. + properties: + armEndpoint: + description: armEndpoint specifies a URL to use for resource + management in non-soverign clouds such as Azure Stack. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureStackCloud + type: string + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group + for network resources like the Virtual Network and Subnets + used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new + Azure resources created for the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to + apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags + for information on tagging Azure resources. Due to limitations + on Automation, Content Delivery Network, DNS Azure resources, + a maximum of 15 tags may be applied. OpenShift reserves + 5 tags for internal use, allowing 10 tags for user configuration. + items: + description: AzureResourceTag is a tag to apply to Azure + resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key + can have a maximum of 128 characters and cannot be + empty. Key must begin with a letter, end with a letter, + number or underscore, and must contain only alphanumeric + characters and the following special characters `_ + . -`. + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ + type: string + value: + description: 'value is the value part of the tag. A + tag value can have a maximum of 256 characters and + cannot be empty. Value must contain only alphanumeric + characters and the following special characters `_ + + , - . / : ; < = > ? @`.' + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured + during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + type: object + x-kubernetes-validations: + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) + || has(oldSelf.resourceTags) && has(self.resourceTags)' + baremetal: + description: BareMetal contains settings specific to the BareMetal + platform. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on BareMetal platform which can be a + user-managed or openshift-managed load balancer that + is to be used for the OpenShift API and Ingress endpoints. + When set to OpenShiftManagedDefault the static pods + in charge of API and Ingress traffic load-balancing + defined in the machine config operator will be deployed. + When set to UserManaged these static pods will not be + deployed and it is expected that the load balancer is + configured out of band by the deployer. When omitted, + this means no opinion and the platform is left to choose + a reasonable default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the DNS + operator, `NodeDNSIP` provides name resolution for the nodes + themselves. There is no DNS-as-a-service for BareMetal deployments. + In order to minimize necessary changes to the datacenter + DNS, a DNS service is hosted as a static pod to serve those + hostnames to the nodes in the cluster. + type: string + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix + Metal infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + type: object + external: + description: External contains settings specific to the generic + External infrastructure provider. + properties: + cloudControllerManager: + description: cloudControllerManager contains settings specific + to the external Cloud Controller Manager (a.k.a. CCM or + CPI). When omitted, new nodes will be not tainted and no + extra initialization from the cloud controller manager is + expected. + properties: + state: + description: "state determines whether or not an external + Cloud Controller Manager is expected to be installed + within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager + \n Valid values are \"External\", \"None\" and omitted. + When set to \"External\", new nodes will be tainted + as uninitialized when created, preventing them from + running workloads until they are initialized by the + cloud controller manager. When omitted or set to \"None\", + new nodes will be not tainted and no extra initialization + from the cloud controller manager is expected." + enum: + - "" + - External + - None + type: string + x-kubernetes-validations: + - message: state is immutable once set + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: state may not be added or removed once set + rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) + && self.state != "External") + type: object + x-kubernetes-validations: + - message: cloudControllerManager may not be added or removed + once set + rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) + gcp: + description: GCP contains settings specific to the Google Cloud + Platform infrastructure provider. + properties: + cloudLoadBalancerConfig: + default: + dnsType: PlatformDefault + description: cloudLoadBalancerConfig is a union that contains + the IP addresses of API, API-Int and Ingress Load Balancers + created on the cloud platform. These values would not be + populated on on-prem platforms. These Load Balancer IPs + are used to configure the in-cluster DNS instances for API, + API-Int and Ingress services. `dnsType` is expected to be + set to `ClusterHosted` when these Load Balancer IP addresses + are populated and used. + nullable: true + properties: + clusterHosted: + description: clusterHosted holds the IP addresses of API, + API-Int and Ingress Load Balancers on Cloud Platforms. + The DNS solution hosted within the cluster use these + IP addresses to provide resolution for API, API-Int + and Ingress services. + properties: + apiIntLoadBalancerIPs: + description: apiIntLoadBalancerIPs holds Load Balancer + IPs for the internal API service. These Load Balancer + IP addresses can be IPv4 and/or IPv6 addresses. + Entries in the apiIntLoadBalancerIPs must be unique. + A maximum of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + apiLoadBalancerIPs: + description: apiLoadBalancerIPs holds Load Balancer + IPs for the API service. These Load Balancer IP + addresses can be IPv4 and/or IPv6 addresses. Could + be empty for private clusters. Entries in the apiLoadBalancerIPs + must be unique. A maximum of 16 IP addresses are + permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + ingressLoadBalancerIPs: + description: ingressLoadBalancerIPs holds IPs for + Ingress Load Balancers. These Load Balancer IP addresses + can be IPv4 and/or IPv6 addresses. Entries in the + ingressLoadBalancerIPs must be unique. A maximum + of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + type: object + dnsType: + default: PlatformDefault + description: dnsType indicates the type of DNS solution + in use within the cluster. Its default value of `PlatformDefault` + indicates that the cluster's DNS is the default provided + by the cloud platform. It can be set to `ClusterHosted` + to bypass the configuration of the cloud default DNS. + In this mode, the cluster needs to provide a self-hosted + DNS solution for the cluster's installation to succeed. + The cluster's use of the cloud's Load Balancers is unaffected + by this setting. The value is immutable after it has + been set at install time. Currently, there is no way + for the customer to add additional DNS entries into + the cluster hosted DNS. Enabling this functionality + allows the user to start their own DNS solution outside + the cluster after installation is complete. The customer + would be responsible for configuring this custom DNS + solution, and it can be run in addition to the in-cluster + DNS solution. + enum: + - ClusterHosted + - PlatformDefault + type: string + x-kubernetes-validations: + - message: dnsType is immutable + rule: oldSelf == '' || self == oldSelf + type: object + x-kubernetes-validations: + - message: clusterHosted is permitted only when dnsType is + ClusterHosted + rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' + ? !has(self.clusterHosted) : true' + projectID: + description: resourceGroupName is the Project ID for new GCP + resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources + created for the cluster. + type: string + resourceLabels: + description: resourceLabels is a list of additional labels + to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources + for information on labeling GCP resources. GCP supports + a maximum of 64 labels per resource. OpenShift reserves + 32 labels for internal use, allowing 32 labels for user + configuration. + items: + description: GCPResourceLabel is a label to apply to GCP + resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label + key can have a maximum of 63 characters and cannot + be empty. Label key must begin with a lowercase letter, + and must contain only lowercase letters, numeric characters, + and the following special characters `_-`. Label key + must not have the reserved prefixes `kubernetes-io` + and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]{0,62}$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` + or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A + label value can have a maximum of 63 characters and + cannot be empty. Value must contain only lowercase + letters, numeric characters, and the following special + characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]{1,63}$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured + during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to + apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview + for information on tagging GCP resources. GCP supports a + maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources + created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key + can have a maximum of 63 characters and cannot be + empty. Tag key must begin and end with an alphanumeric + character, and must contain only uppercase, lowercase + alphanumeric characters, and the following special + characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical + resource where the tags are defined, e.g. at the Organization + or the Project level. To find the Organization or + Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, + https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. + An OrganizationID must consist of decimal numbers, + and cannot have leading zeroes. A ProjectID must be + 6 to 30 characters in length, can only contain lowercase + letters, numbers, and hyphens, and must start with + a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag + value can have a maximum of 63 characters and cannot + be empty. Tag value must begin and end with an alphanumeric + character, and must contain only uppercase, lowercase + alphanumeric characters, and the following special + characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured + during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) + || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) + || has(oldSelf.resourceTags) && has(self.resourceTags)' + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet + Services instance managing the DNS zone for the cluster's + base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services + instance managing the DNS zone for the cluster's base domain + type: string + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that + was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new + IBMCloud resources created for the cluster. + type: string + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints + which will override the default service endpoints of an + IBM Cloud service. These endpoints are consumed by components + within the cluster to reach the respective IBM Cloud Services. + items: + description: IBMCloudServiceEndpoint stores the configuration + of a custom url to override existing defaults of IBM Cloud + Services. + properties: + name: + description: 'name is the name of the IBM Cloud service. + Possible values are: CIS, COS, DNSServices, GlobalSearch, + GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, + ResourceManager, or VPC. For example, the IBM Cloud + Private IAM service could be configured with the service + `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` + Whereas the IBM Cloud Private VPC service for US South + (Dallas) could be configured with the service `name` + of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' + enum: + - CIS + - COS + - DNSServices + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + type: string + x-kubernetes-validations: + - message: url must be a valid absolute URL + rule: isURL(self) + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt + infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix + infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on Nutanix platform which can be a user-managed + or openshift-managed load balancer that is to be used + for the OpenShift API and Ingress endpoints. When set + to OpenShiftManagedDefault the static pods in charge + of API and Ingress traffic load-balancing defined in + the machine config operator will be deployed. When set + to UserManaged these static pods will not be deployed + and it is expected that the load balancer is configured + out of band by the deployer. When omitted, this means + no opinion and the platform is left to choose a reasonable + default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack + infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + cloudName: + description: cloudName is the name of the desired OpenStack + cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on OpenStack platform which can be a + user-managed or openshift-managed load balancer that + is to be used for the OpenShift API and Ingress endpoints. + When set to OpenShiftManagedDefault the static pods + in charge of API and Ingress traffic load-balancing + defined in the machine config operator will be deployed. + When set to UserManaged these static pods will not be + deployed and it is expected that the load balancer is + configured out of band by the deployer. When omitted, + this means no opinion and the platform is left to choose + a reasonable default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the DNS + operator, `NodeDNSIP` provides name resolution for the nodes + themselves. There is no DNS-as-a-service for OpenStack deployments. + In order to minimize necessary changes to the datacenter + DNS, a DNS service is hosted as a static pod to serve those + hostnames to the nodes in the cluster. + type: string + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure + provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on Ovirt platform which can be a user-managed + or openshift-managed load balancer that is to be used + for the OpenShift API and Ingress endpoints. When set + to OpenShiftManagedDefault the static pods in charge + of API and Ingress traffic load-balancing defined in + the machine config operator will be deployed. When set + to UserManaged these static pods will not be deployed + and it is expected that the load balancer is configured + out of band by the deployer. When omitted, this means + no opinion and the platform is left to choose a reasonable + default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is no longer + set or honored. It will be removed in a future release.' + type: string + type: object + powervs: + description: PowerVS contains settings specific to the Power Systems + Virtual Servers infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet + Services instance managing the DNS zone for the cluster's + base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services + instance managing the DNS zone for the cluster's base domain + type: string + region: + description: region holds the default Power VS region for + new Power VS resources created by the cluster. + type: string + resourceGroup: + description: 'resourceGroup is the resource group name for + new IBMCloud resources created for a cluster. The resource + group specified here will be used by cluster-image-registry-operator + to set up a COS Instance in IBMCloud for the cluster registry. + More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. + When omitted, the image registry operator won''t be able + to configure storage, which results in the image registry + cluster operator not being in an available state.' + maxLength: 40 + pattern: ^[a-zA-Z0-9-_ ]+$ + type: string + x-kubernetes-validations: + - message: resourceGroup is immutable once set + rule: oldSelf == '' || self == oldSelf + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints + which will override the default service endpoints of a Power + VS service. + items: + description: PowervsServiceEndpoint stores the configuration + of a custom url to override existing defaults of PowerVS + Services. + properties: + name: + description: name is the name of the Power VS service. + Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api + ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller + Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + zone: + description: 'zone holds the default zone for the new Power + VS resources created by the cluster. Note: Currently only + single-zone OCP clusters are supported' + type: string + type: object + x-kubernetes-validations: + - message: cannot unset resourceGroup once set + rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' + type: + description: "type is the underlying infrastructure provider for + the cluster. This value controls whether infrastructure automation + such as service load balancers, dynamic volume provisioning, + machine creation and deletion, and other integrations are enabled. + If None, no infrastructure automation is enabled. Allowed values + are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", + \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", + \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components + may not support all platforms, and must handle unrecognized + platforms as None if they do not support that platform. \n This + value will be synced with to the `status.platform` and `status.platformStatus.type`. + Currently this value cannot be changed once set." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the VSphere + infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on VSphere platform which can be a user-managed + or openshift-managed load balancer that is to be used + for the OpenShift API and Ingress endpoints. When set + to OpenShiftManagedDefault the static pods in charge + of API and Ingress traffic load-balancing defined in + the machine config operator will be deployed. When set + to UserManaged these static pods will not be deployed + and it is expected that the load balancer is configured + out of band by the deployer. When omitted, this means + no opinion and the platform is left to choose a reasonable + default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the DNS + operator, `NodeDNSIP` provides name resolution for the nodes + themselves. There is no DNS-as-a-service for vSphere deployments. + In order to minimize necessary changes to the datacenter + DNS, a DNS service is hosted as a static pod to serve those + hostnames to the nodes in the cluster. + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..3acf1990560 --- /dev/null +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,433 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: networks.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Network holds cluster-wide information about Network. The canonical + name is `cluster`. It is used to configure the desired network configuration, + such as: IP address pools for services/pod IPs, network plugin, etc. Please + view network.spec for an explanation on what applies when configuring this + resource. \n Compatibility level 1: Stable within a major release for a + minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration. As a general + rule, this SHOULD NOT be read directly. Instead, you should consume + the NetworkStatus, as it indicates the currently deployed configuration. + Currently, most spec fields are immutable after installation. Please + view the individual ones for further details on each. + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. This field is immutable + after installation. + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses + from which pod IPs are allocated. + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each + node. If this field is not used by the plugin, it can be left + unset. + format: int32 + minimum: 0 + type: integer + type: object + type: array + externalIP: + description: externalIP defines configuration for controllers that + affect Service.ExternalIP. If nil, then ExternalIP is not allowed + to be set. + properties: + autoAssignCIDRs: + description: autoAssignCIDRs is a list of CIDRs from which to + automatically assign Service.ExternalIP. These are assigned + when the service is of type LoadBalancer. In general, this is + only useful for bare-metal clusters. In Openshift 3.x, this + was misleadingly called "IngressIPs". Automatically assigned + External IPs are not affected by any ExternalIPPolicy rules. + Currently, only one entry may be provided. + items: + type: string + type: array + policy: + description: policy is a set of restrictions applied to the ExternalIP + field. If nil or empty, then ExternalIP is not allowed to be + set. + properties: + allowedCIDRs: + description: allowedCIDRs is the list of allowed CIDRs. + items: + type: string + type: array + rejectedCIDRs: + description: rejectedCIDRs is the list of disallowed CIDRs. + These take precedence over allowedCIDRs. + items: + type: string + type: array + type: object + type: object + networkDiagnostics: + description: "networkDiagnostics defines network diagnostics configuration. + \n Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. + If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics + flag in network.operator.openshift.io is set to true, the network + diagnostics feature will be disabled." + properties: + mode: + description: "mode controls the network diagnostics mode \n When + omitted, this means the user has no opinion and the platform + is left to choose reasonable defaults. These defaults are subject + to change over time. The current default is All." + enum: + - "" + - All + - Disabled + type: string + sourcePlacement: + description: "sourcePlacement controls the scheduling of network + diagnostics source deployment \n See NetworkDiagnosticsSourcePlacement + for more details about default values." + properties: + nodeSelector: + additionalProperties: + type: string + description: "nodeSelector is the node selector applied to + network diagnostics components \n When omitted, this means + the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change + over time. The current default is `kubernetes.io/os: linux`." + type: object + tolerations: + description: "tolerations is a list of tolerations applied + to network diagnostics components \n When omitted, this + means the user has no opinion and the platform is left to + choose reasonable defaults. These defaults are subject to + change over time. The current default is an empty list." + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + targetPlacement: + description: "targetPlacement controls the scheduling of network + diagnostics target daemonset \n See NetworkDiagnosticsTargetPlacement + for more details about default values." + properties: + nodeSelector: + additionalProperties: + type: string + description: "nodeSelector is the node selector applied to + network diagnostics components \n When omitted, this means + the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change + over time. The current default is `kubernetes.io/os: linux`." + type: object + tolerations: + description: "tolerations is a list of tolerations applied + to network diagnostics components \n When omitted, this + means the user has no opinion and the platform is left to + choose reasonable defaults. These defaults are subject to + change over time. The current default is `- operator: \"Exists\"` + which means that all taints are tolerated." + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + networkType: + description: 'NetworkType is the plugin that is to be deployed (e.g. + OpenShiftSDN). This should match a value that the cluster-network-operator + understands, or else no networking will be installed. Currently + supported values are: - OpenShiftSDN This field is immutable after + installation.' + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support + a single entry here. This field is immutable after installation. + items: + type: string + type: array + serviceNodePortRange: + description: The port range allowed for Services of type NodePort. + If not specified, the default of 30000-32767 will be used. Such + Services without a NodePort specified will have one automatically + allocated from this range. This parameter can be updated after the + cluster is installed. + pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + type: object + x-kubernetes-validations: + - message: cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement + when networkDiagnostics.mode is Disabled + rule: '!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) + || self.networkDiagnostics.mode!=''Disabled'' || !has(self.networkDiagnostics.sourcePlacement) + && !has(self.networkDiagnostics.targetPlacement)' + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses + from which pod IPs are allocated. + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each + node. If this field is not used by the plugin, it can be left + unset. + format: int32 + minimum: 0 + type: integer + type: object + type: array + clusterNetworkMTU: + description: ClusterNetworkMTU is the MTU for inter-pod networking. + type: integer + conditions: + description: 'conditions represents the observations of a network.config + current state. Known .status.conditions.type are: "NetworkTypeMigrationInProgress", + "NetworkTypeMigrationMTUReady", "NetworkTypeMigrationTargetCNIAvailable", + "NetworkTypeMigrationTargetCNIInUse", "NetworkTypeMigrationOriginalCNIPurged" + and "NetworkDiagnosticsAvailable"' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + migration: + description: Migration contains the cluster network migration configuration. + properties: + mtu: + description: MTU contains the MTU migration configuration. + properties: + machine: + description: Machine contains MTU migration configuration + for the machine's uplink. + properties: + from: + description: From is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: To is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: Network contains MTU migration configuration + for the default network. + properties: + from: + description: From is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: To is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: 'NetworkType is the target plugin that is to be deployed. + Currently supported values are: OpenShiftSDN, OVNKubernetes' + enum: + - OpenShiftSDN + - OVNKubernetes + type: string + type: object + networkType: + description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support + a single entry here. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_schedulers-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_schedulers-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..b18926fed65 --- /dev/null +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_schedulers-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,130 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: schedulers.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Scheduler + listKind: SchedulerList + plural: schedulers + singular: scheduler + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Scheduler holds cluster-wide config information to run the Kubernetes + Scheduler and influence its placement decisions. The canonical name for + this config is `cluster`. \n Compatibility level 1: Stable within a major + release for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + defaultNodeSelector: + description: 'defaultNodeSelector helps set the cluster-wide default + node selector to restrict pod placement to specific nodes. This + is applied to the pods created in all namespaces and creates an + intersection with any existing nodeSelectors already set on a pod, + additionally constraining that pod''s selector. For example, defaultNodeSelector: + "type=user-node,region=east" would set nodeSelector field in pod + spec to "type=user-node,region=east" to all pods created in all + namespaces. Namespaces having project-wide node selectors won''t + be impacted even if this field is set. This adds an annotation section + to the namespace. For example, if a new namespace is created with + node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: + type=user-node,region=east gets added to the project. When the openshift.io/node-selector + annotation is set on the project the value is used in preference + to the value we are setting for defaultNodeSelector field. For instance, + openshift.io/node-selector: "type=user-node,region=west" means that + the default of "type=user-node,region=east" set in defaultNodeSelector + would not be applied.' + type: string + mastersSchedulable: + description: 'MastersSchedulable allows masters nodes to be schedulable. + When this flag is turned on, all the master nodes in the cluster + will be made schedulable, so that workload pods can run on them. + The default value for this field is false, meaning none of the master + nodes are schedulable. Important Note: Once the workload pods start + running on the master nodes, extreme care must be taken to ensure + that cluster-critical control plane components are not impacted. + Please turn on this field after doing due diligence.' + type: boolean + policy: + description: 'DEPRECATED: the scheduler Policy API has been deprecated + and will be removed in a future release. policy is a reference to + a ConfigMap containing scheduler policy which has user specified + predicates and priorities. If this ConfigMap is not available scheduler + will default to use DefaultAlgorithmProvider. The namespace for + this configmap is openshift-config.' + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + profile: + description: "profile sets which scheduling profile should be set + in order to configure scheduling decisions for new pods. \n Valid + values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" + Defaults to \"LowNodeUtilization\"" + enum: + - "" + - LowNodeUtilization + - HighNodeUtilization + - NoScoring + type: string + profileCustomizations: + description: profileCustomizations contains configuration for modifying + the default behavior of existing scheduler profiles. + properties: + dynamicResourceAllocation: + description: dynamicResourceAllocation allows to enable or disable + dynamic resource allocation within the scheduler. Dynamic resource + allocation is an API for requesting and sharing resources between + pods and containers inside a pod. Third-party resource drivers + are responsible for tracking and allocating resources. Different + kinds of resources support arbitrary parameters for defining + requirements and initialization. Valid values are Enabled, Disabled + and omitted. When omitted, this means no opinion and the platform + is left to choose a reasonable default, which is subject to + change over time. The current default is Disabled. + enum: + - "" + - Enabled + - Disabled + type: string + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/v1/zz_generated.featuregated-crd-manifests/featuregates.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/featuregates.config.openshift.io/AAA_ungated.yaml index 8ecfc2164d6..4372d364f76 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/featuregates.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/featuregates.config.openshift.io/AAA_ungated.yaml @@ -81,6 +81,9 @@ spec: - message: TechPreviewNoUpgrade may not be changed rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade'' : true' + - message: DevPreviewNoUpgrade may not be changed + rule: 'oldSelf == ''DevPreviewNoUpgrade'' ? self == ''DevPreviewNoUpgrade'' + : true' type: object status: description: status holds observed values from the cluster. They may not diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_backups-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_backups-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..2e3adb645bd --- /dev/null +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_backups-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,142 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1482 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: backups.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Backup + listKind: BackupList + plural: backups + singular: backup + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "Backup provides configuration for performing backups of the + openshift cluster. \n Compatibility level 4: No compatibility is provided, + the API can change at any point for any reason. These capabilities should + not be used by applications needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + etcd: + description: etcd specifies the configuration for periodic backups + of the etcd cluster + properties: + pvcName: + description: PVCName specifies the name of the PersistentVolumeClaim + (PVC) which binds a PersistentVolume where the etcd backup files + would be saved The PVC itself must always be created in the + "openshift-etcd" namespace If the PVC is left unspecified "" + then the platform will choose a reasonable default location + to save the backup. In the future this would be backups saved + across the control-plane master nodes. + type: string + retentionPolicy: + description: RetentionPolicy defines the retention policy for + retaining and deleting existing backups. + properties: + retentionNumber: + description: RetentionNumber configures the retention policy + based on the number of backups + properties: + maxNumberOfBackups: + description: MaxNumberOfBackups defines the maximum number + of backups to retain. If the existing number of backups + saved is equal to MaxNumberOfBackups then the oldest + backup will be removed before a new backup is initiated. + minimum: 1 + type: integer + required: + - maxNumberOfBackups + type: object + retentionSize: + description: RetentionSize configures the retention policy + based on the size of backups + properties: + maxSizeOfBackupsGb: + description: MaxSizeOfBackupsGb defines the total size + in GB of backups to retain. If the current total size + backups exceeds MaxSizeOfBackupsGb then the oldest backup + will be removed before a new backup is initiated. + minimum: 1 + type: integer + required: + - maxSizeOfBackupsGb + type: object + retentionType: + allOf: + - enum: + - RetentionNumber + - RetentionSize + - enum: + - "" + - RetentionNumber + - RetentionSize + description: RetentionType sets the type of retention policy. + Currently, the only valid policies are retention by number + of backups (RetentionNumber), by the size of backups (RetentionSize). + More policies or types may be added in the future. Empty + string means no opinion and the platform is left to choose + a reasonable default which is subject to change without + notice. The current default is RetentionNumber with 15 backups + kept. + type: string + required: + - retentionType + type: object + schedule: + description: 'Schedule defines the recurring backup schedule in + Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 + * * * Empty string means no opinion and the platform is left + to choose a reasonable default which is subject to change without + notice. The current default is "no backups", but will change + in the future.' + pattern: ^(@(annually|yearly|monthly|weekly|daily|hourly))|(\*|(?:\*|(?:[0-9]|(?:[1-5][0-9])))\/(?:[0-9]|(?:[1-5][0-9]))|(?:[0-9]|(?:[1-5][0-9]))(?:(?:\-[0-9]|\-(?:[1-5][0-9]))?|(?:\,(?:[0-9]|(?:[1-5][0-9])))*)) + (\*|(?:\*|(?:\*|(?:[0-9]|1[0-9]|2[0-3])))\/(?:[0-9]|1[0-9]|2[0-3])|(?:[0-9]|1[0-9]|2[0-3])(?:(?:\-(?:[0-9]|1[0-9]|2[0-3]))?|(?:\,(?:[0-9]|1[0-9]|2[0-3]))*)) + (\*|(?:[1-9]|(?:[12][0-9])|3[01])(?:(?:\-(?:[1-9]|(?:[12][0-9])|3[01]))?|(?:\,(?:[1-9]|(?:[12][0-9])|3[01]))*)) + (\*|(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(?:(?:\-(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?|(?:\,(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))*)) + (\*|(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT)(?:(?:\-(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))?|(?:\,(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))*))$ + type: string + timeZone: + description: The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. + If not specified, this will default to the time zone of the + kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones + pattern: ^([A-Za-z_]+([+-]*0)*|[A-Za-z_]+(\/[A-Za-z_]+){1,2})(\/GMT[+-]\d{1,2})?$ + type: string + type: object + required: + - etcd + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clusterimagepolicies-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clusterimagepolicies-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..79c49e0580a --- /dev/null +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clusterimagepolicies-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,398 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1457 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: clusterimagepolicies.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ClusterImagePolicy + listKind: ClusterImagePolicyList + plural: clusterimagepolicies + singular: clusterimagepolicy + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "ClusterImagePolicy holds cluster-wide configuration for image + signature verification \n Compatibility level 4: No compatibility is provided, + the API can change at any point for any reason. These capabilities should + not be used by applications needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec contains the configuration for the cluster image policy. + properties: + policy: + description: policy contains configuration to allow scopes to be verified, + and defines how images not matching the verification policy will + be treated. + properties: + rootOfTrust: + description: rootOfTrust specifies the root of trust for the policy. + properties: + fulcioCAWithRekor: + description: 'fulcioCAWithRekor defines the root of trust + based on the Fulcio certificate and the Rekor public key. + For more information about Fulcio and Rekor, please refer + to the document at: https://github.com/sigstore/fulcio and + https://github.com/sigstore/rekor' + properties: + fulcioCAData: + description: fulcioCAData contains inline base64-encoded + data for the PEM format fulcio CA. fulcioCAData must + be at most 8192 characters. + format: byte + maxLength: 8192 + type: string + fulcioSubject: + description: fulcioSubject specifies OIDC issuer and the + email of the Fulcio authentication configuration. + properties: + oidcIssuer: + description: 'oidcIssuer contains the expected OIDC + issuer. It will be verified that the Fulcio-issued + certificate contains a (Fulcio-defined) certificate + extension pointing at this OIDC issuer URL. When + Fulcio issues certificates, it includes a value + based on an URL inside the client-provided ID token. + Example: "https://expected.OIDC.issuer/"' + type: string + x-kubernetes-validations: + - message: oidcIssuer must be a valid URL + rule: isURL(self) + signedEmail: + description: 'signedEmail holds the email address + the the Fulcio certificate is issued for. Example: + "expected-signing-user@example.com"' + type: string + x-kubernetes-validations: + - message: invalid email address + rule: self.matches('^\\S+@\\S+$') + required: + - oidcIssuer + - signedEmail + type: object + rekorKeyData: + description: rekorKeyData contains inline base64-encoded + data for the PEM format from the Rekor public key. rekorKeyData + must be at most 8192 characters. + format: byte + maxLength: 8192 + type: string + required: + - fulcioCAData + - fulcioSubject + - rekorKeyData + type: object + policyType: + description: policyType serves as the union's discriminator. + Users are required to assign a value to this field, choosing + one of the policy types that define the root of trust. "PublicKey" + indicates that the policy relies on a sigstore publicKey + and may optionally use a Rekor verification. "FulcioCAWithRekor" + indicates that the policy is based on the Fulcio certification + and incorporates a Rekor verification. + enum: + - PublicKey + - FulcioCAWithRekor + type: string + publicKey: + description: publicKey defines the root of trust based on + a sigstore public key. + properties: + keyData: + description: keyData contains inline base64-encoded data + for the PEM format public key. KeyData must be at most + 8192 characters. + format: byte + maxLength: 8192 + type: string + rekorKeyData: + description: rekorKeyData contains inline base64-encoded + data for the PEM format from the Rekor public key. rekorKeyData + must be at most 8192 characters. + format: byte + maxLength: 8192 + type: string + required: + - keyData + type: object + required: + - policyType + type: object + x-kubernetes-validations: + - message: publicKey is required when policyType is PublicKey, + and forbidden otherwise + rule: 'has(self.policyType) && self.policyType == ''PublicKey'' + ? has(self.publicKey) : !has(self.publicKey)' + - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, + and forbidden otherwise + rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' + ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' + signedIdentity: + description: signedIdentity specifies what image identity the + signature claims about the image. The required matchPolicy field + specifies the approach used in the verification process to verify + the identity in the signature and the actual image identity, + the default matchPolicy is "MatchRepoDigestOrExact". + properties: + exactRepository: + description: exactRepository is required if matchPolicy is + set to "ExactRepository". + properties: + repository: + description: repository is the reference of the image + identity to be matched. The value should be a repository + name (by omitting the tag or digest) in a registry implementing + the "Docker Registry HTTP API V2". For example, docker.io/library/busybox + maxLength: 512 + type: string + x-kubernetes-validations: + - message: invalid repository or prefix in the signedIdentity, + should not include the tag or digest + rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? + self.matches(''^(localhost:[0-9]+)$''): true' + - message: invalid repository or prefix in the signedIdentity + rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') + required: + - repository + type: object + matchPolicy: + description: matchPolicy sets the type of matching to be used. + Valid values are "MatchRepoDigestOrExact", "MatchRepository", + "ExactRepository", "RemapIdentity". When omitted, the default + value is "MatchRepoDigestOrExact". If set matchPolicy to + ExactRepository, then the exactRepository must be specified. + If set matchPolicy to RemapIdentity, then the remapIdentity + must be specified. "MatchRepoDigestOrExact" means that the + identity in the signature must be in the same repository + as the image identity if the image identity is referenced + by a digest. Otherwise, the identity in the signature must + be the same as the image identity. "MatchRepository" means + that the identity in the signature must be in the same repository + as the image identity. "ExactRepository" means that the + identity in the signature must be in the same repository + as a specific identity specified by "repository". "RemapIdentity" + means that the signature must be in the same as the remapped + image identity. Remapped image identity is obtained by replacing + the "prefix" with the specified “signedPrefix” if the the + image identity matches the specified remapPrefix. + enum: + - MatchRepoDigestOrExact + - MatchRepository + - ExactRepository + - RemapIdentity + type: string + remapIdentity: + description: remapIdentity is required if matchPolicy is set + to "RemapIdentity". + properties: + prefix: + description: prefix is the prefix of the image identity + to be matched. If the image identity matches the specified + prefix, that prefix is replaced by the specified “signedPrefix” + (otherwise it is used as unchanged and no remapping + takes place). This useful when verifying signatures + for a mirror of some other repository namespace that + preserves the vendor’s repository structure. The prefix + and signedPrefix values can be either host[:port] values + (matching exactly the same host[:port], string), repository + namespaces, or repositories (i.e. they must not contain + tags/digests), and match as prefixes of the fully expanded + form. For example, docker.io/library/busybox (not busybox) + to specify that single repository, or docker.io/library + (not an empty string) to specify the parent namespace + of docker.io/library/busybox. + maxLength: 512 + type: string + x-kubernetes-validations: + - message: invalid repository or prefix in the signedIdentity, + should not include the tag or digest + rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? + self.matches(''^(localhost:[0-9]+)$''): true' + - message: invalid repository or prefix in the signedIdentity + rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') + signedPrefix: + description: signedPrefix is the prefix of the image identity + to be matched in the signature. The format is the same + as "prefix". The values can be either host[:port] values + (matching exactly the same host[:port], string), repository + namespaces, or repositories (i.e. they must not contain + tags/digests), and match as prefixes of the fully expanded + form. For example, docker.io/library/busybox (not busybox) + to specify that single repository, or docker.io/library + (not an empty string) to specify the parent namespace + of docker.io/library/busybox. + maxLength: 512 + type: string + x-kubernetes-validations: + - message: invalid repository or prefix in the signedIdentity, + should not include the tag or digest + rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? + self.matches(''^(localhost:[0-9]+)$''): true' + - message: invalid repository or prefix in the signedIdentity + rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') + required: + - prefix + - signedPrefix + type: object + required: + - matchPolicy + type: object + x-kubernetes-validations: + - message: exactRepository is required when matchPolicy is ExactRepository, + and forbidden otherwise + rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') + ? has(self.exactRepository) : !has(self.exactRepository)' + - message: remapIdentity is required when matchPolicy is RemapIdentity, + and forbidden otherwise + rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') + ? has(self.remapIdentity) : !has(self.remapIdentity)' + required: + - rootOfTrust + type: object + scopes: + description: 'scopes defines the list of image identities assigned + to a policy. Each item refers to a scope in a registry implementing + the "Docker Registry HTTP API V2". Scopes matching individual images + are named Docker references in the fully expanded form, either using + a tag or digest. For example, docker.io/library/busybox:latest (not + busybox:latest). More general scopes are prefixes of individual-image + scopes, and specify a repository (by omitting the tag or digest), + a repository namespace, or a registry host (by only specifying the + host name and possibly a port number) or a wildcard expression starting + with `*.`, for matching all subdomains (not including a port number). + Wildcards are only supported for subdomain matching, and may not + be used in the middle of the host, i.e. *.example.com is a valid + case, but example*.*.com is not. Please be aware that the scopes + should not be nested under the repositories of OpenShift Container + Platform images. If configured, the policies for OpenShift Container + Platform repositories will not be in effect. For additional details + about the format, please refer to the document explaining the docker + transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' + items: + maxLength: 512 + type: string + x-kubernetes-validations: + - message: invalid image scope format, scope must contain a fully + qualified domain name or 'localhost' + rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] + == ''localhost'' : true' + - message: invalid image scope with wildcard, a wildcard can only + be at the start of the domain and is only supported for subdomain + matching, not path matching + rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') + : true' + - message: invalid repository namespace or image specification in + the image scope + rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') + : true' + maxItems: 256 + type: array + x-kubernetes-list-type: set + required: + - policy + - scopes + type: object + status: + description: status contains the observed state of the resource. + properties: + conditions: + description: conditions provide details on the status of this API + Resource. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_imagepolicies-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_imagepolicies-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..38d721a9aba --- /dev/null +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_imagepolicies-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,398 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1457 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: imagepolicies.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ImagePolicy + listKind: ImagePolicyList + plural: imagepolicies + singular: imagepolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "ImagePolicy holds namespace-wide configuration for image signature + verification \n Compatibility level 4: No compatibility is provided, the + API can change at any point for any reason. These capabilities should not + be used by applications needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + policy: + description: policy contains configuration to allow scopes to be verified, + and defines how images not matching the verification policy will + be treated. + properties: + rootOfTrust: + description: rootOfTrust specifies the root of trust for the policy. + properties: + fulcioCAWithRekor: + description: 'fulcioCAWithRekor defines the root of trust + based on the Fulcio certificate and the Rekor public key. + For more information about Fulcio and Rekor, please refer + to the document at: https://github.com/sigstore/fulcio and + https://github.com/sigstore/rekor' + properties: + fulcioCAData: + description: fulcioCAData contains inline base64-encoded + data for the PEM format fulcio CA. fulcioCAData must + be at most 8192 characters. + format: byte + maxLength: 8192 + type: string + fulcioSubject: + description: fulcioSubject specifies OIDC issuer and the + email of the Fulcio authentication configuration. + properties: + oidcIssuer: + description: 'oidcIssuer contains the expected OIDC + issuer. It will be verified that the Fulcio-issued + certificate contains a (Fulcio-defined) certificate + extension pointing at this OIDC issuer URL. When + Fulcio issues certificates, it includes a value + based on an URL inside the client-provided ID token. + Example: "https://expected.OIDC.issuer/"' + type: string + x-kubernetes-validations: + - message: oidcIssuer must be a valid URL + rule: isURL(self) + signedEmail: + description: 'signedEmail holds the email address + the the Fulcio certificate is issued for. Example: + "expected-signing-user@example.com"' + type: string + x-kubernetes-validations: + - message: invalid email address + rule: self.matches('^\\S+@\\S+$') + required: + - oidcIssuer + - signedEmail + type: object + rekorKeyData: + description: rekorKeyData contains inline base64-encoded + data for the PEM format from the Rekor public key. rekorKeyData + must be at most 8192 characters. + format: byte + maxLength: 8192 + type: string + required: + - fulcioCAData + - fulcioSubject + - rekorKeyData + type: object + policyType: + description: policyType serves as the union's discriminator. + Users are required to assign a value to this field, choosing + one of the policy types that define the root of trust. "PublicKey" + indicates that the policy relies on a sigstore publicKey + and may optionally use a Rekor verification. "FulcioCAWithRekor" + indicates that the policy is based on the Fulcio certification + and incorporates a Rekor verification. + enum: + - PublicKey + - FulcioCAWithRekor + type: string + publicKey: + description: publicKey defines the root of trust based on + a sigstore public key. + properties: + keyData: + description: keyData contains inline base64-encoded data + for the PEM format public key. KeyData must be at most + 8192 characters. + format: byte + maxLength: 8192 + type: string + rekorKeyData: + description: rekorKeyData contains inline base64-encoded + data for the PEM format from the Rekor public key. rekorKeyData + must be at most 8192 characters. + format: byte + maxLength: 8192 + type: string + required: + - keyData + type: object + required: + - policyType + type: object + x-kubernetes-validations: + - message: publicKey is required when policyType is PublicKey, + and forbidden otherwise + rule: 'has(self.policyType) && self.policyType == ''PublicKey'' + ? has(self.publicKey) : !has(self.publicKey)' + - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, + and forbidden otherwise + rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' + ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' + signedIdentity: + description: signedIdentity specifies what image identity the + signature claims about the image. The required matchPolicy field + specifies the approach used in the verification process to verify + the identity in the signature and the actual image identity, + the default matchPolicy is "MatchRepoDigestOrExact". + properties: + exactRepository: + description: exactRepository is required if matchPolicy is + set to "ExactRepository". + properties: + repository: + description: repository is the reference of the image + identity to be matched. The value should be a repository + name (by omitting the tag or digest) in a registry implementing + the "Docker Registry HTTP API V2". For example, docker.io/library/busybox + maxLength: 512 + type: string + x-kubernetes-validations: + - message: invalid repository or prefix in the signedIdentity, + should not include the tag or digest + rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? + self.matches(''^(localhost:[0-9]+)$''): true' + - message: invalid repository or prefix in the signedIdentity + rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') + required: + - repository + type: object + matchPolicy: + description: matchPolicy sets the type of matching to be used. + Valid values are "MatchRepoDigestOrExact", "MatchRepository", + "ExactRepository", "RemapIdentity". When omitted, the default + value is "MatchRepoDigestOrExact". If set matchPolicy to + ExactRepository, then the exactRepository must be specified. + If set matchPolicy to RemapIdentity, then the remapIdentity + must be specified. "MatchRepoDigestOrExact" means that the + identity in the signature must be in the same repository + as the image identity if the image identity is referenced + by a digest. Otherwise, the identity in the signature must + be the same as the image identity. "MatchRepository" means + that the identity in the signature must be in the same repository + as the image identity. "ExactRepository" means that the + identity in the signature must be in the same repository + as a specific identity specified by "repository". "RemapIdentity" + means that the signature must be in the same as the remapped + image identity. Remapped image identity is obtained by replacing + the "prefix" with the specified “signedPrefix” if the the + image identity matches the specified remapPrefix. + enum: + - MatchRepoDigestOrExact + - MatchRepository + - ExactRepository + - RemapIdentity + type: string + remapIdentity: + description: remapIdentity is required if matchPolicy is set + to "RemapIdentity". + properties: + prefix: + description: prefix is the prefix of the image identity + to be matched. If the image identity matches the specified + prefix, that prefix is replaced by the specified “signedPrefix” + (otherwise it is used as unchanged and no remapping + takes place). This useful when verifying signatures + for a mirror of some other repository namespace that + preserves the vendor’s repository structure. The prefix + and signedPrefix values can be either host[:port] values + (matching exactly the same host[:port], string), repository + namespaces, or repositories (i.e. they must not contain + tags/digests), and match as prefixes of the fully expanded + form. For example, docker.io/library/busybox (not busybox) + to specify that single repository, or docker.io/library + (not an empty string) to specify the parent namespace + of docker.io/library/busybox. + maxLength: 512 + type: string + x-kubernetes-validations: + - message: invalid repository or prefix in the signedIdentity, + should not include the tag or digest + rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? + self.matches(''^(localhost:[0-9]+)$''): true' + - message: invalid repository or prefix in the signedIdentity + rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') + signedPrefix: + description: signedPrefix is the prefix of the image identity + to be matched in the signature. The format is the same + as "prefix". The values can be either host[:port] values + (matching exactly the same host[:port], string), repository + namespaces, or repositories (i.e. they must not contain + tags/digests), and match as prefixes of the fully expanded + form. For example, docker.io/library/busybox (not busybox) + to specify that single repository, or docker.io/library + (not an empty string) to specify the parent namespace + of docker.io/library/busybox. + maxLength: 512 + type: string + x-kubernetes-validations: + - message: invalid repository or prefix in the signedIdentity, + should not include the tag or digest + rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? + self.matches(''^(localhost:[0-9]+)$''): true' + - message: invalid repository or prefix in the signedIdentity + rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') + required: + - prefix + - signedPrefix + type: object + required: + - matchPolicy + type: object + x-kubernetes-validations: + - message: exactRepository is required when matchPolicy is ExactRepository, + and forbidden otherwise + rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') + ? has(self.exactRepository) : !has(self.exactRepository)' + - message: remapIdentity is required when matchPolicy is RemapIdentity, + and forbidden otherwise + rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') + ? has(self.remapIdentity) : !has(self.remapIdentity)' + required: + - rootOfTrust + type: object + scopes: + description: 'scopes defines the list of image identities assigned + to a policy. Each item refers to a scope in a registry implementing + the "Docker Registry HTTP API V2". Scopes matching individual images + are named Docker references in the fully expanded form, either using + a tag or digest. For example, docker.io/library/busybox:latest (not + busybox:latest). More general scopes are prefixes of individual-image + scopes, and specify a repository (by omitting the tag or digest), + a repository namespace, or a registry host (by only specifying the + host name and possibly a port number) or a wildcard expression starting + with `*.`, for matching all subdomains (not including a port number). + Wildcards are only supported for subdomain matching, and may not + be used in the middle of the host, i.e. *.example.com is a valid + case, but example*.*.com is not. Please be aware that the scopes + should not be nested under the repositories of OpenShift Container + Platform images. If configured, the policies for OpenShift Container + Platform repositories will not be in effect. For additional details + about the format, please refer to the document explaining the docker + transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' + items: + maxLength: 512 + type: string + x-kubernetes-validations: + - message: invalid image scope format, scope must contain a fully + qualified domain name or 'localhost' + rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] + == ''localhost'' : true' + - message: invalid image scope with wildcard, a wildcard can only + be at the start of the domain and is only supported for subdomain + matching, not path matching + rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') + : true' + - message: invalid repository namespace or image specification in + the image scope + rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') + : true' + maxItems: 256 + type: array + x-kubernetes-list-type: set + required: + - policy + - scopes + type: object + status: + description: status contains the observed state of the resource. + properties: + conditions: + description: conditions provide details on the status of this API + Resource. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..3d8946b93cf --- /dev/null +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_insightsdatagathers-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,88 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1245 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: insightsdatagathers.config.openshift.io +spec: + group: config.openshift.io + names: + kind: InsightsDataGather + listKind: InsightsDataGatherList + plural: insightsdatagathers + singular: insightsdatagather + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "InsightsDataGather provides data gather configuration options + for the the Insights Operator. \n Compatibility level 4: No compatibility + is provided, the API can change at any point for any reason. These capabilities + should not be used by applications needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + gatherConfig: + description: gatherConfig spec attribute includes all the configuration + options related to gathering of the Insights data and its uploading + to the ingress. + properties: + dataPolicy: + description: dataPolicy allows user to enable additional global + obfuscation of the IP addresses and base domain in the Insights + archive data. Valid values are "None" and "ObfuscateNetworking". + When set to None the data is not obfuscated. When set to ObfuscateNetworking + the IP addresses and the cluster domain name are obfuscated. + When omitted, this means no opinion and the platform is left + to choose a reasonable default, which is subject to change over + time. The current default is None. + enum: + - "" + - None + - ObfuscateNetworking + type: string + disabledGatherers: + description: 'disabledGatherers is a list of gatherers to be excluded + from the gathering. All the gatherers can be disabled by providing + "all" value. If all the gatherers are disabled, the Insights + operator does not gather any data. The particular gatherers + IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. + Run the following command to get the names of last active gatherers: + "oc get insightsoperators.operator.openshift.io cluster -o json + | jq ''.status.gatherStatus.gatherers[].name''" An example of + disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", + "workloads/workload_info"]`' + items: + type: string + type: array + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-DevPreviewNoUpgrade.crd.yaml b/example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..969d1a94ace --- /dev/null +++ b/example/v1/zz_generated.crd-manifests/0000_50_my-operator_01_stableconfigtypes-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,201 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/xxx + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: stableconfigtypes.example.openshift.io +spec: + group: example.openshift.io + names: + kind: StableConfigType + listKind: StableConfigTypeList + plural: stableconfigtypes + singular: stableconfigtype + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "StableConfigType is a stable config type that may include TechPreviewNoUpgrade + fields. \n Compatibility level 1: Stable within a major release for a minimum + of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + StableConfigType. + properties: + celUnion: + description: celUnion demonstrates how to validate a discrminated + union using CEL + properties: + optionalMember: + description: optionalMember is a union member that is optional. + type: string + requiredMember: + description: requiredMember is a union member that is required. + type: string + type: + description: type determines which of the union members should + be populated. + enum: + - RequiredMember + - OptionalMember + - EmptyMember + type: string + type: object + x-kubernetes-validations: + - message: requiredMember is required when type is RequiredMember, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''RequiredMember'' ? has(self.requiredMember) + : !has(self.requiredMember)' + - message: optionalMember is forbidden when type is not OptionalMember + rule: 'has(self.type) && self.type == ''OptionalMember'' ? true + : !has(self.optionalMember)' + coolNewField: + description: coolNewField is a field that is for tech preview only. On + normal clusters this shouldn't be present + type: string + evolvingUnion: + description: evolvingUnion demonstrates how to phase in new values + into discriminated union + properties: + type: + description: type is the discriminator. It has different values + for Default and for TechPreviewNoUpgrade + enum: + - "" + - StableValue + - TechPreviewOnlyValue + type: string + type: object + immutableField: + description: immutableField is a field that is immutable once the + object has been created. It is required at all times. + type: string + x-kubernetes-validations: + - message: immutableField is immutable + rule: self == oldSelf + optionalImmutableField: + description: optionalImmutableField is a field that is immutable once + set. It is optional but may not be changed once set. + type: string + x-kubernetes-validations: + - message: optionalImmutableField is immutable once set + rule: oldSelf == '' || self == oldSelf + stableField: + description: "stableField is a field that is present on default clusters + and on tech preview clusters \n If empty, the platform will choose + a good default, which may change over time without notice." + type: string + required: + - immutableField + type: object + x-kubernetes-validations: + - message: coolNewField may not be removed once set + rule: 'has(oldSelf.coolNewField) ? has(self.coolNewField) : true' + status: + description: status is the most recently observed status of the StableConfigType. + properties: + conditions: + description: 'Represents the observations of a foo''s current state. + Known .status.conditions.type are: "Available", "Progressing", and + "Degraded"' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + immutableField: + description: immutableField is a field that is immutable once the + object has been created. It is required at all times. + type: string + x-kubernetes-validations: + - message: immutableField is immutable + rule: self == oldSelf + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/example/v1alpha1/zz_generated.crd-manifests/0000_50_my-operator_01_notstableconfigtypes-DevPreviewNoUpgrade.crd.yaml b/example/v1alpha1/zz_generated.crd-manifests/0000_50_my-operator_01_notstableconfigtypes-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..13650b2a3e7 --- /dev/null +++ b/example/v1alpha1/zz_generated.crd-manifests/0000_50_my-operator_01_notstableconfigtypes-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,131 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/xxx + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: notstableconfigtypes.example.openshift.io +spec: + group: example.openshift.io + names: + kind: NotStableConfigType + listKind: NotStableConfigTypeList + plural: notstableconfigtypes + singular: notstableconfigtype + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "NotStableConfigType is a stable config type that is TechPreviewNoUpgrade + only. \n Compatibility level 4: No compatibility is provided, the API can + change at any point for any reason. These capabilities should not be used + by applications needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + NotStableConfigType. + properties: + newField: + description: newField is a field that is tech preview, but because + the entire type is gated, there is no marker on the field. + type: string + required: + - newField + type: object + status: + description: status is the most recently observed status of the NotStableConfigType. + properties: + conditions: + description: 'Represents the observations of a foo''s current state. + Known .status.conditions.type are: "Available", "Progressing", and + "Degraded"' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true diff --git a/features.md b/features.md index 8f6c752462b..b9000e90eb9 100644 --- a/features.md +++ b/features.md @@ -1,60 +1,63 @@ -| FeatureGate | Default on Hypershift | Default on SelfManagedHA | TechPreviewNoUpgrade on Hypershift | TechPreviewNoUpgrade on SelfManagedHA | -| ------ | --- | --- | --- | --- | -| AutomatedEtcdBackup| | | Enabled | Enabled | -| CSIDriverSharedResource| | | Enabled | Enabled | -| DNSNameResolver| | | Enabled | Enabled | -| DynamicResourceAllocation| | | Enabled | Enabled | -| Example| | | Enabled | Enabled | -| ExternalRouteCertificate| | | Enabled | Enabled | -| GCPClusterHostedDNS| | | Enabled | Enabled | -| GCPLabelsTags| | | Enabled | Enabled | -| GatewayAPI| | | Enabled | Enabled | -| HardwareSpeed| | | Enabled | Enabled | -| ImagePolicy| | | Enabled | Enabled | -| InsightsConfig| | | Enabled | Enabled | -| InsightsConfigAPI| | | Enabled | Enabled | -| InsightsOnDemandDataGather| | | Enabled | Enabled | -| InstallAlternateInfrastructureAWS| | | Enabled | Enabled | -| MachineAPIProviderOpenStack| | | Enabled | Enabled | -| MachineConfigNodes| | | Enabled | Enabled | -| ManagedBootImages| | | Enabled | Enabled | -| MaxUnavailableStatefulSet| | | Enabled | Enabled | -| MetricsCollectionProfiles| | | Enabled | Enabled | -| MetricsServer| | | Enabled | Enabled | -| MixedCPUsAllocation| | | Enabled | Enabled | -| NetworkDiagnosticsConfig| | | Enabled | Enabled | -| NewOLM| | | Enabled | Enabled | -| NodeDisruptionPolicy| | | Enabled | Enabled | -| NodeSwap| | | Enabled | Enabled | -| OnClusterBuild| | | Enabled | Enabled | -| PinnedImages| | | Enabled | Enabled | -| PlatformOperators| | | Enabled | Enabled | -| RouteExternalCertificate| | | Enabled | Enabled | -| ServiceAccountTokenNodeBinding| | | Enabled | Enabled | -| ServiceAccountTokenNodeBindingValidation| | | Enabled | Enabled | -| ServiceAccountTokenPodNodeInfo| | | Enabled | Enabled | -| SignatureStores| | | Enabled | Enabled | -| SigstoreImageVerification| | | Enabled | Enabled | -| TranslateStreamCloseWebsocketRequests| | | Enabled | Enabled | -| UpgradeStatus| | | Enabled | Enabled | -| VSphereDriverConfiguration| | | Enabled | Enabled | -| ValidatingAdmissionPolicy| | | Enabled | Enabled | -| VolumeGroupSnapshot| | | Enabled | Enabled | -| ExternalOIDC| Enabled | | Enabled | Enabled | -| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | -| AlibabaPlatform| Enabled | Enabled | Enabled | Enabled | -| AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | -| BareMetalLoadBalancer| Enabled | Enabled | Enabled | Enabled | -| BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | -| CloudDualStackNodeIPs| Enabled | Enabled | Enabled | Enabled | -| DisableKubeletCloudCredentialProviders| Enabled | Enabled | Enabled | Enabled | -| ExternalCloudProvider| Enabled | Enabled | Enabled | Enabled | -| ExternalCloudProviderAzure| Enabled | Enabled | Enabled | Enabled | -| ExternalCloudProviderExternal| Enabled | Enabled | Enabled | Enabled | -| ExternalCloudProviderGCP| Enabled | Enabled | Enabled | Enabled | -| KMSv1| Enabled | Enabled | Enabled | Enabled | -| NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | -| OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | -| PrivateHostedZoneAWS| Enabled | Enabled | Enabled | Enabled | -| VSphereControlPlaneMachineSet| Enabled | Enabled | Enabled | Enabled | -| VSphereStaticIPs| Enabled | Enabled | Enabled | Enabled | +| FeatureGate | Default on Hypershift | Default on SelfManagedHA | DevPreviewNoUpgrade on Hypershift | DevPreviewNoUpgrade on SelfManagedHA | TechPreviewNoUpgrade on Hypershift | TechPreviewNoUpgrade on SelfManagedHA | +| ------ | --- | --- | --- | --- | --- | --- | +| ClusterAPIInstall| | | | | | | +| EventedPLEG| | | | | | | +| MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | +| AutomatedEtcdBackup| | | Enabled | Enabled | Enabled | Enabled | +| CSIDriverSharedResource| | | Enabled | Enabled | Enabled | Enabled | +| DNSNameResolver| | | Enabled | Enabled | Enabled | Enabled | +| DynamicResourceAllocation| | | Enabled | Enabled | Enabled | Enabled | +| Example| | | Enabled | Enabled | Enabled | Enabled | +| ExternalRouteCertificate| | | Enabled | Enabled | Enabled | Enabled | +| GCPClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | +| GCPLabelsTags| | | Enabled | Enabled | Enabled | Enabled | +| GatewayAPI| | | Enabled | Enabled | Enabled | Enabled | +| HardwareSpeed| | | Enabled | Enabled | Enabled | Enabled | +| ImagePolicy| | | Enabled | Enabled | Enabled | Enabled | +| InsightsConfig| | | Enabled | Enabled | Enabled | Enabled | +| InsightsConfigAPI| | | Enabled | Enabled | Enabled | Enabled | +| InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled | +| InstallAlternateInfrastructureAWS| | | Enabled | Enabled | Enabled | Enabled | +| MachineAPIProviderOpenStack| | | Enabled | Enabled | Enabled | Enabled | +| MachineConfigNodes| | | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImages| | | Enabled | Enabled | Enabled | Enabled | +| MaxUnavailableStatefulSet| | | Enabled | Enabled | Enabled | Enabled | +| MetricsCollectionProfiles| | | Enabled | Enabled | Enabled | Enabled | +| MetricsServer| | | Enabled | Enabled | Enabled | Enabled | +| MixedCPUsAllocation| | | Enabled | Enabled | Enabled | Enabled | +| NetworkDiagnosticsConfig| | | Enabled | Enabled | Enabled | Enabled | +| NewOLM| | | Enabled | Enabled | Enabled | Enabled | +| NodeDisruptionPolicy| | | Enabled | Enabled | Enabled | Enabled | +| NodeSwap| | | Enabled | Enabled | Enabled | Enabled | +| OnClusterBuild| | | Enabled | Enabled | Enabled | Enabled | +| PinnedImages| | | Enabled | Enabled | Enabled | Enabled | +| PlatformOperators| | | Enabled | Enabled | Enabled | Enabled | +| RouteExternalCertificate| | | Enabled | Enabled | Enabled | Enabled | +| ServiceAccountTokenNodeBinding| | | Enabled | Enabled | Enabled | Enabled | +| ServiceAccountTokenNodeBindingValidation| | | Enabled | Enabled | Enabled | Enabled | +| ServiceAccountTokenPodNodeInfo| | | Enabled | Enabled | Enabled | Enabled | +| SignatureStores| | | Enabled | Enabled | Enabled | Enabled | +| SigstoreImageVerification| | | Enabled | Enabled | Enabled | Enabled | +| TranslateStreamCloseWebsocketRequests| | | Enabled | Enabled | Enabled | Enabled | +| UpgradeStatus| | | Enabled | Enabled | Enabled | Enabled | +| VSphereDriverConfiguration| | | Enabled | Enabled | Enabled | Enabled | +| ValidatingAdmissionPolicy| | | Enabled | Enabled | Enabled | Enabled | +| VolumeGroupSnapshot| | | Enabled | Enabled | Enabled | Enabled | +| ExternalOIDC| Enabled | | Enabled | Enabled | Enabled | Enabled | +| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| AlibabaPlatform| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| BareMetalLoadBalancer| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| CloudDualStackNodeIPs| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| DisableKubeletCloudCredentialProviders| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ExternalCloudProvider| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ExternalCloudProviderAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ExternalCloudProviderExternal| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ExternalCloudProviderGCP| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| PrivateHostedZoneAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| VSphereControlPlaneMachineSet| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| VSphereStaticIPs| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/insights/v1alpha1/zz_generated.crd-manifests/0000_10_insights_01_datagathers-DevPreviewNoUpgrade.crd.yaml b/insights/v1alpha1/zz_generated.crd-manifests/0000_10_insights_01_datagathers-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..271636770f6 --- /dev/null +++ b/insights/v1alpha1/zz_generated.crd-manifests/0000_10_insights_01_datagathers-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,435 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1365 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: datagathers.insights.openshift.io +spec: + group: insights.openshift.io + names: + kind: DataGather + listKind: DataGatherList + plural: datagathers + singular: datagather + scope: Cluster + versions: + - additionalPrinterColumns: + - description: DataGather job state + jsonPath: .status.dataGatherState + name: State + type: string + - description: DataGather start time + jsonPath: .status.startTime + name: StartTime + type: date + - description: DataGather finish time + jsonPath: .status.finishTime + name: FinishTime + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: "DataGather provides data gather configuration options and status + for the particular Insights data gathering. \n Compatibility level 4: No + compatibility is provided, the API can change at any point for any reason. + These capabilities should not be used by applications needing long term + support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + dataPolicy: + description: dataPolicy allows user to enable additional global obfuscation + of the IP addresses and base domain in the Insights archive data. + Valid values are "ClearText" and "ObfuscateNetworking". When set + to ClearText the data is not obfuscated. When set to ObfuscateNetworking + the IP addresses and the cluster domain name are obfuscated. When + omitted, this means no opinion and the platform is left to choose + a reasonable default, which is subject to change over time. The + current default is ClearText. + enum: + - "" + - ClearText + - ObfuscateNetworking + type: string + gatherers: + description: 'gatherers is a list of gatherers configurations. The + particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. + Run the following command to get the names of last active gatherers: + "oc get insightsoperators.operator.openshift.io cluster -o json + | jq ''.status.gatherStatus.gatherers[].name''"' + items: + description: gathererConfig allows to configure specific gatherers + properties: + name: + description: name is the name of specific gatherer + type: string + state: + description: state allows you to configure specific gatherer. + Valid values are "Enabled", "Disabled" and omitted. When omitted, + this means no opinion and the platform is left to choose a + reasonable default. The current default is Enabled. + enum: + - "" + - Enabled + - Disabled + type: string + required: + - name + type: object + type: array + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions provide details on the status of the gatherer + job. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + dataGatherState: + description: dataGatherState reflects the current state of the data + gathering process. + enum: + - Running + - Completed + - Failed + - Pending + type: string + x-kubernetes-validations: + - message: dataGatherState cannot transition from Running to Pending + rule: '!(oldSelf == ''Running'' && self == ''Pending'')' + - message: dataGatherState cannot transition from Completed to Pending + rule: '!(oldSelf == ''Completed'' && self == ''Pending'')' + - message: dataGatherState cannot transition from Failed to Pending + rule: '!(oldSelf == ''Failed'' && self == ''Pending'')' + - message: dataGatherState cannot transition from Completed to Running + rule: '!(oldSelf == ''Completed'' && self == ''Running'')' + - message: dataGatherState cannot transition from Failed to Running + rule: '!(oldSelf == ''Failed'' && self == ''Running'')' + finishTime: + description: finishTime is the time when Insights data gathering finished. + format: date-time + type: string + x-kubernetes-validations: + - message: finishTime is immutable once set + rule: self == oldSelf + gatherers: + description: gatherers is a list of active gatherers (and their statuses) + in the last gathering. + items: + description: gathererStatus represents information about a particular + data gatherer. + properties: + conditions: + description: conditions provide details on the status of each + gatherer. + items: + description: "Condition contains details for one aspect of + the current state of this API Resource. --- This struct + is intended for direct use as an array at the field path + .status.conditions. For example, \n type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: \"Available\", \"Progressing\", + and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields + }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should + be when the underlying condition changed. If that is + not known, then using the time when the API field changed + is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, + if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the + current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. The value should + be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across + resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability + to deconflict is important. The regex it matches is + (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + lastGatherDuration: + description: lastGatherDuration represents the time spent gathering. + pattern: ^([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + name: + description: name is the name of the gatherer. + maxLength: 256 + minLength: 5 + type: string + required: + - conditions + - lastGatherDuration + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + insightsReport: + description: insightsReport provides general Insights analysis results. + When omitted, this means no data gathering has taken place yet or + the corresponding Insights analysis (identified by "insightsRequestID") + is not available. + properties: + downloadedAt: + description: downloadedAt is the time when the last Insights report + was downloaded. An empty value means that there has not been + any Insights report downloaded yet and it usually appears in + disconnected clusters (or clusters when the Insights data gathering + is disabled). + format: date-time + type: string + healthChecks: + description: healthChecks provides basic information about active + Insights health checks in a cluster. + items: + description: healthCheck represents an Insights health check + attributes. + properties: + advisorURI: + description: advisorURI provides the URL link to the Insights + Advisor. + pattern: ^https:\/\/\S+ + type: string + description: + description: description provides basic description of the + healtcheck. + maxLength: 2048 + minLength: 10 + type: string + state: + description: state determines what the current state of + the health check is. Health check is enabled by default + and can be disabled by the user in the Insights advisor + user interface. + enum: + - Enabled + - Disabled + type: string + totalRisk: + description: totalRisk of the healthcheck. Indicator of + the total risk posed by the detected issue; combination + of impact and likelihood. The values can be from 1 to + 4, and the higher the number, the more important the issue. + format: int32 + maximum: 4 + minimum: 1 + type: integer + required: + - advisorURI + - description + - state + - totalRisk + type: object + type: array + x-kubernetes-list-type: atomic + uri: + description: uri provides the URL link from which the report was + downloaded. + pattern: ^https:\/\/\S+ + type: string + type: object + insightsRequestID: + description: insightsRequestID is an Insights request ID to track + the status of the Insights analysis (in console.redhat.com processing + pipeline) for the corresponding Insights data archive. + type: string + x-kubernetes-validations: + - message: insightsRequestID is immutable once set + rule: self == oldSelf + relatedObjects: + description: relatedObjects is a list of resources which are useful + when debugging or inspecting the data gathering Pod + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + group: + description: 'group is the API Group of the Resource. Enter + empty string for the core group. This value should consist + of only lowercase alphanumeric characters, hyphens and periods. + Example: "", "apps", "build.openshift.io", etc.' + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: 'resource is the type that is being referenced. + It is normally the plural form of the resource kind in lowercase. + This value should consist of only lowercase alphanumeric characters + and hyphens. Example: "deployments", "deploymentconfigs", + "pods", etc.' + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - group + - name + - resource + type: object + type: array + startTime: + description: startTime is the time when Insights data gathering started. + format: date-time + type: string + x-kubernetes-validations: + - message: startTime is immutable once set + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: cannot remove insightsRequestID attribute from status + rule: (!has(oldSelf.insightsRequestID) || has(self.insightsRequestID)) + - message: cannot remove startTime attribute from status + rule: (!has(oldSelf.startTime) || has(self.startTime)) + - message: cannot remove finishTime attribute from status + rule: (!has(oldSelf.finishTime) || has(self.finishTime)) + - message: cannot remove dataGatherState attribute from status + rule: (!has(oldSelf.dataGatherState) || has(self.dataGatherState)) + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..a62c75eb2ec --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,2759 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: controllerconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ControllerConfig + listKind: ControllerConfigList + plural: controllerconfigs + singular: controllerconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ControllerConfig describes configuration for MachineConfigController. + This is currently only used to drive the MachineConfig objects generated + by the TemplateController. \n Compatibility level 1: Stable within a major + release for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControllerConfigSpec is the spec for ControllerConfig resource. + properties: + additionalTrustBundle: + description: additionalTrustBundle is a certificate bundle that will + be added to the nodes trusted certificate store. + format: byte + nullable: true + type: string + baseOSContainerImage: + description: BaseOSContainerImage is the new-format container image + for operating system updates. + type: string + baseOSExtensionsContainerImage: + description: BaseOSExtensionsContainerImage is the matching extensions + container for the new-format container + type: string + cloudProviderCAData: + description: cloudProvider specifies the cloud provider CA data + format: byte + nullable: true + type: string + cloudProviderConfig: + description: cloudProviderConfig is the configuration for the given + cloud provider + type: string + clusterDNSIP: + description: clusterDNSIP is the cluster DNS IP address + type: string + dns: + description: dns holds the cluster dns details + nullable: true + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'metadata is the standard object''s metadata. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: spec holds user settable values for configuration + properties: + baseDomain: + description: "baseDomain is the base domain of the cluster. + All managed DNS records will be sub-domains of this base. + \n For example, given the base domain `openshift.example.com`, + an API server DNS record may be created for `cluster-api.openshift.example.com`. + \n Once set, this field cannot be changed." + type: string + platform: + description: platform holds configuration specific to the + underlying infrastructure provider for DNS. When omitted, + this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject + to change over time. + properties: + aws: + description: aws contains DNS configuration specific to + the Amazon Web Services cloud provider. + properties: + privateZoneIAMRole: + description: privateZoneIAMRole contains the ARN of + an IAM role that should be assumed when performing + operations on the cluster's private hosted zone + specified in the cluster DNS config. When left empty, + no role should be assumed. + pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + type: string + type: object + type: + description: "type is the underlying infrastructure provider + for the cluster. Allowed values: \"\", \"AWS\". \n Individual + components may not support all platforms, and must handle + unrecognized platforms with best-effort defaults." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + x-kubernetes-validations: + - message: allowed values are '' and 'AWS' + rule: self in ['','AWS'] + required: + - type + type: object + x-kubernetes-validations: + - message: aws configuration is required when platform is + AWS, and forbidden otherwise + rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) + : !has(self.aws)' + privateZone: + description: "privateZone is the location where all the DNS + records that are only available internally to the cluster + exist. \n If this field is nil, no private records should + be created. \n Once set, this field cannot be changed." + properties: + id: + description: "id is the identifier that can be used to + find the DNS hosted zone. \n on AWS zone can be fetched + using `ID` as id in [1] on Azure zone can be fetched + using `ID` as a pre-determined name in [2], on GCP zone + can be fetched using `ID` as a pre-determined name in + [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + additionalProperties: + type: string + description: "tags can be used to query the DNS hosted + zone. \n on AWS, resourcegroupstaggingapi [1] can be + used to fetch a zone using `Tags` as tag-filters, \n + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + type: object + publicZone: + description: "publicZone is the location where all the DNS + records that are publicly accessible to the internet exist. + \n If this field is nil, no public records should be created. + \n Once set, this field cannot be changed." + properties: + id: + description: "id is the identifier that can be used to + find the DNS hosted zone. \n on AWS zone can be fetched + using `ID` as id in [1] on Azure zone can be fetched + using `ID` as a pre-determined name in [2], on GCP zone + can be fetched using `ID` as a pre-determined name in + [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + additionalProperties: + type: string + description: "tags can be used to query the DNS hosted + zone. \n on AWS, resourcegroupstaggingapi [1] can be + used to fetch a zone using `Tags` as tag-filters, \n + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + type: object + type: object + status: + description: status holds observed values from the cluster. They + may not be overridden. + type: object + required: + - spec + type: object + x-kubernetes-embedded-resource: true + etcdDiscoveryDomain: + description: etcdDiscoveryDomain is deprecated, use Infra.Status.EtcdDiscoveryDomain + instead + type: string + imageRegistryBundleData: + description: imageRegistryBundleData is the ImageRegistryData + items: + description: ImageRegistryBundle contains information for writing + image registry certificates + properties: + data: + description: data holds the contents of the bundle that will + be written to the file location + format: byte + type: string + file: + description: file holds the name of the file where the bundle + will be written to disk + type: string + required: + - data + - file + type: object + type: array + x-kubernetes-list-type: atomic + imageRegistryBundleUserData: + description: imageRegistryBundleUserData is Image Registry Data provided + by the user + items: + description: ImageRegistryBundle contains information for writing + image registry certificates + properties: + data: + description: data holds the contents of the bundle that will + be written to the file location + format: byte + type: string + file: + description: file holds the name of the file where the bundle + will be written to disk + type: string + required: + - data + - file + type: object + type: array + x-kubernetes-list-type: atomic + images: + additionalProperties: + type: string + description: images is map of images that are used by the controller + to render templates under ./templates/ + type: object + infra: + description: infra holds the infrastructure details + nullable: true + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'metadata is the standard object''s metadata. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: spec holds user settable values for configuration + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing + the cloud provider configuration file. This configuration + file is used to configure the Kubernetes cloud provider + integration when using the built-in cloud provider integration + or the external cloud controller manager. The namespace + for this config map is openshift-config. \n cloudConfig + should only be consumed by the kube_cloud_config controller. + The controller is responsible for using the user configuration + in the spec for various platforms and combining that with + the user provided ConfigMap in this field to create a stitched + kube cloud config. The controller generates a ConfigMap + `kube-cloud-config` in `openshift-config-managed` namespace + with the kube cloud config is stored in `cloud.conf` key. + All the clients are expected to use the generated ConfigMap + only." + properties: + key: + description: Key allows pointing to a specific key/value + inside of the configmap. This is useful for logical + file references. + type: string + name: + type: string + type: object + platformSpec: + description: platformSpec holds desired information specific + to the underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to + the Alibaba Cloud infrastructure provider. + type: object + aws: + description: AWS contains settings specific to the Amazon + Web Services infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom + endpoints which will override default service endpoint + of AWS Services. There must be only one ServiceEndpoint + for a service. + items: + description: AWSServiceEndpoint store the configuration + of a custom url to override existing defaults + of AWS Services. + properties: + name: + description: name is the name of the AWS service. + The list of all the service names can be found + at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with + scheme https, that overrides the default generated + endpoint for a client. This must be provided + and cannot be empty. + pattern: ^https:// + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + azure: + description: Azure contains settings specific to the Azure + infrastructure provider. + type: object + baremetal: + description: BareMetal contains settings specific to the + BareMetal platform. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. These are the IPs for a self-hosted + load balancer in front of the API servers. In dual + stack clusters this list contains two IP addresses, + one from IPv4 family and one from IPv6. In single + stack clusters a single IP address is expected. + When omitted, values from the status.apiServerInternalIPs + will be used. Once set, the list cannot be completely + removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most + one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() + : true' + ingressIPs: + description: ingressIPs are the external IPs which + route to the default ingress controller. The IPs + are suitable targets of a wildcard DNS record used + to resolve default route host names. In dual stack + clusters this list contains two IP addresses, one + from IPv4 family and one from IPv6. In single stack + clusters a single IP address is expected. When omitted, + values from the status.ingressIPs will be used. + Once set, the list cannot be completely removed + (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 + address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() + : true' + machineNetworks: + description: machineNetworks are IP networks used + to connect all the OpenShift cluster nodes. Each + network is provided in the CIDR format and should + be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR + notation (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once + set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + equinixMetal: + description: EquinixMetal contains settings specific to + the Equinix Metal infrastructure provider. + type: object + external: + description: ExternalPlatformType represents generic infrastructure + provider. Platform-specific components should be supplemented + separately. + properties: + platformName: + default: Unknown + description: PlatformName holds the arbitrary string + representing the infrastructure provider name, expected + to be set at the installation time. This field is + solely for informational and reporting purposes + and is not expected to be used for decision-making. + type: string + x-kubernetes-validations: + - message: platform name cannot be changed once set + rule: oldSelf == 'Unknown' || self == oldSelf + type: object + gcp: + description: GCP contains settings specific to the Google + Cloud Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the + IBMCloud infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the + kubevirt infrastructure provider. + type: object + nutanix: + description: Nutanix contains settings specific to the + Nutanix infrastructure provider. + properties: + failureDomains: + description: failureDomains configures failure domains + information for the Nutanix platform. When set, + the failure domains defined here may be used to + spread Machines across prism element clusters to + improve fault tolerance of the cluster. + items: + description: NutanixFailureDomain configures failure + domain information for the Nutanix platform. + properties: + cluster: + description: cluster is to identify the cluster + (the Prism Element under management of the + Prism Central), in which the Machine's VM + will be created. The cluster identifier (uuid + or name) can be obtained from the Prism Central + console or using the prism_central API. + properties: + name: + description: name is the resource name in + the PC. It cannot be empty if the type + is Name. + type: string + type: + description: type is the identifier type + to use for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource + in the PC. It cannot be empty if the type + is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when + type is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' + ? has(self.uuid) : !has(self.uuid)' + - message: name configuration is required when + type is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' + ? has(self.name) : !has(self.name)' + name: + description: name defines the unique name of + a failure domain. Name is required and must + be at most 64 characters in length. It must + consist of only lower case alphanumeric characters + and hyphens (-). It must start and end with + an alphanumeric character. This value is arbitrary + and is used to identify the failure domain + within the platform. + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + type: string + subnets: + description: subnets holds a list of identifiers + (one or more) of the cluster's network subnets + for the Machine's VM to connect to. The subnet + identifiers (uuid or name) can be obtained + from the Prism Central console or using the + prism_central API. + items: + description: NutanixResourceIdentifier holds + the identity of a Nutanix PC resource (cluster, + image, subnet, etc.) + properties: + name: + description: name is the resource name + in the PC. It cannot be empty if the + type is Name. + type: string + type: + description: type is the identifier type + to use for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource + in the PC. It cannot be empty if the + type is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required + when type is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' + ? has(self.uuid) : !has(self.uuid)' + - message: name configuration is required + when type is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' + ? has(self.name) : !has(self.name)' + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + required: + - cluster + - name + - subnets + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + prismCentral: + description: prismCentral holds the endpoint address + and port to access the Nutanix Prism Central. When + a cluster-wide proxy is installed, by default, this + endpoint will be accessed via the proxy. Should + you wish for communication with this endpoint not + to be proxied, please add the endpoint to the proxy + spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS + name or IP address) of the Nutanix Prism Central + or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access + the Nutanix Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + prismElements: + description: prismElements holds one or more endpoint + address and port data to access the Nutanix Prism + Elements (clusters) of the Nutanix Prism Central. + Currently we only support one Prism Element (cluster) + for an OpenShift cluster, where all the Nutanix + resources (VMs, subnets, volumes, etc.) used in + the OpenShift cluster are located. In the future, + we may support Nutanix resources (VMs, etc.) spread + over multiple Prism Elements (clusters) of the Prism + Central. + items: + description: NutanixPrismElementEndpoint holds the + name and endpoint data for a Prism Element (cluster) + properties: + endpoint: + description: endpoint holds the endpoint address + and port data of the Prism Element (cluster). + When a cluster-wide proxy is installed, by + default, this endpoint will be accessed via + the proxy. Should you wish for communication + with this endpoint not to be proxied, please + add the endpoint to the proxy spec.noProxy + list. + properties: + address: + description: address is the endpoint address + (DNS name or IP address) of the Nutanix + Prism Central or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to + access the Nutanix Prism Central or Element + (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + name: + description: name is the name of the Prism Element + (cluster). This value will correspond with + the cluster field configured on other resources + (eg Machines, PVCs, etc). + maxLength: 256 + type: string + required: + - endpoint + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - prismCentral + - prismElements + type: object + openstack: + description: OpenStack contains settings specific to the + OpenStack infrastructure provider. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. These are the IPs for a self-hosted + load balancer in front of the API servers. In dual + stack clusters this list contains two IP addresses, + one from IPv4 family and one from IPv6. In single + stack clusters a single IP address is expected. + When omitted, values from the status.apiServerInternalIPs + will be used. Once set, the list cannot be completely + removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most + one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() + : true' + ingressIPs: + description: ingressIPs are the external IPs which + route to the default ingress controller. The IPs + are suitable targets of a wildcard DNS record used + to resolve default route host names. In dual stack + clusters this list contains two IP addresses, one + from IPv4 family and one from IPv6. In single stack + clusters a single IP address is expected. When omitted, + values from the status.ingressIPs will be used. + Once set, the list cannot be completely removed + (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 + address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() + : true' + machineNetworks: + description: machineNetworks are IP networks used + to connect all the OpenShift cluster nodes. Each + network is provided in the CIDR format and should + be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR + notation (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once + set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + ovirt: + description: Ovirt contains settings specific to the oVirt + infrastructure provider. + type: object + powervs: + description: PowerVS contains settings specific to the + IBM Power Systems Virtual Servers infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints is a list of custom + endpoints which will override the default service + endpoints of a Power VS service. + items: + description: PowervsServiceEndpoint stores the configuration + of a custom url to override existing defaults + of PowerVS Services. + properties: + name: + description: name is the name of the Power VS + service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api + ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller + Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with + scheme https, that overrides the default generated + endpoint for a client. This must be provided + and cannot be empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + description: type is the underlying infrastructure provider + for the cluster. This value controls whether infrastructure + automation such as service load balancers, dynamic volume + provisioning, machine creation and deletion, and other + integrations are enabled. If None, no infrastructure + automation is enabled. Allowed values are "AWS", "Azure", + "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", + "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", + "Nutanix" and "None". Individual components may not + support all platforms, and must handle unrecognized + platforms as None if they do not support that platform. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the + VSphere infrastructure provider. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. These are the IPs for a self-hosted + load balancer in front of the API servers. In dual + stack clusters this list contains two IP addresses, + one from IPv4 family and one from IPv6. In single + stack clusters a single IP address is expected. + When omitted, values from the status.apiServerInternalIPs + will be used. Once set, the list cannot be completely + removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most + one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() + : true' + failureDomains: + description: failureDomains contains the definition + of region, zone and the vCenter topology. If this + is omitted failure domains (regions and zones) will + not be used. + items: + description: VSpherePlatformFailureDomainSpec holds + the region and zone failure domain and the vCenter + topology of that failure domain. + properties: + name: + description: name defines the arbitrary but + unique name of a failure domain. + maxLength: 256 + minLength: 1 + type: string + region: + description: region defines the name of a region + tag that will be attached to a vCenter datacenter. + The tag category in vCenter must be named + openshift-region. + maxLength: 80 + minLength: 1 + type: string + server: + description: server is the fully-qualified domain + name or the IP address of the vCenter server. + --- + maxLength: 255 + minLength: 1 + type: string + topology: + description: Topology describes a given failure + domain using vSphere constructs + properties: + computeCluster: + description: computeCluster the absolute + path of the vCenter cluster in which virtual + machine will be located. The absolute + path is of the form //host/. + The maximum length of the path is 2048 + characters. + maxLength: 2048 + pattern: ^/.*?/host/.*? + type: string + datacenter: + description: datacenter is the name of vCenter + datacenter in which virtual machines will + be located. The maximum length of the + datacenter name is 80 characters. + maxLength: 80 + type: string + datastore: + description: datastore is the absolute path + of the datastore in which the virtual + machine is located. The absolute path + is of the form //datastore/ + The maximum length of the path is 2048 + characters. + maxLength: 2048 + pattern: ^/.*?/datastore/.*? + type: string + folder: + description: folder is the absolute path + of the folder where virtual machines are + located. The absolute path is of the form + //vm/. The maximum + length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/vm/.*? + type: string + networks: + description: networks is the list of port + group network names within this failure + domain. Currently, we only support a single + interface per RHCOS virtual machine. The + available networks (port groups) can be + listed using `govc ls 'network/*'` The + single interface should be the absolute + path of the form //network/. + items: + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + resourcePool: + description: resourcePool is the absolute + path of the resource pool where virtual + machines will be created. The absolute + path is of the form //host//Resources/. + The maximum length of the path is 2048 + characters. + maxLength: 2048 + pattern: ^/.*?/host/.*?/Resources.* + type: string + template: + description: "template is the full inventory + path of the virtual machine or template + that will be cloned when creating new + machines in this failure domain. The maximum + length of the path is 2048 characters. + \n When omitted, the template will be + calculated by the control plane machineset + operator based on the region and zone + defined in VSpherePlatformFailureDomainSpec. + For example, for zone=zonea, region=region1, + and infrastructure name=test, the template + path would be calculated as //vm/test-rhcos-region1-zonea." + maxLength: 2048 + minLength: 1 + pattern: ^/.*?/vm/.*? + type: string + required: + - computeCluster + - datacenter + - datastore + - networks + type: object + zone: + description: zone defines the name of a zone + tag that will be attached to a vCenter cluster. + The tag category in vCenter must be named + openshift-zone. + maxLength: 80 + minLength: 1 + type: string + required: + - name + - region + - server + - topology + - zone + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + ingressIPs: + description: ingressIPs are the external IPs which + route to the default ingress controller. The IPs + are suitable targets of a wildcard DNS record used + to resolve default route host names. In dual stack + clusters this list contains two IP addresses, one + from IPv4 family and one from IPv6. In single stack + clusters a single IP address is expected. When omitted, + values from the status.ingressIPs will be used. + Once set, the list cannot be completely removed + (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 + address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() + : true' + machineNetworks: + description: machineNetworks are IP networks used + to connect all the OpenShift cluster nodes. Each + network is provided in the CIDR format and should + be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR + notation (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeNetworking: + description: nodeNetworking contains the definition + of internal and external network constraints for + assigning the node's networking. If this field is + omitted, networking defaults to the legacy address + selection behavior which is to only support a single + address and return the first one found. + properties: + external: + description: external represents the network configuration + of the node that is externally routable. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses + in subnet ranges will be excluded when selecting + the IP address from the VirtualMachine's + VM for use in the status.addresses fields. + --- + items: + type: string + type: array + x-kubernetes-list-type: atomic + network: + description: network VirtualMachine's VM Network + names that will be used to when searching + for status.addresses fields. Note that if + internal.networkSubnetCIDR and external.networkSubnetCIDR + are not set, then the vNIC associated to + this network must only have a single IP + address assigned to it. The available networks + (port groups) can be listed using `govc + ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address + on VirtualMachine's network interfaces included + in the fields' CIDRs that will be used in + respective status.addresses fields. --- + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + internal: + description: internal represents the network configuration + of the node that is routable only within the + cluster. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses + in subnet ranges will be excluded when selecting + the IP address from the VirtualMachine's + VM for use in the status.addresses fields. + --- + items: + type: string + type: array + x-kubernetes-list-type: atomic + network: + description: network VirtualMachine's VM Network + names that will be used to when searching + for status.addresses fields. Note that if + internal.networkSubnetCIDR and external.networkSubnetCIDR + are not set, then the vNIC associated to + this network must only have a single IP + address assigned to it. The available networks + (port groups) can be listed using `govc + ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address + on VirtualMachine's network interfaces included + in the fields' CIDRs that will be used in + respective status.addresses fields. --- + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: object + vcenters: + description: vcenters holds the connection details + for services to communicate with vCenter. Currently, + only a single vCenter is supported. --- + items: + description: VSpherePlatformVCenterSpec stores the + vCenter connection fields. This is used by the + vSphere CCM. + properties: + datacenters: + description: The vCenter Datacenters in which + the RHCOS vm guests are located. This field + will be used by the Cloud Controller Manager. + Each datacenter listed here should be used + within a topology. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + port: + description: port is the TCP port that will + be used to communicate to the vCenter endpoint. + When omitted, this means the user has no opinion + and it is up to the platform to choose a sensible + default, which is subject to change over time. + format: int32 + maximum: 32767 + minimum: 1 + type: integer + server: + description: server is the fully-qualified domain + name or the IP address of the vCenter server. + --- + maxLength: 255 + type: string + required: + - datacenters + - server + type: object + maxItems: 1 + minItems: 0 + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once + set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + type: object + type: object + status: + description: status holds observed values from the cluster. They + may not be overridden. + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme + 'https', address and optionally a port (defaulting to 443). apiServerInternalURL + can be used by components like kubelets, to contact the + Kubernetes API server using the infrastructure provider + rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', + address and optionally a port (defaulting to 443). apiServerURL + can be used by components like the web console to tell users + where to find the Kubernetes API. + type: string + controlPlaneTopology: + default: HighlyAvailable + description: controlPlaneTopology expresses the expectations + for operands that normally run on control nodes. The default + is 'HighlyAvailable', which represents the behavior operators + have in a "normal" cluster. The 'SingleReplica' mode will + be used in single-node deployments and the operators should + not configure the operand for highly-available operation + The 'External' mode indicates that the control plane is + hosted externally to the cluster and that its components + are not visible within the cluster. + enum: + - HighlyAvailable + - SingleReplica + - External + type: string + cpuPartitioning: + default: None + description: cpuPartitioning expresses if CPU partitioning + is a currently enabled feature in the cluster. CPU Partitioning + means that this cluster can support partitioning workloads + to specific CPU Sets. Valid values are "None" and "AllNodes". + When omitted, the default value is "None". The default value + of "None" indicates that no nodes will be setup with CPU + partitioning. The "AllNodes" value indicates that all nodes + have been setup with CPU partitioning, and can then be further + configured via the PerformanceProfile API. + enum: + - None + - AllNodes + type: string + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch + the SRV records for discovering etcd servers and clients. + For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery + deprecated: as of 4.7, this field is no longer set or honored. It + will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster + with a human friendly name. Once set it should not be changed. + Must be of max length 27 and must have only alphanumeric + or hyphen characters. + type: string + infrastructureTopology: + default: HighlyAvailable + description: 'infrastructureTopology expresses the expectations + for infrastructure services that do not run on control plane + nodes, usually indicated by a node selector for a `role` + value other than `master`. The default is ''HighlyAvailable'', + which represents the behavior operators have in a "normal" + cluster. The ''SingleReplica'' mode will be used in single-node + deployments and the operators should not configure the operand + for highly-available operation NOTE: External topology mode + is not applicable for this field.' + enum: + - HighlyAvailable + - SingleReplica + type: string + platform: + description: "platform is the underlying infrastructure provider + for the cluster. \n Deprecated: Use platformStatus.type + instead." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + platformStatus: + description: platformStatus holds status information specific + to the underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to + the Alibaba Cloud infrastructure provider. + properties: + region: + description: region specifies the region for Alibaba + Cloud resources created for the cluster. + pattern: ^[0-9A-Za-z-]+$ + type: string + resourceGroupID: + description: resourceGroupID is the ID of the resource + group for the cluster. + pattern: ^(rg-[0-9A-Za-z]+)?$ + type: string + resourceTags: + description: resourceTags is a list of additional + tags to apply to Alibaba Cloud resources created + for the cluster. + items: + description: AlibabaCloudResourceTag is the set + of tags to add to apply to resources. + properties: + key: + description: key is the key of the tag. + maxLength: 128 + minLength: 1 + type: string + value: + description: value is the value of the tag. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + required: + - region + type: object + aws: + description: AWS contains settings specific to the Amazon + Web Services infrastructure provider. + properties: + region: + description: region holds the default AWS region for + new AWS resources created by the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional + tags to apply to AWS resources created for the cluster. + See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html + for information on tagging AWS resources. AWS supports + a maximum of 50 tags per resource. OpenShift reserves + 25 tags for its use, leaving 25 tags available for + the user. + items: + description: AWSResourceTag is a tag to apply to + AWS resources created for the cluster. + properties: + key: + description: key is the key of the tag + maxLength: 128 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + value: + description: value is the value of the tag. + Some AWS service do not support empty values. + Since tags are added to resources in many + services, the length of the tag value must + meet the requirements of all services. + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 25 + type: array + x-kubernetes-list-type: atomic + serviceEndpoints: + description: ServiceEndpoints list contains custom + endpoints which will override default service endpoint + of AWS Services. There must be only one ServiceEndpoint + for a service. + items: + description: AWSServiceEndpoint store the configuration + of a custom url to override existing defaults + of AWS Services. + properties: + name: + description: name is the name of the AWS service. + The list of all the service names can be found + at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with + scheme https, that overrides the default generated + endpoint for a client. This must be provided + and cannot be empty. + pattern: ^https:// + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + azure: + description: Azure contains settings specific to the Azure + infrastructure provider. + properties: + armEndpoint: + description: armEndpoint specifies a URL to use for + resource management in non-soverign clouds such + as Azure Stack. + type: string + cloudName: + description: cloudName is the name of the Azure cloud + environment which can be used to configure the Azure + SDK with the appropriate Azure API endpoints. If + empty, the value is equal to `AzurePublicCloud`. + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureStackCloud + type: string + networkResourceGroupName: + description: networkResourceGroupName is the Resource + Group for network resources like the Virtual Network + and Subnets used by the cluster. If empty, the value + is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group + for new Azure resources created for the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional + tags to apply to Azure resources created for the + cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags + for information on tagging Azure resources. Due + to limitations on Automation, Content Delivery Network, + DNS Azure resources, a maximum of 15 tags may be + applied. OpenShift reserves 5 tags for internal + use, allowing 10 tags for user configuration. + items: + description: AzureResourceTag is a tag to apply + to Azure resources created for the cluster. + properties: + key: + description: key is the key part of the tag. + A tag key can have a maximum of 128 characters + and cannot be empty. Key must begin with a + letter, end with a letter, number or underscore, + and must contain only alphanumeric characters + and the following special characters `_ . + -`. + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ + type: string + value: + description: 'value is the value part of the + tag. A tag value can have a maximum of 256 + characters and cannot be empty. Value must + contain only alphanumeric characters and the + following special characters `_ + , - . / + : ; < = > ? @`.' + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: resourceTags are immutable and may only + be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, + x in self) + type: object + x-kubernetes-validations: + - message: resourceTags may only be configured during + installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) + || has(oldSelf.resourceTags) && has(self.resourceTags)' + baremetal: + description: BareMetal contains settings specific to the + BareMetal platform. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. \n Deprecated: Use + APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. These are the IPs for a self-hosted + load balancer in front of the API servers. In dual + stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve + default route host names. \n Deprecated: Use IngressIPs + instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which + route to the default ingress controller. The IPs + are suitable targets of a wildcard DNS record used + to resolve default route host names. In dual stack + clusters this list contains two IPs otherwise only + one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer + used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer + used by the cluster on BareMetal platform which + can be a user-managed or openshift-managed load + balancer that is to be used for the OpenShift + API and Ingress endpoints. When set to OpenShiftManagedDefault + the static pods in charge of API and Ingress + traffic load-balancing defined in the machine + config operator will be deployed. When set to + UserManaged these static pods will not be deployed + and it is expected that the load balancer is + configured out of band by the deployer. When + omitted, this means no opinion and the platform + is left to choose a reasonable default. The + default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + machineNetworks: + description: machineNetworks are IP networks used + to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR + notation (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by + the DNS operator, `NodeDNSIP` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for BareMetal deployments. In order to minimize + necessary changes to the datacenter DNS, a DNS service + is hosted as a static pod to serve those hostnames + to the nodes in the cluster. + type: string + type: object + equinixMetal: + description: EquinixMetal contains settings specific to + the Equinix Metal infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve + default route host names. + type: string + type: object + external: + description: External contains settings specific to the + generic External infrastructure provider. + properties: + cloudControllerManager: + description: cloudControllerManager contains settings + specific to the external Cloud Controller Manager + (a.k.a. CCM or CPI). When omitted, new nodes will + be not tainted and no extra initialization from + the cloud controller manager is expected. + properties: + state: + description: "state determines whether or not + an external Cloud Controller Manager is expected + to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager + \n Valid values are \"External\", \"None\" and + omitted. When set to \"External\", new nodes + will be tainted as uninitialized when created, + preventing them from running workloads until + they are initialized by the cloud controller + manager. When omitted or set to \"None\", new + nodes will be not tainted and no extra initialization + from the cloud controller manager is expected." + enum: + - "" + - External + - None + type: string + x-kubernetes-validations: + - message: state is immutable once set + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: state may not be added or removed once + set + rule: (has(self.state) == has(oldSelf.state)) || + (!has(oldSelf.state) && self.state != "External") + type: object + x-kubernetes-validations: + - message: cloudControllerManager may not be added or + removed once set + rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) + gcp: + description: GCP contains settings specific to the Google + Cloud Platform infrastructure provider. + properties: + cloudLoadBalancerConfig: + default: + dnsType: PlatformDefault + description: cloudLoadBalancerConfig is a union that + contains the IP addresses of API, API-Int and Ingress + Load Balancers created on the cloud platform. These + values would not be populated on on-prem platforms. + These Load Balancer IPs are used to configure the + in-cluster DNS instances for API, API-Int and Ingress + services. `dnsType` is expected to be set to `ClusterHosted` + when these Load Balancer IP addresses are populated + and used. + nullable: true + properties: + clusterHosted: + description: clusterHosted holds the IP addresses + of API, API-Int and Ingress Load Balancers on + Cloud Platforms. The DNS solution hosted within + the cluster use these IP addresses to provide + resolution for API, API-Int and Ingress services. + properties: + apiIntLoadBalancerIPs: + description: apiIntLoadBalancerIPs holds Load + Balancer IPs for the internal API service. + These Load Balancer IP addresses can be + IPv4 and/or IPv6 addresses. Entries in the + apiIntLoadBalancerIPs must be unique. A + maximum of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, + "10.0.0.0" or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + apiLoadBalancerIPs: + description: apiLoadBalancerIPs holds Load + Balancer IPs for the API service. These + Load Balancer IP addresses can be IPv4 and/or + IPv6 addresses. Could be empty for private + clusters. Entries in the apiLoadBalancerIPs + must be unique. A maximum of 16 IP addresses + are permitted. + format: ip + items: + description: IP is an IP address (for example, + "10.0.0.0" or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + ingressLoadBalancerIPs: + description: ingressLoadBalancerIPs holds + IPs for Ingress Load Balancers. These Load + Balancer IP addresses can be IPv4 and/or + IPv6 addresses. Entries in the ingressLoadBalancerIPs + must be unique. A maximum of 16 IP addresses + are permitted. + format: ip + items: + description: IP is an IP address (for example, + "10.0.0.0" or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + type: object + dnsType: + default: PlatformDefault + description: dnsType indicates the type of DNS + solution in use within the cluster. Its default + value of `PlatformDefault` indicates that the + cluster's DNS is the default provided by the + cloud platform. It can be set to `ClusterHosted` + to bypass the configuration of the cloud default + DNS. In this mode, the cluster needs to provide + a self-hosted DNS solution for the cluster's + installation to succeed. The cluster's use of + the cloud's Load Balancers is unaffected by + this setting. The value is immutable after it + has been set at install time. Currently, there + is no way for the customer to add additional + DNS entries into the cluster hosted DNS. Enabling + this functionality allows the user to start + their own DNS solution outside the cluster after + installation is complete. The customer would + be responsible for configuring this custom DNS + solution, and it can be run in addition to the + in-cluster DNS solution. + enum: + - ClusterHosted + - PlatformDefault + type: string + x-kubernetes-validations: + - message: dnsType is immutable + rule: oldSelf == '' || self == oldSelf + type: object + x-kubernetes-validations: + - message: clusterHosted is permitted only when dnsType + is ClusterHosted + rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' + ? !has(self.clusterHosted) : true' + projectID: + description: resourceGroupName is the Project ID for + new GCP resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources + created for the cluster. + type: string + resourceLabels: + description: resourceLabels is a list of additional + labels to apply to GCP resources created for the + cluster. See https://cloud.google.com/compute/docs/labeling-resources + for information on labeling GCP resources. GCP supports + a maximum of 64 labels per resource. OpenShift reserves + 32 labels for internal use, allowing 32 labels for + user configuration. + items: + description: GCPResourceLabel is a label to apply + to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the label. + A label key can have a maximum of 63 characters + and cannot be empty. Label key must begin + with a lowercase letter, and must contain + only lowercase letters, numeric characters, + and the following special characters `_-`. + Label key must not have the reserved prefixes + `kubernetes-io` and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]{0,62}$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either + `openshift-io` or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') + && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the + label. A label value can have a maximum of + 63 characters and cannot be empty. Value must + contain only lowercase letters, numeric characters, + and the following special characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]{1,63}$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only + be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, + x in self) + resourceTags: + description: resourceTags is a list of additional + tags to apply to GCP resources created for the cluster. + See https://cloud.google.com/resource-manager/docs/tags/tags-overview + for information on tagging GCP resources. GCP supports + a maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to + GCP resources created for the cluster. + properties: + key: + description: key is the key part of the tag. + A tag key can have a maximum of 63 characters + and cannot be empty. Tag key must begin and + end with an alphanumeric character, and must + contain only uppercase, lowercase alphanumeric + characters, and the following special characters + `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical + resource where the tags are defined, e.g. + at the Organization or the Project level. + To find the Organization or Project ID refer + to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, + https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. + An OrganizationID must consist of decimal + numbers, and cannot have leading zeroes. A + ProjectID must be 6 to 30 characters in length, + can only contain lowercase letters, numbers, + and hyphens, and must start with a letter, + and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the + tag. A tag value can have a maximum of 63 + characters and cannot be empty. Tag value + must begin and end with an alphanumeric character, + and must contain only uppercase, lowercase + alphanumeric characters, and the following + special characters `_-.@%=+:,*#&(){}[]` and + spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only + be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, + x in self) + type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during + installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) + || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during + installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) + || has(oldSelf.resourceTags) && has(self.resourceTags)' + ibmcloud: + description: IBMCloud contains settings specific to the + IBMCloud infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud + Internet Services instance managing the DNS zone + for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS + Services instance managing the DNS zone for the + cluster's base domain + type: string + location: + description: Location is where the cluster has been + deployed + type: string + providerType: + description: ProviderType indicates the type of cluster + that was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group + for new IBMCloud resources created for the cluster. + type: string + serviceEndpoints: + description: serviceEndpoints is a list of custom + endpoints which will override the default service + endpoints of an IBM Cloud service. These endpoints + are consumed by components within the cluster to + reach the respective IBM Cloud Services. + items: + description: IBMCloudServiceEndpoint stores the + configuration of a custom url to override existing + defaults of IBM Cloud Services. + properties: + name: + description: 'name is the name of the IBM Cloud + service. Possible values are: CIS, COS, DNSServices, + GlobalSearch, GlobalTagging, HyperProtect, + IAM, KeyProtect, ResourceController, ResourceManager, + or VPC. For example, the IBM Cloud Private + IAM service could be configured with the service + `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` + Whereas the IBM Cloud Private VPC service + for US South (Dallas) could be configured + with the service `name` of `VPC` and `url` + of `https://us.south.private.iaas.cloud.ibm.com`' + enum: + - CIS + - COS + - DNSServices + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC + type: string + url: + description: url is fully qualified URI with + scheme https, that overrides the default generated + endpoint for a client. This must be provided + and cannot be empty. + type: string + x-kubernetes-validations: + - message: url must be a valid absolute URL + rule: isURL(self) + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + kubevirt: + description: Kubevirt contains settings specific to the + kubevirt infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve + default route host names. + type: string + type: object + nutanix: + description: Nutanix contains settings specific to the + Nutanix infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. \n Deprecated: Use + APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. These are the IPs for a self-hosted + load balancer in front of the API servers. In dual + stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve + default route host names. \n Deprecated: Use IngressIPs + instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which + route to the default ingress controller. The IPs + are suitable targets of a wildcard DNS record used + to resolve default route host names. In dual stack + clusters this list contains two IPs otherwise only + one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer + used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer + used by the cluster on Nutanix platform which + can be a user-managed or openshift-managed load + balancer that is to be used for the OpenShift + API and Ingress endpoints. When set to OpenShiftManagedDefault + the static pods in charge of API and Ingress + traffic load-balancing defined in the machine + config operator will be deployed. When set to + UserManaged these static pods will not be deployed + and it is expected that the load balancer is + configured out of band by the deployer. When + omitted, this means no opinion and the platform + is left to choose a reasonable default. The + default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + type: object + openstack: + description: OpenStack contains settings specific to the + OpenStack infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. \n Deprecated: Use + APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. These are the IPs for a self-hosted + load balancer in front of the API servers. In dual + stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + cloudName: + description: cloudName is the name of the desired + OpenStack cloud in the client configuration file + (`clouds.yaml`). + type: string + ingressIP: + description: "ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve + default route host names. \n Deprecated: Use IngressIPs + instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which + route to the default ingress controller. The IPs + are suitable targets of a wildcard DNS record used + to resolve default route host names. In dual stack + clusters this list contains two IPs otherwise only + one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer + used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer + used by the cluster on OpenStack platform which + can be a user-managed or openshift-managed load + balancer that is to be used for the OpenShift + API and Ingress endpoints. When set to OpenShiftManagedDefault + the static pods in charge of API and Ingress + traffic load-balancing defined in the machine + config operator will be deployed. When set to + UserManaged these static pods will not be deployed + and it is expected that the load balancer is + configured out of band by the deployer. When + omitted, this means no opinion and the platform + is left to choose a reasonable default. The + default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + machineNetworks: + description: machineNetworks are IP networks used + to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR + notation (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by + the DNS operator, `NodeDNSIP` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for OpenStack deployments. In order to minimize + necessary changes to the datacenter DNS, a DNS service + is hosted as a static pod to serve those hostnames + to the nodes in the cluster. + type: string + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt + infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. \n Deprecated: Use + APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. These are the IPs for a self-hosted + load balancer in front of the API servers. In dual + stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve + default route host names. \n Deprecated: Use IngressIPs + instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which + route to the default ingress controller. The IPs + are suitable targets of a wildcard DNS record used + to resolve default route host names. In dual stack + clusters this list contains two IPs otherwise only + one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer + used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer + used by the cluster on Ovirt platform which + can be a user-managed or openshift-managed load + balancer that is to be used for the OpenShift + API and Ingress endpoints. When set to OpenShiftManagedDefault + the static pods in charge of API and Ingress + traffic load-balancing defined in the machine + config operator will be deployed. When set to + UserManaged these static pods will not be deployed + and it is expected that the load balancer is + configured out of band by the deployer. When + omitted, this means no opinion and the platform + is left to choose a reasonable default. The + default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is + no longer set or honored. It will be removed in + a future release.' + type: string + type: object + powervs: + description: PowerVS contains settings specific to the + Power Systems Virtual Servers infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud + Internet Services instance managing the DNS zone + for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS + Services instance managing the DNS zone for the + cluster's base domain + type: string + region: + description: region holds the default Power VS region + for new Power VS resources created by the cluster. + type: string + resourceGroup: + description: 'resourceGroup is the resource group + name for new IBMCloud resources created for a cluster. + The resource group specified here will be used by + cluster-image-registry-operator to set up a COS + Instance in IBMCloud for the cluster registry. More + about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. + When omitted, the image registry operator won''t + be able to configure storage, which results in the + image registry cluster operator not being in an + available state.' + maxLength: 40 + pattern: ^[a-zA-Z0-9-_ ]+$ + type: string + x-kubernetes-validations: + - message: resourceGroup is immutable once set + rule: oldSelf == '' || self == oldSelf + serviceEndpoints: + description: serviceEndpoints is a list of custom + endpoints which will override the default service + endpoints of a Power VS service. + items: + description: PowervsServiceEndpoint stores the configuration + of a custom url to override existing defaults + of PowerVS Services. + properties: + name: + description: name is the name of the Power VS + service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api + ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller + Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with + scheme https, that overrides the default generated + endpoint for a client. This must be provided + and cannot be empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + zone: + description: 'zone holds the default zone for the + new Power VS resources created by the cluster. Note: + Currently only single-zone OCP clusters are supported' + type: string + type: object + x-kubernetes-validations: + - message: cannot unset resourceGroup once set + rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' + type: + description: "type is the underlying infrastructure provider + for the cluster. This value controls whether infrastructure + automation such as service load balancers, dynamic volume + provisioning, machine creation and deletion, and other + integrations are enabled. If None, no infrastructure + automation is enabled. Allowed values are \"AWS\", \"Azure\", + \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", + \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", + \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual + components may not support all platforms, and must handle + unrecognized platforms as None if they do not support + that platform. \n This value will be synced with to + the `status.platform` and `status.platformStatus.type`. + Currently this value cannot be changed once set." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the + VSphere infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. \n Deprecated: Use + APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses + to contact the Kubernetes API server that can be + used by components inside the cluster, like kubelets + using the infrastructure rather than Kubernetes + networking. These are the IPs for a self-hosted + load balancer in front of the API servers. In dual + stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve + default route host names. \n Deprecated: Use IngressIPs + instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which + route to the default ingress controller. The IPs + are suitable targets of a wildcard DNS record used + to resolve default route host names. In dual stack + clusters this list contains two IPs otherwise only + one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer + used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer + used by the cluster on VSphere platform which + can be a user-managed or openshift-managed load + balancer that is to be used for the OpenShift + API and Ingress endpoints. When set to OpenShiftManagedDefault + the static pods in charge of API and Ingress + traffic load-balancing defined in the machine + config operator will be deployed. When set to + UserManaged these static pods will not be deployed + and it is expected that the load balancer is + configured out of band by the deployer. When + omitted, this means no opinion and the platform + is left to choose a reasonable default. The + default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + machineNetworks: + description: machineNetworks are IP networks used + to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR + notation (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by + the DNS operator, `NodeDNSIP` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for vSphere deployments. In order to minimize necessary + changes to the datacenter DNS, a DNS service is + hosted as a static pod to serve those hostnames + to the nodes in the cluster. + type: string + type: object + type: object + type: object + required: + - spec + type: object + x-kubernetes-embedded-resource: true + internalRegistryPullSecret: + description: internalRegistryPullSecret is the pull secret for the + internal registry, used by rpm-ostree to pull images from the internal + registry if present + format: byte + nullable: true + type: string + ipFamilies: + description: ipFamilies indicates the IP families in use by the cluster + network + type: string + kubeAPIServerServingCAData: + description: kubeAPIServerServingCAData managed Kubelet to API Server + Cert... Rotated automatically + format: byte + type: string + network: + description: Network contains additional network related information + nullable: true + properties: + mtuMigration: + description: MTUMigration contains the MTU migration configuration. + nullable: true + properties: + machine: + description: Machine contains MTU migration configuration + for the machine's uplink. + properties: + from: + description: From is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: To is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: Network contains MTU migration configuration + for the default network. + properties: + from: + description: From is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: To is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + required: + - mtuMigration + type: object + networkType: + description: 'networkType holds the type of network the cluster is + using XXX: this is temporary and will be dropped as soon as possible + in favor of a better support to start network related services the + proper way. Nobody is also changing this once the cluster is up + and running the first time, so, disallow regeneration if this changes.' + type: string + osImageURL: + description: OSImageURL is the old-format container image that contains + the OS update payload. + type: string + platform: + description: platform is deprecated, use Infra.Status.PlatformStatus.Type + instead + type: string + proxy: + description: proxy holds the current proxy configuration for the nodes + nullable: true + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or + CIDRs for which the proxy should not be used. + type: string + type: object + pullSecret: + description: pullSecret is the default pull secret that needs to be + installed on all machines. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + releaseImage: + description: releaseImage is the image used when installing the cluster + type: string + rootCAData: + description: rootCAData specifies the root CA data + format: byte + type: string + required: + - additionalTrustBundle + - baseOSContainerImage + - cloudProviderCAData + - cloudProviderConfig + - clusterDNSIP + - dns + - images + - infra + - ipFamilies + - kubeAPIServerServingCAData + - network + - proxy + - releaseImage + - rootCAData + type: object + status: + description: ControllerConfigStatus is the status for ControllerConfig + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ControllerConfigStatusCondition contains condition + information for ControllerConfigStatus + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-type: atomic + controllerCertificates: + description: controllerCertificates represents the latest available + observations of the automatically rotating certificates in the MCO. + items: + description: ControllerCertificate contains info about a specific + cert. + properties: + bundleFile: + description: bundleFile is the larger bundle a cert comes from + type: string + notAfter: + description: notAfter is the upper boundary for validity + format: date-time + type: string + notBefore: + description: notBefore is the lower boundary for validity + format: date-time + type: string + signer: + description: signer is the cert Issuer + type: string + subject: + description: subject is the cert subject + type: string + required: + - bundleFile + - signer + - subject + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigpools-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigpools-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..c7803645736 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigpools-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,629 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: machineconfigpools.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: MachineConfigPool + listKind: MachineConfigPoolList + plural: machineconfigpools + shortNames: + - mcp + singular: machineconfigpool + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.configuration.name + name: Config + type: string + - description: When all the machines in the pool are updated to the correct machine + config. + jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - description: When at least one of machine is not either not updated or is in + the process of updating to the desired machine config. + jsonPath: .status.conditions[?(@.type=="Updating")].status + name: Updating + type: string + - description: When progress is blocked on updating one or more nodes or the pool + configuration is failing. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: Total number of machines in the machine config pool + jsonPath: .status.machineCount + name: MachineCount + type: number + - description: Total number of ready machines targeted by the pool + jsonPath: .status.readyMachineCount + name: ReadyMachineCount + type: number + - description: Total number of machines targeted by the pool that have the CurrentMachineConfig + as their config + jsonPath: .status.updatedMachineCount + name: UpdatedMachineCount + type: number + - description: Total number of machines marked degraded (or unreconcilable) + jsonPath: .status.degradedMachineCount + name: DegradedMachineCount + type: number + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: "MachineConfigPool describes a pool of MachineConfigs. \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineConfigPoolSpec is the spec for MachineConfigPool resource. + properties: + configuration: + description: The targeted MachineConfig object for the machine config + pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + machineConfigSelector: + description: machineConfigSelector specifies a label selector for + MachineConfigs. Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + on how label and selectors work. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxUnavailable: + anyOf: + - type: integer + - type: string + description: "maxUnavailable defines either an integer number or percentage + of nodes in the pool that can go Unavailable during an update. This + includes nodes Unavailable for any reason, including user initiated + cordons, failing nodes, etc. The default value is 1. \n A value + larger than 1 will mean multiple nodes going unavailable during + the update, which may affect your workload stress on the remaining + nodes. You cannot set this value to 0 to stop updates (it will default + back to 1); to stop updates, use the 'paused' property instead. + Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum + guards, even if maxUnavailable is greater than one." + x-kubernetes-int-or-string: true + nodeSelector: + description: nodeSelector specifies a label selector for Machines + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + paused: + description: paused specifies whether or not changes to this machine + config pool should be stopped. This includes generating new desiredMachineConfig + and update of machines. + type: boolean + pinnedImageSets: + description: "pinnedImageSets specifies a sequence of PinnedImageSetRef + objects for the pool. Nodes within this pool will preload and pin + images defined in the PinnedImageSet. Before pulling images the + MachineConfigDaemon will ensure the total uncompressed size of all + the images does not exceed available resources. If the total size + of the images exceeds the available resources the controller will + report a Degraded status to the MachineConfigPool and not attempt + to pull any images. Also to help ensure the kubelet can mitigate + storage risk, the pinned_image configuration and subsequent service + reload will happen only after all of the images have been pulled + for each set. Images from multiple PinnedImageSets are loaded and + pinned sequentially as listed. Duplicate and existing images will + be skipped. \n Any failure to prefetch or pin images will result + in a Degraded pool. Resolving these failures is the responsibility + of the user. The admin should be proactive in ensuring adequate + storage and proper image authentication exists in advance." + items: + properties: + name: + description: name is a reference to the name of a PinnedImageSet. Must + adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). + Made up of one of more period-separated (.) segments, where + each segment consists of alphanumeric characters and hyphens + (-), must begin and end with an alphanumeric character, and + is at most 63 characters in length. The total length of the + name must not exceed 253 characters. + maxLength: 253 + minLength: 1 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: MachineConfigPoolStatus is the status for MachineConfigPool + resource. + properties: + certExpirys: + description: certExpirys keeps track of important certificate expiration + data + items: + description: ceryExpiry contains the bundle name and the expiry + date + properties: + bundle: + description: bundle is the name of the bundle in which the subject + certificate resides + type: string + expiry: + description: expiry is the date after which the certificate + will no longer be valid + format: date-time + type: string + subject: + description: subject is the subject of the certificate + type: string + required: + - bundle + - subject + type: object + type: array + x-kubernetes-list-type: atomic + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: MachineConfigPoolCondition contains condition information + for an MachineConfigPool. + properties: + lastTransitionTime: + description: lastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + nullable: true + type: string + message: + description: message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: type of the condition, currently ('Done', 'Updating', + 'Failed'). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + configuration: + description: configuration represents the current MachineConfig object + for the machine config pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + degradedMachineCount: + description: degradedMachineCount represents the total number of machines + marked degraded (or unreconcilable). A node is marked degraded if + applying a configuration failed.. + format: int32 + type: integer + machineCount: + description: machineCount represents the total number of machines + in the machine config pool. + format: int32 + type: integer + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + poolSynchronizersStatus: + description: poolSynchronizersStatus is the status of the machines + managed by the pool synchronizers. + items: + properties: + availableMachineCount: + description: availableMachineCount is the number of machines + managed by the node synchronizer which are available. + format: int64 + minimum: 0 + type: integer + machineCount: + description: machineCount is the number of machines that are + managed by the node synchronizer. + format: int64 + minimum: 0 + type: integer + observedGeneration: + description: observedGeneration is the last generation change + that has been applied. + format: int64 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: observedGeneration must not move backwards except + to zero + rule: self >= oldSelf || (self == 0 && oldSelf > 0) + poolSynchronizerType: + description: poolSynchronizerType describes the type of the + pool synchronizer. + enum: + - PinnedImageSets + maxLength: 256 + type: string + readyMachineCount: + description: readyMachineCount is the number of machines managed + by the node synchronizer that are in a ready state. + format: int64 + minimum: 0 + type: integer + unavailableMachineCount: + description: unavailableMachineCount is the number of machines + managed by the node synchronizer but are unavailable. + format: int64 + minimum: 0 + type: integer + updatedMachineCount: + description: updatedMachineCount is the number of machines that + have been updated by the node synchronizer. + format: int64 + minimum: 0 + type: integer + required: + - availableMachineCount + - machineCount + - poolSynchronizerType + - readyMachineCount + - unavailableMachineCount + - updatedMachineCount + type: object + x-kubernetes-validations: + - message: machineCount must be greater than or equal to updatedMachineCount + rule: self.machineCount >= self.updatedMachineCount + - message: machineCount must be greater than or equal to availableMachineCount + rule: self.machineCount >= self.availableMachineCount + - message: machineCount must be greater than or equal to unavailableMachineCount + rule: self.machineCount >= self.unavailableMachineCount + - message: machineCount must be greater than or equal to readyMachineCount + rule: self.machineCount >= self.readyMachineCount + - message: availableMachineCount must be greater than or equal to + readyMachineCount + rule: self.availableMachineCount >= self.readyMachineCount + type: array + x-kubernetes-list-map-keys: + - poolSynchronizerType + x-kubernetes-list-type: map + readyMachineCount: + description: readyMachineCount represents the total number of ready + machines targeted by the pool. + format: int32 + type: integer + unavailableMachineCount: + description: unavailableMachineCount represents the total number of + unavailable (non-ready) machines targeted by the pool. A node is + marked unavailable if it is in updating state or NodeReady condition + is false. + format: int32 + type: integer + updatedMachineCount: + description: updatedMachineCount represents the total number of machines + targeted by the pool that have the CurrentMachineConfig as their + config. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..eed92c7361f --- /dev/null +++ b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,366 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1596 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: machineconfignodes.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: MachineConfigNode + listKind: MachineConfigNodeList + plural: machineconfignodes + singular: machineconfignode + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePrepared")].status + name: UpdatePrepared + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateExecuted")].status + name: UpdateExecuted + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePostActionComplete")].status + name: UpdatePostActionComplete + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateComplete")].status + name: UpdateComplete + type: string + - jsonPath: .status.conditions[?(@.type=="Resumed")].status + name: Resumed + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateCompatible")].status + name: UpdateCompatible + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="AppliedFilesAndOS")].status + name: UpdatedFilesAndOS + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Cordoned")].status + name: CordonedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Drained")].status + name: DrainedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="RebootedNode")].status + name: RebootedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="ReloadedCRIO")].status + name: ReloadedCRIO + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Uncordoned")].status + name: UncordonedNode + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MachineConfigNode describes the health of the Machines on the + system Compatibility level 4: No compatibility is provided, the API can + change at any point for any reason. These capabilities should not be used + by applications needing long term support.' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of the machine config node. + properties: + configVersion: + description: configVersion holds the desired config version for the + node targeted by this machine config node resource. The desired + version represents the machine config the node will attempt to update + to. This gets set before the machine config operator validates the + new machine config against the current machine config. + properties: + desired: + description: desired is the name of the machine config that the + the node should be upgraded to. This value is set when the machine + config pool generates a new version of its rendered configuration. + When this value is changed, the machine config daemon starts + the node upgrade process. This value gets set in the machine + config node spec once the machine config has been targeted for + upgrade and before it is validated. Must be a lowercase RFC-1123 + hostname (https://tools.ietf.org/html/rfc1123) It may consist + of only alphanumeric characters, hyphens (-) and periods (.) + and must be at most 253 characters in length. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - desired + type: object + node: + description: node contains a reference to the node for this machine + config node. + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 + hostname (https://tools.ietf.org/html/rfc1123) It may consist + of only alphanumeric characters, hyphens (-) and periods (.) + and must be at most 253 characters in length. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - name + type: object + pinnedImageSets: + description: pinnedImageSets holds the desired pinned image sets that + this node should pin and pull. + items: + properties: + name: + description: name is the name of the pinned image set. Must + be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + It may consist of only alphanumeric characters, hyphens (-) + and periods (.) and must be at most 253 characters in length. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + pool: + description: pool contains a reference to the machine config pool + that this machine config node's referenced node belongs to. + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 + hostname (https://tools.ietf.org/html/rfc1123) It may consist + of only alphanumeric characters, hyphens (-) and periods (.) + and must be at most 253 characters in length. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - name + type: object + required: + - configVersion + - node + - pool + type: object + status: + description: status describes the last observed state of this machine + config node. + properties: + conditions: + description: conditions represent the observations of a machine config + node's current state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + configVersion: + description: configVersion describes the current and desired machine + config for this node. The current version represents the current + machine config for the node and is updated after a successful update. + The desired version represents the machine config the node will + attempt to update to. This desired machine config has been compared + to the current machine config and has been validated by the machine + config operator as one that is valid and that exists. + properties: + current: + description: current is the name of the machine config currently + in use on the node. This value is updated once the machine config + daemon has completed the update of the configuration for the + node. This value should match the desired version unless an + upgrade is in progress. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) It may consist of only + alphanumeric characters, hyphens (-) and periods (.) and must + be at most 253 characters in length. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + desired: + description: desired is the MachineConfig the node wants to upgrade + to. This value gets set in the machine config node status once + the machine config has been validated against the current machine + config. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + It may consist of only alphanumeric characters, hyphens (-) + and periods (.) and must be at most 253 characters in length. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - desired + type: object + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. This field is updated when the controller observes + a change to the desiredConfig in the configVersion of the machine + config node spec. + format: int64 + type: integer + pinnedImageSets: + description: pinnedImageSets describes the current and desired pinned + image sets for this node. The current version is the generation + of the pinned image set that has most recently been successfully + pulled and pinned on this node. The desired version is the generation + of the pinned image set that is targeted to be pulled and pinned + on this node. + items: + properties: + currentGeneration: + description: currentGeneration is the generation of the pinned + image set that has most recently been successfully pulled + and pinned on this node. + format: int32 + type: integer + desiredGeneration: + description: desiredGeneration version is the generation of + the pinned image set that is targeted to be pulled and pinned + on this node. + format: int32 + minimum: 0 + type: integer + lastFailedGeneration: + description: lastFailedGeneration is the generation of the most + recent pinned image set that failed to be pulled and pinned + on this node. + format: int32 + minimum: 0 + type: integer + lastFailedGenerationErrors: + description: lastFailedGenerationErrors is a list of errors + why the lastFailed generation failed to be pulled and pinned. + items: + type: string + maxItems: 10 + type: array + name: + description: name is the name of the pinned image set. Must + be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + It may consist of only alphanumeric characters, hyphens (-) + and periods (.) and must be at most 253 characters in length. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - name + type: object + x-kubernetes-validations: + - message: desired generation must be greater than or equal to the + current generation + rule: 'has(self.desiredGeneration) && has(self.currentGeneration) + ? self.desiredGeneration >= self.currentGeneration : true' + - message: desired generation must be greater than last failed generation + rule: 'has(self.lastFailedGeneration) && has(self.desiredGeneration) + ? self.desiredGeneration >= self.lastFailedGeneration : true' + - message: desired generation must be defined if last failed generation + is defined + rule: 'has(self.lastFailedGeneration) ? has(self.desiredGeneration): + true' + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - configVersion + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: spec.node.name should match metadata.name + rule: self.metadata.name == self.spec.node.name + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosbuilds-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosbuilds-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..f274fba11a3 --- /dev/null +++ b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosbuilds-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,300 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1773 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: machineosbuilds.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: MachineOSBuild + listKind: MachineOSBuildList + plural: machineosbuilds + singular: machineosbuild + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Prepared")].status + name: Prepared + type: string + - jsonPath: .status.conditions[?(@.type=="Building")].status + name: Building + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Interrupted")].status + name: Interrupted + type: string + - jsonPath: .status.conditions[?(@.type=="Restarted")].status + name: Restarted + type: string + - jsonPath: .status.conditions[?(@.type=="Failed")].status + name: Failed + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MachineOSBuild describes a build process managed and deployed + by the MCO Compatibility level 4: No compatibility is provided, the API + can change at any point for any reason. These capabilities should not be + used by applications needing long term support.' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of the machine os build + properties: + configGeneration: + description: configGeneration tracks which version of MachineOSConfig + this build is based off of + format: int64 + minimum: 1 + type: integer + desiredConfig: + description: desiredConfig is the desired config we want to build + an image for. + properties: + name: + description: name is the name of the rendered MachineConfig object. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - name + type: object + machineOSConfig: + description: machineOSConfig is the config object which the build + is based off of + properties: + name: + description: name of the MachineOSConfig + type: string + required: + - name + type: object + renderedImagePushspec: + description: 'renderedImagePushspec is set from the MachineOSConfig + The format of the image pullspec is: host[:port][/namespace]/name: + or svc_name.namespace.svc[:port]/repository/name:' + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: the OCI Image reference must end with a valid :, where + '' is 64 characters long and '' is any valid string Or + it must be a valid .svc followed by a port, repository, image + name, and tag. + rule: ((self.split(':').size() == 2 && self.split(':')[1].matches('^([a-zA-Z0-9-./:])+$')) + || self.matches('^[^.]+\\.[^.]+\\.svc:\\d+\\/[^\\/]+\\/[^\\/]+:[^\\/]+$')) + - message: the OCI Image name should follow the host[:port][/namespace]/name + format, resembling a valid URL without the scheme. Or it must + be a valid .svc followed by a port, repository, image name, and + tag. + rule: ((self.split(':').size() == 2 && self.split(':')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$')) + || self.matches('^[^.]+\\.[^.]+\\.svc:\\d+\\/[^\\/]+\\/[^\\/]+:[^\\/]+$')) + version: + description: version tracks the newest MachineOSBuild for each MachineOSConfig + format: int64 + minimum: 1 + type: integer + required: + - configGeneration + - desiredConfig + - machineOSConfig + - renderedImagePushspec + - version + type: object + x-kubernetes-validations: + - message: machineOSBuildSpec is immutable once set + rule: self == oldSelf + status: + description: status describes the lst observed state of this machine os + build + properties: + buildEnd: + description: buildEnd describes when the build ended. + format: date-time + type: string + x-kubernetes-validations: + - message: buildEnd is immutable once set + rule: self == oldSelf + buildStart: + description: buildStart describes when the build started. + format: date-time + type: string + x-kubernetes-validations: + - message: buildStart is immutable once set + rule: self == oldSelf + builderReference: + description: ImageBuilderType describes the image builder set in the + MachineOSConfig + properties: + buildPod: + description: relatedObjects is a list of objects that are related + to the build process. + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + required: + - group + - name + - resource + type: object + imageBuilderType: + description: ImageBuilderType describes the image builder set + in the MachineOSConfig + type: string + required: + - imageBuilderType + type: object + x-kubernetes-validations: + - message: buildPod is required when imageBuilderType is PodImageBuilder, + and forbidden otherwise + rule: 'has(self.imageBuilderType) && self.imageBuilderType == ''PodImageBuilder'' + ? true : !has(self.buildPod)' + conditions: + description: 'conditions are state related conditions for the build. + Valid types are: Prepared, Building, Failed, Interrupted, and Succeeded + once a Build is marked as Failed, no future conditions can be set. + This is enforced by the MCO.' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + finalImagePullspec: + description: finalImagePushSpec describes the fully qualified pushspec + produced by this build that the final image can be. Must be in sha + format. + type: string + x-kubernetes-validations: + - message: the OCI Image reference must end with a valid '@sha256:' + suffix, where '' is 64 characters long + rule: ((self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))) + relatedObjects: + description: relatedObjects is a list of objects that are related + to the build process. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + required: + - group + - name + - resource + type: object + type: array + required: + - buildStart + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosconfigs-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..cfd959f7f3d --- /dev/null +++ b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosconfigs-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,352 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1773 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: machineosconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: MachineOSConfig + listKind: MachineOSConfigList + plural: machineosconfigs + singular: machineosconfig + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MachineOSConfig describes the configuration for a build process + managed by the MCO Compatibility level 4: No compatibility is provided, + the API can change at any point for any reason. These capabilities should + not be used by applications needing long term support.' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of the machineosconfig + properties: + buildInputs: + description: buildInputs is where user input options for the build + live + properties: + baseImagePullSecret: + description: baseImagePullSecret is the secret used to pull the + base image. must live in the openshift-machine-config-operator + namespace + properties: + name: + description: name is the name of the secret used to push or + pull this MachineOSConfig object. this secret must be in + the openshift-machine-config-operator namespace. + type: string + required: + - name + type: object + baseOSExtensionsImagePullspec: + description: 'baseOSExtensionsImagePullspec is the base Extensions + image used in the build process the MachineOSConfig object will + use the in cluster image registry configuration. if you wish + to use a mirror or any other settings specific to registries.conf, + please specify those in the cluster wide registries.conf. The + format of the image pullspec is: host[:port][/namespace]/name@sha256:' + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: the OCI Image reference must end with a valid '@sha256:' + suffix, where '' is 64 characters long + rule: (self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$')) + - message: the OCI Image name should follow the host[:port][/namespace]/name + format, resembling a valid URL without the scheme + rule: (self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$')) + baseOSImagePullspec: + description: 'baseOSImagePullspec is the base OSImage we use to + build our custom image. the MachineOSConfig object will use + the in cluster image registry configuration. if you wish to + use a mirror or any other settings specific to registries.conf, + please specify those in the cluster wide registries.conf. The + format of the image pullspec is: host[:port][/namespace]/name@sha256:' + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: the OCI Image reference must end with a valid '@sha256:' + suffix, where '' is 64 characters long + rule: (self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$')) + - message: the OCI Image name should follow the host[:port][/namespace]/name + format, resembling a valid URL without the scheme + rule: (self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$')) + containerFile: + description: containerFile describes the custom data the user + has specified to build into the image. this is also commonly + called a Dockerfile and you can treat it as such. The content + is the content of your Dockerfile. + items: + description: MachineOSContainerfile contains all custom content + the user wants built into the image + properties: + containerfileArch: + default: noarch + description: 'containerfileArch describes the architecture + this containerfile is to be built for this arch is optional. + If the user does not specify an architecture, it is assumed + that the content can be applied to all architectures, + or in a single arch cluster: the only architecture.' + enum: + - arm64 + - amd64 + - ppc64le + - s390x + - aarch64 + - x86_64 + - noarch + type: string + content: + description: content is the custom content to be built + type: string + required: + - content + type: object + maxItems: 7 + minItems: 0 + type: array + x-kubernetes-list-map-keys: + - containerfileArch + x-kubernetes-list-type: map + imageBuilder: + description: machineOSImageBuilder describes which image builder + will be used in each build triggered by this MachineOSConfig + properties: + imageBuilderType: + default: PodImageBuilder + description: 'imageBuilderType specifies the backend to be + used to build the image. Valid options are: PodImageBuilder' + enum: + - PodImageBuilder + type: string + required: + - imageBuilderType + type: object + releaseVersion: + description: 'releaseVersion is associated with the base OS Image. + This is the version of Openshift that the Base Image is associated + with. This field is populated from the machine-config-osimageurl + configmap in the openshift-machine-config-operator namespace. + It will come in the format: 4.16.0-0.nightly-2024-04-03-065948 + or any valid release. The MachineOSBuilder populates this field + and validates that this is a valid stream. This is used as a + label in the dockerfile that builds the OS image.' + type: string + renderedImagePushSecret: + description: renderedImagePushSecret is the secret used to connect + to a user registry. the final image push and pull secrets should + be separate for security concerns. If the final image push secret + is somehow exfiltrated, that gives someone the power to push + images to the image repository. By comparison, if the final + image pull secret gets exfiltrated, that only gives someone + to pull images from the image repository. It's basically the + principle of least permissions. this push secret will be used + only by the MachineConfigController pod to push the image to + the final destination. Not all nodes will need to push this + image, most of them will only need to pull the image in order + to use it. + properties: + name: + description: name is the name of the secret used to push or + pull this MachineOSConfig object. this secret must be in + the openshift-machine-config-operator namespace. + type: string + required: + - name + type: object + renderedImagePushspec: + description: 'renderedImagePushspec describes the location of + the final image. the MachineOSConfig object will use the in + cluster image registry configuration. if you wish to use a mirror + or any other settings specific to registries.conf, please specify + those in the cluster wide registries.conf. The format of the + image pushspec is: host[:port][/namespace]/name: or svc_name.namespace.svc[:port]/repository/name:' + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: the OCI Image reference must end with a valid :, + where '' is 64 characters long and '' is any + valid string Or it must be a valid .svc followed by a port, + repository, image name, and tag. + rule: ((self.split(':').size() == 2 && self.split(':')[1].matches('^([a-zA-Z0-9-./:])+$')) + || self.matches('^[^.]+\\.[^.]+\\.svc:\\d+\\/[^\\/]+\\/[^\\/]+:[^\\/]+$')) + - message: the OCI Image name should follow the host[:port][/namespace]/name + format, resembling a valid URL without the scheme. Or it must + be a valid .svc followed by a port, repository, image name, + and tag. + rule: ((self.split(':').size() == 2 && self.split(':')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$')) + || self.matches('^[^.]+\\.[^.]+\\.svc:\\d+\\/[^\\/]+\\/[^\\/]+:[^\\/]+$')) + required: + - baseImagePullSecret + - imageBuilder + - renderedImagePushSecret + - renderedImagePushspec + type: object + buildOutputs: + description: buildOutputs is where user input options for the build + live + properties: + currentImagePullSecret: + description: currentImagePullSecret is the secret used to pull + the final produced image. must live in the openshift-machine-config-operator + namespace the final image push and pull secrets should be separate + for security concerns. If the final image push secret is somehow + exfiltrated, that gives someone the power to push images to + the image repository. By comparison, if the final image pull + secret gets exfiltrated, that only gives someone to pull images + from the image repository. It's basically the principle of least + permissions. this pull secret will be used on all nodes in the + pool. These nodes will need to pull the final OS image and boot + into it using rpm-ostree or bootc. + properties: + name: + description: name is the name of the secret used to push or + pull this MachineOSConfig object. this secret must be in + the openshift-machine-config-operator namespace. + type: string + required: + - name + type: object + type: object + machineConfigPool: + description: machineConfigPool is the pool which the build is for + properties: + name: + description: name of the MachineConfigPool object. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - name + type: object + required: + - buildInputs + - machineConfigPool + type: object + status: + description: status describes the status of the machineosconfig + properties: + conditions: + description: conditions are state related conditions for the config. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentImagePullspec: + description: currentImagePullspec is the fully qualified image pull + spec used by the MCO to pull down the new OSImage. This must include + sha256. + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: the OCI Image reference must end with a valid '@sha256:' + suffix, where '' is 64 characters long + rule: (self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$')) + - message: the OCI Image name should follow the host[:port][/namespace]/name + format, resembling a valid URL without the scheme + rule: (self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$')) + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. this field is updated when the user changes the + configuration in BuildSettings or the MCP this object is associated + with. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_pinnedimagesets-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_pinnedimagesets-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..d8c32dc0624 --- /dev/null +++ b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_pinnedimagesets-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,165 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1713 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: pinnedimagesets.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: PinnedImageSet + listKind: PinnedImageSetList + plural: pinnedimagesets + singular: pinnedimageset + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "PinnedImageSet describes a set of images that should be pinned + by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools. + \n Compatibility level 4: No compatibility is provided, the API can change + at any point for any reason. These capabilities should not be used by applications + needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of this pinned image set. + properties: + pinnedImages: + description: "pinnedImages is a list of OCI Image referenced by digest + that should be pinned and pre-loaded by the nodes of a MachineConfigPool. + Translates into a new file inside the /etc/crio/crio.conf.d directory + with content similar to this: \n pinned_images = [ \"quay.io/openshift-release-dev/ocp-release@sha256:...\", + \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", + ... ] \n These image references should all be by digest, tags aren't + allowed." + items: + properties: + name: + description: "name is an OCI Image referenced by digest. \n + The format of the image ref is: host[:port][/namespace]/name@sha256:" + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: the OCI Image reference must end with a valid '@sha256:' + suffix, where '' is 64 characters long + rule: self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$') + - message: the OCI Image name should follow the host[:port][/namespace]/name + format, resembling a valid URL without the scheme + rule: self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$') + required: + - name + type: object + maxItems: 500 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - pinnedImages + type: object + status: + description: status describes the last observed state of this pinned image + set. + properties: + conditions: + description: conditions represent the observations of a pinned image + set's current state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/network/v1alpha1/zz_generated.crd-manifests/0000_70_dns_00_dnsnameresolvers-DevPreviewNoUpgrade.crd.yaml b/network/v1alpha1/zz_generated.crd-manifests/0000_70_dns_00_dnsnameresolvers-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..e1a28d81930 --- /dev/null +++ b/network/v1alpha1/zz_generated.crd-manifests/0000_70_dns_00_dnsnameresolvers-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,245 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1524 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: dnsnameresolvers.network.openshift.io +spec: + group: network.openshift.io + names: + kind: DNSNameResolver + listKind: DNSNameResolverList + plural: dnsnameresolvers + singular: dnsnameresolver + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "DNSNameResolver stores the DNS name resolution information of + a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It + can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade + feature set. \n Compatibility level 4: No compatibility is provided, the + API can change at any point for any reason. These capabilities should not + be used by applications needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + DNSNameResolver. + properties: + name: + description: name is the DNS name for which the DNS name resolution + information will be stored. For a regular DNS name, only the DNS + name resolution information of the regular DNS name will be stored. + For a wildcard DNS name, the DNS name resolution information of + all the DNS names that match the wildcard DNS name will be stored. + For a wildcard DNS name, the '*' will match only one label. Additionally, + only a single '*' can be used at the beginning of the wildcard DNS + name. For example, '*.example.com.' will match 'sub1.example.com.' + but won't match 'sub2.sub1.example.com.' + maxLength: 254 + pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ + type: string + x-kubernetes-validations: + - message: spec.name is immutable + rule: self == oldSelf + required: + - name + type: object + status: + description: status is the most recently observed status of the DNSNameResolver. + properties: + resolvedNames: + description: resolvedNames contains a list of matching DNS names and + their corresponding IP addresses along with their TTL and last DNS + lookup times. + items: + description: DNSNameResolverResolvedName describes the details of + a resolved DNS name. + properties: + conditions: + description: 'conditions provide information about the state + of the DNS name. Known .status.conditions.type is: "Degraded". + "Degraded" is true when the last resolution failed for the + DNS name, and false otherwise.' + items: + description: "Condition contains details for one aspect of + the current state of this API Resource. --- This struct + is intended for direct use as an array at the field path + .status.conditions. For example, \n type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: \"Available\", \"Progressing\", + and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields + }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should + be when the underlying condition changed. If that is + not known, then using the time when the API field changed + is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, + if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the + current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. The value should + be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across + resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability + to deconflict is important. The regex it matches is + (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + dnsName: + description: dnsName is the resolved DNS name matching the name + field of DNSNameResolverSpec. This field can store both regular + and wildcard DNS names which match the spec.name field. When + the spec.name field contains a regular DNS name, this field + will store the same regular DNS name after it is successfully + resolved. When the spec.name field contains a wildcard DNS + name, each resolvedName.dnsName will store the regular DNS + names which match the wildcard DNS name and have been successfully + resolved. If the wildcard DNS name can also be successfully + resolved, then this field will store the wildcard DNS name + as well. + maxLength: 254 + pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ + type: string + resolutionFailures: + description: resolutionFailures keeps the count of how many + consecutive times the DNS resolution failed for the dnsName. + If the DNS resolution succeeds then the field will be set + to zero. Upon every failure, the value of the field will be + incremented by one. The details about the DNS name will be + removed, if the value of resolutionFailures reaches 5 and + the TTL of all the associated IP addresses have expired. + format: int32 + type: integer + resolvedAddresses: + description: resolvedAddresses gives the list of associated + IP addresses and their corresponding TTLs and last lookup + times for the dnsName. + items: + description: DNSNameResolverResolvedAddress describes the + details of an IP address for a resolved DNS name. + properties: + ip: + anyOf: + - format: ipv4 + - format: ipv6 + description: ip is an IP address associated with the dnsName. + The validity of the IP address expires after lastLookupTime + + ttlSeconds. To refresh the information, a DNS lookup + will be performed upon the expiration of the IP address's + validity. If the information is not refreshed then it + will be removed with a grace period after the expiration + of the IP address's validity. + type: string + lastLookupTime: + description: lastLookupTime is the timestamp when the + last DNS lookup was completed successfully. The validity + of the IP address expires after lastLookupTime + ttlSeconds. + The value of this field will be updated to the current + time on a successful DNS lookup. If the information + is not refreshed then it will be removed with a grace + period after the expiration of the IP address's validity. + format: date-time + type: string + ttlSeconds: + description: ttlSeconds is the time-to-live value of the + IP address. The validity of the IP address expires after + lastLookupTime + ttlSeconds. On a successful DNS lookup + the value of this field will be updated with the current + time-to-live value. If the information is not refreshed + then it will be removed with a grace period after the + expiration of the IP address's validity. + format: int32 + type: integer + required: + - ip + - lastLookupTime + - ttlSeconds + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + required: + - dnsName + - resolvedAddresses + type: object + type: array + x-kubernetes-list-map-keys: + - dnsName + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..2e426af02d8 --- /dev/null +++ b/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,277 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + listKind: EtcdList + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Etcd provides information to configure an operator to manage + etcd. \n Compatibility level 1: Stable within a major release for a minimum + of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + controlPlaneHardwareSpeed: + description: HardwareSpeed allows user to change the etcd tuning profile + which configures the latency parameters for heartbeat interval and + leader election timeouts allowing the cluster to tolerate longer + round-trip-times between etcd members. Valid values are "", "Standard" + and "Slower". "" means no opinion and the platform is left to choose + a reasonable default which is subject to change without notice. + enum: + - "" + - Standard + - Slower + type: string + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod + installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment + of the operand by providing a unique string. This provides a mechanism + to kick a previously failed deployment and provide a reason why + you think it will work this time instead of failing again on the + same config. + type: string + logLevel: + default: Normal + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static + pod installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration + that was computed by the operator. Red Hat does not support the + use of this field. Misuse of this field could lead to unexpected + behavior or conflict with other configuration options. Seek guidance + from the Red Hat support before using this field. Use of this property + blocks cluster upgrades, it must be removed before upgrading your + cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed + tolerance levels + enum: + - "" + - Standard + - Slower + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + type: object + type: array + x-kubernetes-list-type: atomic + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..d4200688e48 --- /dev/null +++ b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,1293 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: machineconfigurations.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: MachineConfiguration + listKind: MachineConfigurationList + plural: machineconfigurations + singular: machineconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "MachineConfiguration provides information to configure an operator + to manage Machine Configuration. \n Compatibility level 1: Stable within + a major release for a minimum of 12 months or 3 minor releases (whichever + is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Machine Config Operator + properties: + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod + installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment + of the operand by providing a unique string. This provides a mechanism + to kick a previously failed deployment and provide a reason why + you think it will work this time instead of failing again on the + same config. + type: string + logLevel: + default: Normal + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managedBootImages: + description: managedBootImages allows configuration for the management + of boot images for machine resources within the cluster. This configuration + allows users to select resources that should be updated to the latest + boot images during cluster upgrades, ensuring that new machines + always boot with the current cluster version's boot image. When + omitted, no boot images will be updated. + properties: + machineManagers: + description: machineManagers can be used to register machine management + resources for boot image updates. The Machine Config Operator + will watch for changes to this list. Only one entry is permitted + per type of machine management resource. + items: + description: MachineManager describes a target machine resource + that is registered for boot image updates. It stores identifying + information such as the resource type and the API Group of + the resource. It also provides granular control via the selection + field. + properties: + apiGroup: + description: apiGroup is name of the APIGroup that the machine + management resource belongs to. The only current valid + value is machine.openshift.io. machine.openshift.io means + that the machine manager will only register resources + that belong to OpenShift machine API group. + enum: + - machine.openshift.io + type: string + resource: + description: resource is the machine management resource's + type. The only current valid value is machinesets. machinesets + means that the machine manager will only register resources + of the kind MachineSet. + enum: + - machinesets + type: string + selection: + description: selection allows granular control of the machine + management resources that will be registered for boot + image updates. + properties: + mode: + description: mode determines how machine managers will + be selected for updates. Valid values are All and + Partial. All means that every resource matched by + the machine manager will be updated. Partial requires + specified selector(s) and allows customisation of + which resources matched by the machine manager will + be updated. + enum: + - All + - Partial + type: string + partial: + description: partial provides label selector(s) that + can be used to match machine management resources. + Only permitted when mode is set to "Partial". + properties: + machineResourceSelector: + description: machineResourceSelector is a label + selector that can be used to select machine resources + like MachineSets. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - machineResourceSelector + type: object + required: + - mode + type: object + x-kubernetes-validations: + - message: Partial is required when type is partial, and + forbidden otherwise + rule: 'has(self.mode) && self.mode == ''Partial'' ? has(self.partial) + : !has(self.partial)' + required: + - apiGroup + - resource + - selection + type: object + type: array + x-kubernetes-list-map-keys: + - resource + - apiGroup + x-kubernetes-list-type: map + type: object + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + nodeDisruptionPolicy: + description: nodeDisruptionPolicy allows an admin to set granular + node disruption actions for MachineConfig-based updates, such as + drains, service reloads, etc. Specifying this will allow for less + downtime when doing small configuration updates to the cluster. + This configuration has no effect on cluster upgrades which will + still incur node disruption where required. + properties: + files: + description: files is a list of MachineConfig file definitions + and actions to take to changes on those paths This list supports + a maximum of 50 entries. + items: + description: NodeDisruptionPolicySpecFile is a file entry and + corresponding actions to take and is used in the NodeDisruptionPolicyConfig + object + properties: + actions: + description: actions represents the series of commands to + be executed on changes to the file at the corresponding + file path. Actions will be applied in the order that they + are set in this list. If there are other incoming changes + to other MachineConfig entries in the same update that + require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload + and None. The Reboot action and the None action cannot + be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: serviceName is the full name (e.g. + crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} + and can up to 255 characters long. ${NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and + "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: serviceName is the full name (e.g. + crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} + and can up to 255 characters long. ${NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and + "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: type represents the commands that will + be carried out if this NodeDisruptionPolicySpecActionType + is executed Valid value are Reboot, Drain, Reload, + Restart, DaemonReload, None and Special reload/restart + requires a corresponding service target specified + in the reload/restart field. Other values require + no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? + has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + path: + description: path is the location of a file being managed + through a MachineConfig. The Actions in the policy will + apply to changes to the file at this path. + type: string + required: + - actions + - path + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - path + x-kubernetes-list-type: map + sshkey: + description: sshkey maps to the ignition.sshkeys field in the + MachineConfig object, definition an action for this will apply + to all sshkey changes in the cluster + properties: + actions: + description: actions represents the series of commands to + be executed on changes to the file at the corresponding + file path. Actions will be applied in the order that they + are set in this list. If there are other incoming changes + to other MachineConfig entries in the same update that require + a reboot, the reboot will supercede these actions. Valid + actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in + conjunction with any of the other actions. This list supports + a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: serviceName is the full name (e.g. + crio.service) of the service to be reloaded Service + names should be of the format ${NAME}${SERVICETYPE} + and can up to 255 characters long. ${NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and + "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, where + ${SERVICETYPE} must be one of ".service", ".socket", + ".device", ".mount", ".automount", ".swap", + ".target", ".path", ".timer",".snapshot", ".slice" + or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: serviceName is the full name (e.g. + crio.service) of the service to be restarted Service + names should be of the format ${NAME}${SERVICETYPE} + and can up to 255 characters long. ${NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and + "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, where + ${SERVICETYPE} must be one of ".service", ".socket", + ".device", ".mount", ".automount", ".swap", + ".target", ".path", ".timer",".snapshot", ".slice" + or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: type represents the commands that will + be carried out if this NodeDisruptionPolicySpecActionType + is executed Valid value are Reboot, Drain, Reload, + Restart, DaemonReload, None and Special reload/restart + requires a corresponding service target specified + in the reload/restart field. Other values require + no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? has(self.restart) + : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) == + 1 : true' + - message: None action can only be specified standalone, as + it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + required: + - actions + type: object + units: + description: units is a list MachineConfig unit definitions and + actions to take on changes to those services This list supports + a maximum of 50 entries. + items: + description: NodeDisruptionPolicySpecUnit is a systemd unit + name and corresponding actions to take and is used in the + NodeDisruptionPolicyConfig object + properties: + actions: + description: actions represents the series of commands to + be executed on changes to the file at the corresponding + file path. Actions will be applied in the order that they + are set in this list. If there are other incoming changes + to other MachineConfig entries in the same update that + require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload + and None. The Reboot action and the None action cannot + be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: serviceName is the full name (e.g. + crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} + and can up to 255 characters long. ${NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and + "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: serviceName is the full name (e.g. + crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} + and can up to 255 characters long. ${NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and + "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: type represents the commands that will + be carried out if this NodeDisruptionPolicySpecActionType + is executed Valid value are Reboot, Drain, Reload, + Restart, DaemonReload, None and Special reload/restart + requires a corresponding service target specified + in the reload/restart field. Other values require + no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? + has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + name: + description: name represents the service name of a systemd + service managed through a MachineConfig Actions specified + will be applied for changes to the named service. Service + names should be of the format ${NAME}${SERVICETYPE} and + can up to 255 characters long. ${NAME} must be atleast + 1 character long and can only consist of alphabets, digits, + ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one + of ".service", ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" + or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. Expected + format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} + must be one of ".service", ".socket", ".device", ".mount", + ".automount", ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected format + is ${NAME}${SERVICETYPE}, where {NAME} must be atleast + 1 character long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - actions + - name + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static + pod installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration + that was computed by the operator. Red Hat does not support the + use of this field. Misuse of this field could lead to unexpected + behavior or conflict with other configuration options. Seek guidance + from the Red Hat support before using this field. Use of this property + blocks cluster upgrades, it must be removed before upgrading your + cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Machine + Config Operator + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + type: object + type: array + x-kubernetes-list-type: atomic + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeDisruptionPolicyStatus: + description: nodeDisruptionPolicyStatus status reflects what the latest + cluster-validated policies are, and will be used by the Machine + Config Daemon during future node updates. + properties: + clusterPolicies: + description: clusterPolicies is a merge of cluster default and + user provided node disruption policies. + properties: + files: + description: files is a list of MachineConfig file definitions + and actions to take to changes on those paths + items: + description: NodeDisruptionPolicyStatusFile is a file entry + and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus + object + properties: + actions: + description: actions represents the series of commands + to be executed on changes to the file at the corresponding + file path. Actions will be applied in the order that + they are set in this list. If there are other incoming + changes to other MachineConfig entries in the same + update that require a reboot, the reboot will supercede + these actions. Valid actions are Reboot, Drain, Reload, + DaemonReload and None. The Reboot action and the None + action cannot be used in conjunction with any of the + other actions. This list supports a maximum of 10 + entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: serviceName is the full name + (e.g. crio.service) of the service to be + reloaded Service names should be of the + format ${NAME}${SERVICETYPE} and can up + to 255 characters long. ${NAME} must be + atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", + and "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to + restart, only valid if type is restart + properties: + serviceName: + description: serviceName is the full name + (e.g. crio.service) of the service to be + restarted Service names should be of the + format ${NAME}${SERVICETYPE} and can up + to 255 characters long. ${NAME} must be + atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", + and "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: type represents the commands that + will be carried out if this NodeDisruptionPolicyStatusActionType + is executed Valid value are Reboot, Drain, Reload, + Restart, DaemonReload, None and Special reload/restart + requires a corresponding service target specified + in the reload/restart field. Other values require + no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' + ? has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + path: + description: path is the location of a file being managed + through a MachineConfig. The Actions in the policy + will apply to changes to the file at this path. + type: string + required: + - actions + - path + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - path + x-kubernetes-list-type: map + sshkey: + description: sshkey is the overall sshkey MachineConfig definition + properties: + actions: + description: actions represents the series of commands + to be executed on changes to the file at the corresponding + file path. Actions will be applied in the order that + they are set in this list. If there are other incoming + changes to other MachineConfig entries in the same update + that require a reboot, the reboot will supercede these + actions. Valid actions are Reboot, Drain, Reload, DaemonReload + and None. The Reboot action and the None action cannot + be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: serviceName is the full name (e.g. + crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} + and can up to 255 characters long. ${NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\". ${SERVICETYPE} must be one of + ".service", ".socket", ".device", ".mount", + ".automount", ".swap", ".target", ".path", + ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: serviceName is the full name (e.g. + crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} + and can up to 255 characters long. ${NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\". ${SERVICETYPE} must be one of + ".service", ".socket", ".device", ".mount", + ".automount", ".swap", ".target", ".path", + ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: type represents the commands that will + be carried out if this NodeDisruptionPolicyStatusActionType + is executed Valid value are Reboot, Drain, Reload, + Restart, DaemonReload, None and Special reload/restart + requires a corresponding service target specified + in the reload/restart field. Other values require + no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? + has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + required: + - actions + type: object + units: + description: units is a list MachineConfig unit definitions + and actions to take on changes to those services + items: + description: NodeDisruptionPolicyStatusUnit is a systemd + unit name and corresponding actions to take and is used + in the NodeDisruptionPolicyClusterStatus object + properties: + actions: + description: actions represents the series of commands + to be executed on changes to the file at the corresponding + file path. Actions will be applied in the order that + they are set in this list. If there are other incoming + changes to other MachineConfig entries in the same + update that require a reboot, the reboot will supercede + these actions. Valid actions are Reboot, Drain, Reload, + DaemonReload and None. The Reboot action and the None + action cannot be used in conjunction with any of the + other actions. This list supports a maximum of 10 + entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: serviceName is the full name + (e.g. crio.service) of the service to be + reloaded Service names should be of the + format ${NAME}${SERVICETYPE} and can up + to 255 characters long. ${NAME} must be + atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", + and "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to + restart, only valid if type is restart + properties: + serviceName: + description: serviceName is the full name + (e.g. crio.service) of the service to be + restarted Service names should be of the + format ${NAME}${SERVICETYPE} and can up + to 255 characters long. ${NAME} must be + atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", + and "\". ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer", ".snapshot", + ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: type represents the commands that + will be carried out if this NodeDisruptionPolicyStatusActionType + is executed Valid value are Reboot, Drain, Reload, + Restart, DaemonReload, None and Special reload/restart + requires a corresponding service target specified + in the reload/restart field. Other values require + no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' + ? has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + name: + description: name represents the service name of a systemd + service managed through a MachineConfig Actions specified + will be applied for changes to the named service. + Service names should be of the format ${NAME}${SERVICETYPE} + and can up to 255 characters long. ${NAME} must be + atleast 1 character long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} + must be one of ".service", ".socket", ".device", ".mount", + ".automount", ".swap", ".target", ".path", ".timer", + ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. Expected + format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} + must be one of ".service", ".socket", ".device", + ".mount", ".automount", ".swap", ".target", ".path", + ".timer",".snapshot", ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - actions + - name + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..51728c8f5d8 --- /dev/null +++ b/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,408 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/701 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: clustercsidrivers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: ClusterCSIDriver + listKind: ClusterCSIDriverList + plural: clustercsidrivers + singular: clustercsidriver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ClusterCSIDriver object allows management and configuration + of a CSI driver operator installed by default in OpenShift. Name of the + object must be name of the CSI driver it operates. See CSIDriverName type + for list of allowed values. \n Compatibility level 1: Stable within a major + release for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + properties: + name: + enum: + - ebs.csi.aws.com + - efs.csi.aws.com + - disk.csi.azure.com + - file.csi.azure.com + - filestore.csi.storage.gke.io + - pd.csi.storage.gke.io + - cinder.csi.openstack.org + - csi.vsphere.vmware.com + - manila.csi.openstack.org + - csi.ovirt.org + - csi.kubevirt.io + - csi.sharedresource.openshift.io + - diskplugin.csi.alibabacloud.com + - vpc.block.csi.ibm.io + - powervs.csi.ibm.com + - secrets-store.csi.k8s.io + - smb.csi.k8s.io + type: string + type: object + spec: + description: spec holds user settable values for configuration + properties: + driverConfig: + description: driverConfig can be used to specify platform specific + driver configuration. When omitted, this means no opinion and the + platform is left to choose reasonable defaults. These defaults are + subject to change over time. + properties: + aws: + description: aws is used to configure the AWS CSI driver. + properties: + kmsKeyARN: + description: kmsKeyARN sets the cluster default storage class + to encrypt volumes with a user-defined KMS key, rather than + the default KMS key used by AWS. The value may be either + the ARN or Alias ARN of a KMS key. + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ + type: string + type: object + azure: + description: azure is used to configure the Azure CSI driver. + properties: + diskEncryptionSet: + description: diskEncryptionSet sets the cluster default storage + class to encrypt volumes with a customer-managed encryption + set, rather than the default platform-managed keys. + properties: + name: + description: name is the name of the disk encryption set + that will be set on the default storage class. The value + should consist of only alphanumberic characters, underscores + (_), hyphens, and be at most 80 characters in length. + maxLength: 80 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + resourceGroup: + description: resourceGroup defines the Azure resource + group that contains the disk encryption set. The value + should consist of only alphanumberic characters, underscores + (_), parentheses, hyphens and periods. The value should + not end in a period and be at most 90 characters in + length. + maxLength: 90 + pattern: ^[\w\.\-\(\)]*[\w\-\(\)]$ + type: string + subscriptionID: + description: 'subscriptionID defines the Azure subscription + that contains the disk encryption set. The value should + meet the following conditions: 1. It should be a 128-bit + number. 2. It should be 36 characters (32 hexadecimal + characters and 4 hyphens) long. 3. It should be displayed + in five groups separated by hyphens (-). 4. The first + group should be 8 characters long. 5. The second, third, + and fourth groups should be 4 characters long. 6. The + fifth group should be 12 characters long. An Example + SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378' + maxLength: 36 + pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ + type: string + required: + - name + - resourceGroup + - subscriptionID + type: object + type: object + driverType: + description: 'driverType indicates type of CSI driver for which + the driverConfig is being applied to. Valid values are: AWS, + Azure, GCP, IBMCloud, vSphere and omitted. Consumers should + treat unknown values as a NO-OP.' + enum: + - "" + - AWS + - Azure + - GCP + - IBMCloud + - vSphere + type: string + gcp: + description: gcp is used to configure the GCP CSI driver. + properties: + kmsKey: + description: kmsKey sets the cluster default storage class + to encrypt volumes with customer-supplied encryption keys, + rather than the default keys managed by GCP. + properties: + keyRing: + description: keyRing is the name of the KMS Key Ring which + the KMS Key belongs to. The value should correspond + to an existing KMS key ring and should consist of only + alphanumeric characters, hyphens (-) and underscores + (_), and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + location: + description: location is the GCP location in which the + Key Ring exists. The value must match an existing GCP + location, or "global". Defaults to global, if not set. + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + name: + description: name is the name of the customer-managed + encryption key to be used for disk encryption. The value + should correspond to an existing KMS key and should + consist of only alphanumeric characters, hyphens (-) + and underscores (_), and be at most 63 characters in + length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + projectID: + description: projectID is the ID of the Project in which + the KMS Key Ring exists. It must be 6 to 30 lowercase + letters, digits, or hyphens. It must start with a letter. + Trailing hyphens are prohibited. + maxLength: 30 + minLength: 6 + pattern: ^[a-z][a-z0-9-]+[a-z0-9]$ + type: string + required: + - keyRing + - name + - projectID + type: object + type: object + ibmcloud: + description: ibmcloud is used to configure the IBM Cloud CSI driver. + properties: + encryptionKeyCRN: + description: encryptionKeyCRN is the IBM Cloud CRN of the + customer-managed root key to use for disk encryption of + volumes for the default storage classes. + maxLength: 154 + minLength: 144 + pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ + type: string + required: + - encryptionKeyCRN + type: object + vSphere: + description: vsphere is used to configure the vsphere CSI driver. + properties: + globalMaxSnapshotsPerBlockVolume: + description: 'globalMaxSnapshotsPerBlockVolume is a global + configuration parameter that applies to volumes on all kinds + of datastores. If omitted, the platform chooses a default, + which is subject to change over time, currently that default + is 3. Snapshots can not be disabled using this parameter. + Increasing number of snapshots above 3 can have negative + impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 + Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html' + format: int32 + maximum: 32 + minimum: 1 + type: integer + granularMaxSnapshotsPerBlockVolumeInVSAN: + description: granularMaxSnapshotsPerBlockVolumeInVSAN is a + granular configuration parameter on vSAN datastore only. + It overrides GlobalMaxSnapshotsPerBlockVolume if set, while + it falls back to the global constraint if unset. Snapshots + for VSAN can not be disabled using this parameter. + format: int32 + maximum: 32 + minimum: 1 + type: integer + granularMaxSnapshotsPerBlockVolumeInVVOL: + description: granularMaxSnapshotsPerBlockVolumeInVVOL is a + granular configuration parameter on Virtual Volumes datastore + only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, + while it falls back to the global constraint if unset. Snapshots + for VVOL can not be disabled using this parameter. + format: int32 + maximum: 32 + minimum: 1 + type: integer + topologyCategories: + description: topologyCategories indicates tag categories with + which vcenter resources such as hostcluster or datacenter + were tagged with. If cluster Infrastructure object has a + topology, values specified in Infrastructure object will + be used and modifications to topologyCategories will be + rejected. + items: + type: string + type: array + type: object + required: + - driverType + type: object + x-kubernetes-validations: + - message: ibmcloud must be set if driverType is 'IBMCloud', but remain + unset otherwise + rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ? + has(self.ibmcloud) : !has(self.ibmcloud)' + logLevel: + default: Normal + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + storageClassState: + description: StorageClassState determines if CSI operator should create + and manage storage classes. If this field value is empty or Managed + - CSI operator will continuously reconcile storage class and create + if necessary. If this field value is Unmanaged - CSI operator will + not reconcile any previously created storage class. If this field + value is Removed - CSI operator will delete the storage class it + created previously. When omitted, this means the user has no opinion + and the platform chooses a reasonable default, which is subject + to change over time. The current default behaviour is Managed. + enum: + - "" + - Managed + - Unmanaged + - Removed + type: string + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration + that was computed by the operator. Red Hat does not support the + use of this field. Misuse of this field could lead to unexpected + behavior or conflict with other configuration options. Seek guidance + from the Red Hat support before using this field. Use of this property + blocks cluster upgrades, it must be removed before upgrading your + cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operator/v1alpha1/zz_generated.crd-manifests/0000_10_etcd_01_etcdbackups-DevPreviewNoUpgrade.crd.yaml b/operator/v1alpha1/zz_generated.crd-manifests/0000_10_etcd_01_etcdbackups-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..45b1a9d5bbf --- /dev/null +++ b/operator/v1alpha1/zz_generated.crd-manifests/0000_10_etcd_01_etcdbackups-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1482 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: etcdbackups.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: EtcdBackup + listKind: EtcdBackupList + plural: etcdbackups + singular: etcdbackup + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "# EtcdBackup provides configuration options and status for a + one-time backup attempt of the etcd cluster \n Compatibility level 4: No + compatibility is provided, the API can change at any point for any reason. + These capabilities should not be used by applications needing long term + support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + pvcName: + description: PVCName specifies the name of the PersistentVolumeClaim + (PVC) which binds a PersistentVolume where the etcd backup file + would be saved The PVC itself must always be created in the "openshift-etcd" + namespace If the PVC is left unspecified "" then the platform will + choose a reasonable default location to save the backup. In the + future this would be backups saved across the control-plane master + nodes. + type: string + x-kubernetes-validations: + - message: pvcName is immutable once set + rule: self == oldSelf + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + backupJob: + description: backupJob is the reference to the Job that executes the + backup. Optional + properties: + name: + description: name is the name of the Job. Required + type: string + namespace: + description: namespace is the namespace of the Job. this is always + expected to be "openshift-etcd" since the user provided PVC + is also required to be in "openshift-etcd" Required + pattern: ^openshift-etcd$ + type: string + required: + - name + - namespace + type: object + conditions: + description: conditions provide details on the status of the etcd + backup job. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operator/v1alpha1/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-DevPreviewNoUpgrade.crd.yaml b/operator/v1alpha1/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..8a18f4bc37d --- /dev/null +++ b/operator/v1alpha1/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,179 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1504 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: olms.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: OLM + listKind: OLMList + plural: olms + singular: olm + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "OLM provides information to configure an operator to manage + the OLM controllers \n Compatibility level 4: No compatibility is provided, + the API can change at any point for any reason. These capabilities should + not be used by applications needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration + that was computed by the operator. Red Hat does not support the + use of this field. Misuse of this field could lead to unexpected + behavior or conflict with other configuration options. Seek guidance + from the Red Hat support before using this field. Use of this property + blocks cluster upgrades, it must be removed before upgrading your + cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - metadata + - spec + type: object + x-kubernetes-validations: + - message: olm is a singleton, .metadata.name must be 'cluster' + rule: self.metadata.name == 'cluster' + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_10_config-operator_01_authentications-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_authentications-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..028ae8f3f53 --- /dev/null +++ b/payload-manifests/crds/0000_10_config-operator_01_authentications-SelfManagedHA-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,553 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: authentications.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Authentication + listKind: AuthenticationList + plural: authentications + singular: authentication + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Authentication specifies cluster-wide settings for authentication + (like OAuth and webhook token authenticators). The canonical name of an + instance is `cluster`. \n Compatibility level 1: Stable within a major release + for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + oauthMetadata: + description: 'oauthMetadata contains the discovery endpoint data for + OAuth 2.0 Authorization Server Metadata for an external OAuth server. + This discovery document can be viewed from its served location: + oc get --raw ''/.well-known/oauth-authorization-server'' For further + details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + If oauthMetadata.name is non-empty, this value has precedence over + any metadata reference stored in status. The key "oauthMetadata" + is used to locate the data. If specified and the config map or expected + key is not found, no metadata is served. If the specified metadata + is not valid, no metadata is served. The namespace for this config + map is openshift-config.' + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + oidcProviders: + description: "OIDCProviders are OIDC identity providers that can issue + tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". + \n At most one provider can be configured." + items: + properties: + claimMappings: + description: ClaimMappings describes rules on how to transform + information from an ID token into a cluster identity + properties: + groups: + description: Groups is a name of the claim that should be + used to construct groups for the cluster identity. The + referenced claim must use array of strings values. + properties: + claim: + description: Claim is a JWT token claim to be used in + the mapping + type: string + prefix: + description: "Prefix is a string to prefix the value + from the token in the result of the claim mapping. + \n By default, no prefixing occurs. \n Example: if + `prefix` is set to \"myoidc:\"\" and the `claim` in + JWT contains an array of strings \"a\", \"b\" and + \ \"c\", the mapping will result in an array of string + \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." + type: string + required: + - claim + type: object + username: + description: "Username is a name of the claim that should + be used to construct usernames for the cluster identity. + \n Default value: \"sub\"" + properties: + claim: + description: Claim is a JWT token claim to be used in + the mapping + type: string + prefix: + properties: + prefixString: + minLength: 1 + type: string + required: + - prefixString + type: object + prefixPolicy: + description: "PrefixPolicy specifies how a prefix should + apply. \n By default, claims other than `email` will + be prefixed with the issuer URL to prevent naming + clashes with other plugins. \n Set to \"NoPrefix\" + to disable prefixing. \n Example: (1) `prefix` is + set to \"myoidc:\" and `claim` is set to \"username\". + If the JWT claim `username` contains value `userA`, + the resulting mapped value will be \"myoidc:userA\". + (2) `prefix` is set to \"myoidc:\" and `claim` is + set to \"email\". If the JWT `email` claim contains + value \"userA@myoidc.tld\", the resulting mapped value + will be \"myoidc:userA@myoidc.tld\". (3) `prefix` + is unset, `issuerURL` is set to `https://myoidc.tld`, + the JWT claims include \"username\":\"userA\" and + \"email\":\"userA@myoidc.tld\", and `claim` is set + to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" + (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" + enum: + - "" + - NoPrefix + - Prefix + type: string + required: + - claim + type: object + x-kubernetes-validations: + - message: prefix must be set if prefixPolicy is 'Prefix', + but must remain unset otherwise + rule: 'has(self.prefixPolicy) && self.prefixPolicy == + ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) + > 0) : !has(self.prefix)' + type: object + claimValidationRules: + description: ClaimValidationRules are rules that are applied + to validate token claims to authenticate users. + items: + properties: + requiredClaim: + description: RequiredClaim allows configuring a required + claim name and its expected value + properties: + claim: + description: Claim is a name of a required claim. + Only claims with string values are supported. + minLength: 1 + type: string + requiredValue: + description: RequiredValue is the required value for + the claim. + minLength: 1 + type: string + required: + - claim + - requiredValue + type: object + type: + default: RequiredClaim + description: Type sets the type of the validation rule + enum: + - RequiredClaim + type: string + type: object + type: array + x-kubernetes-list-type: atomic + issuer: + description: Issuer describes atributes of the OIDC token issuer + properties: + audiences: + description: Audiences is an array of audiences that the + token was issued for. Valid tokens must include at least + one of these values in their "aud" claim. Must be set + to exactly one value. + items: + minLength: 1 + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + issuerCertificateAuthority: + description: CertificateAuthority is a reference to a config + map in the configuration namespace. The .data of the configMap + must contain the "ca-bundle.crt" key. If unset, system + trust is used instead. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + issuerURL: + description: URL is the serving URL of the token issuer. + Must use the https:// scheme. + pattern: ^https:\/\/[^\s] + type: string + required: + - audiences + - issuerURL + type: object + name: + description: Name of the OIDC provider + minLength: 1 + type: string + oidcClients: + description: OIDCClients contains configuration for the platform's + clients that need to request tokens from the issuer + items: + properties: + clientID: + description: ClientID is the identifier of the OIDC client + from the OIDC provider + minLength: 1 + type: string + clientSecret: + description: ClientSecret refers to a secret in the `openshift-config` + namespace that contains the client secret in the `clientSecret` + key of the `.data` field + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + componentName: + description: ComponentName is the name of the component + that is supposed to consume this client configuration + maxLength: 256 + minLength: 1 + type: string + componentNamespace: + description: ComponentNamespace is the namespace of the + component that is supposed to consume this client configuration + maxLength: 63 + minLength: 1 + type: string + extraScopes: + description: ExtraScopes is an optional set of scopes + to request tokens with. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - clientID + - componentName + - componentNamespace + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - componentNamespace + - componentName + x-kubernetes-list-type: map + required: + - issuer + - name + type: object + maxItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceAccountIssuer: + description: 'serviceAccountIssuer is the identifier of the bound + service account token issuer. The default is https://kubernetes.default.svc + WARNING: Updating this field will not result in immediate invalidation + of all bound tokens with the previous issuer value. Instead, the + tokens issued by previous service account issuer will continue to + be trusted for a time period chosen by the platform (currently set + to 24h). This time period is subject to change over time. This allows + internal components to transition to use new service account issuer + without service distruption.' + type: string + type: + description: type identifies the cluster managed, user facing authentication + mode in use. Specifically, it manages the component that responds + to login attempts. The default is IntegratedOAuth. + enum: + - "" + - None + - IntegratedOAuth + - OIDC + type: string + webhookTokenAuthenticator: + description: "webhookTokenAuthenticator configures a remote token + reviewer. These remote authentication webhooks can be used to verify + bearer tokens via the tokenreviews.authentication.k8s.io REST API. + This is required to honor bearer tokens that are provisioned by + an external authentication service. \n Can only be set if \"Type\" + is set to \"None\"." + properties: + kubeConfig: + description: "kubeConfig references a secret that contains kube + config file data which describes how to access the remote webhook + service. The namespace for the referenced secret is openshift-config. + \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + \n The key \"kubeConfig\" is used to locate the data. If the + secret or expected key is not found, the webhook is not honored. + If the specified kube config data is not valid, the webhook + is not honored." + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + required: + - name + type: object + required: + - kubeConfig + type: object + webhookTokenAuthenticators: + description: webhookTokenAuthenticators is DEPRECATED, setting it + has no effect. + items: + description: deprecatedWebhookTokenAuthenticator holds the necessary + configuration options for a remote token authenticator. It's the + same as WebhookTokenAuthenticator but it's missing the 'required' + validation on KubeConfig field. + properties: + kubeConfig: + description: 'kubeConfig contains kube config file data which + describes how to access the remote webhook service. For further + details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + The key "kubeConfig" is used to locate the data. If the secret + or expected key is not found, the webhook is not honored. + If the specified kube config data is not valid, the webhook + is not honored. The namespace for this secret is determined + by the point of use.' + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + integratedOAuthMetadata: + description: 'integratedOAuthMetadata contains the discovery endpoint + data for OAuth 2.0 Authorization Server Metadata for the in-cluster + integrated OAuth server. This discovery document can be viewed from + its served location: oc get --raw ''/.well-known/oauth-authorization-server'' + For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + This contains the observed value based on cluster state. An explicitly + set value in spec.oauthMetadata has precedence over this field. + This field has no meaning if authentication spec.type is not set + to IntegratedOAuth. The key "oauthMetadata" is used to locate the + data. If the config map or expected key is not found, no metadata + is served. If the specified metadata is not valid, no metadata is + served. The namespace for this config map is openshift-config-managed.' + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + oidcClients: + description: OIDCClients is where participating operators place the + current OIDC client status for OIDC clients that can be customized + by the cluster-admin. + items: + properties: + componentName: + description: ComponentName is the name of the component that + will consume a client configuration. + maxLength: 256 + minLength: 1 + type: string + componentNamespace: + description: ComponentNamespace is the namespace of the component + that will consume a client configuration. + maxLength: 63 + minLength: 1 + type: string + conditions: + description: "Conditions are used to communicate the state of + the `oidcClients` entry. \n Supported conditions include Available, + Degraded and Progressing. \n If Available is true, the component + is successfully using the configured client. If Degraded is + true, that means something has gone wrong trying to handle + the client configuration. If Progressing is true, that means + the component is taking some action related to the `oidcClients` + entry." + items: + description: "Condition contains details for one aspect of + the current state of this API Resource. --- This struct + is intended for direct use as an array at the field path + .status.conditions. For example, \n type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: \"Available\", \"Progressing\", + and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields + }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should + be when the underlying condition changed. If that is + not known, then using the time when the API field changed + is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, + if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the + current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. The value should + be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across + resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability + to deconflict is important. The regex it matches is + (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + consumingUsers: + description: ConsumingUsers is a slice of ServiceAccounts that + need to have read permission on the `clientSecret` secret. + items: + description: ConsumingUser is an alias for string which we + add validation to. Currently only service accounts are supported. + maxLength: 512 + minLength: 1 + pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + maxItems: 5 + type: array + x-kubernetes-list-type: set + currentOIDCClients: + description: CurrentOIDCClients is a list of clients that the + component is currently using. + items: + properties: + clientID: + description: ClientID is the identifier of the OIDC client + from the OIDC provider + minLength: 1 + type: string + issuerURL: + description: URL is the serving URL of the token issuer. + Must use the https:// scheme. + pattern: ^https:\/\/[^\s] + type: string + oidcProviderName: + description: OIDCName refers to the `name` of the provider + from `oidcProviders` + minLength: 1 + type: string + required: + - clientID + - issuerURL + - oidcProviderName + type: object + type: array + x-kubernetes-list-map-keys: + - issuerURL + - clientID + x-kubernetes-list-type: map + required: + - componentName + - componentNamespace + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - componentNamespace + - componentName + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: all oidcClients in the oidcProviders must match their componentName + and componentNamespace to either a previously configured oidcClient or + they must exist in the status.oidcClients + rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) + || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace + == specC.componentNamespace && statusC.componentName == specC.componentName) + || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, + oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, + oldC.componentNamespace == specC.componentNamespace && oldC.componentName + == specC.componentName)))))' + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_10_config-operator_01_featuregates.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_featuregates.crd.yaml index b179eee0ab0..c27cb73e2d3 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_featuregates.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_featuregates.crd.yaml @@ -80,6 +80,9 @@ spec: - message: TechPreviewNoUpgrade may not be changed rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade'' : true' + - message: DevPreviewNoUpgrade may not be changed + rule: 'oldSelf == ''DevPreviewNoUpgrade'' ? self == ''DevPreviewNoUpgrade'' + : true' type: object status: description: status holds observed values from the cluster. They may not diff --git a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..5e12ca8e224 --- /dev/null +++ b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,2149 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: infrastructures.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Infrastructure holds cluster-wide information about Infrastructure. + \ The canonical name is `cluster` \n Compatibility level 1: Stable within + a major release for a minimum of 12 months or 3 minor releases (whichever + is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing + the cloud provider configuration file. This configuration file is + used to configure the Kubernetes cloud provider integration when + using the built-in cloud provider integration or the external cloud + controller manager. The namespace for this config map is openshift-config. + \n cloudConfig should only be consumed by the kube_cloud_config + controller. The controller is responsible for using the user configuration + in the spec for various platforms and combining that with the user + provided ConfigMap in this field to create a stitched kube cloud + config. The controller generates a ConfigMap `kube-cloud-config` + in `openshift-config-managed` namespace with the kube cloud config + is stored in `cloud.conf` key. All the clients are expected to use + the generated ConfigMap only." + properties: + key: + description: Key allows pointing to a specific key/value inside + of the configmap. This is useful for logical file references. + type: string + name: + type: string + type: object + platformSpec: + description: platformSpec holds desired information specific to the + underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba + Cloud infrastructure provider. + type: object + aws: + description: AWS contains settings specific to the Amazon Web + Services infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration + of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + pattern: ^https:// + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure + provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal + platform. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IP addresses, + one from IPv4 family and one from IPv6. In single stack + clusters a single IP address is expected. When omitted, + values from the status.apiServerInternalIPs will be used. + Once set, the list cannot be completely removed (but its + second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 + address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IP + addresses, one from IPv4 family and one from IPv6. In single + stack clusters a single IP address is expected. When omitted, + values from the status.ingressIPs will be used. Once set, + the list cannot be completely removed (but its second entry + can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address + and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. Each network is provided + in the CIDR format and should be IPv4 or IPv6, for example + "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix + Metal infrastructure provider. + type: object + external: + description: ExternalPlatformType represents generic infrastructure + provider. Platform-specific components should be supplemented + separately. + properties: + platformName: + default: Unknown + description: PlatformName holds the arbitrary string representing + the infrastructure provider name, expected to be set at + the installation time. This field is solely for informational + and reporting purposes and is not expected to be used for + decision-making. + type: string + x-kubernetes-validations: + - message: platform name cannot be changed once set + rule: oldSelf == 'Unknown' || self == oldSelf + type: object + gcp: + description: GCP contains settings specific to the Google Cloud + Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt + infrastructure provider. + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix + infrastructure provider. + properties: + failureDomains: + description: failureDomains configures failure domains information + for the Nutanix platform. When set, the failure domains + defined here may be used to spread Machines across prism + element clusters to improve fault tolerance of the cluster. + items: + description: NutanixFailureDomain configures failure domain + information for the Nutanix platform. + properties: + cluster: + description: cluster is to identify the cluster (the + Prism Element under management of the Prism Central), + in which the Machine's VM will be created. The cluster + identifier (uuid or name) can be obtained from the + Prism Central console or using the prism_central API. + properties: + name: + description: name is the resource name in the PC. + It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use + for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource in + the PC. It cannot be empty if the type is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type + is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) + : !has(self.uuid)' + - message: name configuration is required when type + is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) + : !has(self.name)' + name: + description: name defines the unique name of a failure + domain. Name is required and must be at most 64 characters + in length. It must consist of only lower case alphanumeric + characters and hyphens (-). It must start and end + with an alphanumeric character. This value is arbitrary + and is used to identify the failure domain within + the platform. + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + type: string + subnets: + description: subnets holds a list of identifiers (one + or more) of the cluster's network subnets for the + Machine's VM to connect to. The subnet identifiers + (uuid or name) can be obtained from the Prism Central + console or using the prism_central API. + items: + description: NutanixResourceIdentifier holds the identity + of a Nutanix PC resource (cluster, image, subnet, + etc.) + properties: + name: + description: name is the resource name in the + PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use + for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource + in the PC. It cannot be empty if the type is + UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type + is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) + : !has(self.uuid)' + - message: name configuration is required when type + is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) + : !has(self.name)' + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + required: + - cluster + - name + - subnets + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + prismCentral: + description: prismCentral holds the endpoint address and port + to access the Nutanix Prism Central. When a cluster-wide + proxy is installed, by default, this endpoint will be accessed + via the proxy. Should you wish for communication with this + endpoint not to be proxied, please add the endpoint to the + proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS name + or IP address) of the Nutanix Prism Central or Element + (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the Nutanix + Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + prismElements: + description: prismElements holds one or more endpoint address + and port data to access the Nutanix Prism Elements (clusters) + of the Nutanix Prism Central. Currently we only support + one Prism Element (cluster) for an OpenShift cluster, where + all the Nutanix resources (VMs, subnets, volumes, etc.) + used in the OpenShift cluster are located. In the future, + we may support Nutanix resources (VMs, etc.) spread over + multiple Prism Elements (clusters) of the Prism Central. + items: + description: NutanixPrismElementEndpoint holds the name + and endpoint data for a Prism Element (cluster) + properties: + endpoint: + description: endpoint holds the endpoint address and + port data of the Prism Element (cluster). When a cluster-wide + proxy is installed, by default, this endpoint will + be accessed via the proxy. Should you wish for communication + with this endpoint not to be proxied, please add the + endpoint to the proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS + name or IP address) of the Nutanix Prism Central + or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the + Nutanix Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + name: + description: name is the name of the Prism Element (cluster). + This value will correspond with the cluster field + configured on other resources (eg Machines, PVCs, + etc). + maxLength: 256 + type: string + required: + - endpoint + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - prismCentral + - prismElements + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack + infrastructure provider. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IP addresses, + one from IPv4 family and one from IPv6. In single stack + clusters a single IP address is expected. When omitted, + values from the status.apiServerInternalIPs will be used. + Once set, the list cannot be completely removed (but its + second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 + address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IP + addresses, one from IPv4 family and one from IPv6. In single + stack clusters a single IP address is expected. When omitted, + values from the status.ingressIPs will be used. Once set, + the list cannot be completely removed (but its second entry + can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address + and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. Each network is provided + in the CIDR format and should be IPv4 or IPv6, for example + "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure + provider. + type: object + powervs: + description: PowerVS contains settings specific to the IBM Power + Systems Virtual Servers infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints + which will override the default service endpoints of a Power + VS service. + items: + description: PowervsServiceEndpoint stores the configuration + of a custom url to override existing defaults of PowerVS + Services. + properties: + name: + description: name is the name of the Power VS service. + Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api + ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller + Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + description: type is the underlying infrastructure provider for + the cluster. This value controls whether infrastructure automation + such as service load balancers, dynamic volume provisioning, + machine creation and deletion, and other integrations are enabled. + If None, no infrastructure automation is enabled. Allowed values + are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", + "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", + "Nutanix" and "None". Individual components may not support + all platforms, and must handle unrecognized platforms as None + if they do not support that platform. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the VSphere + infrastructure provider. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IP addresses, + one from IPv4 family and one from IPv6. In single stack + clusters a single IP address is expected. When omitted, + values from the status.apiServerInternalIPs will be used. + Once set, the list cannot be completely removed (but its + second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 + address and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + failureDomains: + description: failureDomains contains the definition of region, + zone and the vCenter topology. If this is omitted failure + domains (regions and zones) will not be used. + items: + description: VSpherePlatformFailureDomainSpec holds the + region and zone failure domain and the vCenter topology + of that failure domain. + properties: + name: + description: name defines the arbitrary but unique name + of a failure domain. + maxLength: 256 + minLength: 1 + type: string + region: + description: region defines the name of a region tag + that will be attached to a vCenter datacenter. The + tag category in vCenter must be named openshift-region. + maxLength: 80 + minLength: 1 + type: string + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name + or the IP address of the vCenter server. --- + maxLength: 255 + minLength: 1 + type: string + topology: + description: Topology describes a given failure domain + using vSphere constructs + properties: + computeCluster: + description: computeCluster the absolute path of + the vCenter cluster in which virtual machine will + be located. The absolute path is of the form //host/. + The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*? + type: string + datacenter: + description: datacenter is the name of vCenter datacenter + in which virtual machines will be located. The + maximum length of the datacenter name is 80 characters. + maxLength: 80 + type: string + datastore: + description: datastore is the absolute path of the + datastore in which the virtual machine is located. + The absolute path is of the form //datastore/ + The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/datastore/.*? + type: string + folder: + description: folder is the absolute path of the + folder where virtual machines are located. The + absolute path is of the form //vm/. + The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/vm/.*? + type: string + networks: + description: networks is the list of port group + network names within this failure domain. Currently, + we only support a single interface per RHCOS virtual + machine. The available networks (port groups) + can be listed using `govc ls 'network/*'` The + single interface should be the absolute path of + the form //network/. + items: + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + resourcePool: + description: resourcePool is the absolute path of + the resource pool where virtual machines will + be created. The absolute path is of the form //host//Resources/. + The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*?/Resources.* + type: string + template: + description: "template is the full inventory path + of the virtual machine or template that will be + cloned when creating new machines in this failure + domain. The maximum length of the path is 2048 + characters. \n When omitted, the template will + be calculated by the control plane machineset + operator based on the region and zone defined + in VSpherePlatformFailureDomainSpec. For example, + for zone=zonea, region=region1, and infrastructure + name=test, the template path would be calculated + as //vm/test-rhcos-region1-zonea." + maxLength: 2048 + minLength: 1 + pattern: ^/.*?/vm/.*? + type: string + required: + - computeCluster + - datacenter + - datastore + - networks + type: object + zone: + description: zone defines the name of a zone tag that + will be attached to a vCenter cluster. The tag category + in vCenter must be named openshift-zone. + maxLength: 80 + minLength: 1 + type: string + required: + - name + - region + - server + - topology + - zone + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IP + addresses, one from IPv4 family and one from IPv6. In single + stack clusters a single IP address is expected. When omitted, + values from the status.ingressIPs will be used. Once set, + the list cannot be completely removed (but its second entry + can). + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address + and at most one IPv6 address + rule: 'size(self) == 2 && isIP(self[0]) && isIP(self[1]) + ? ip(self[0]).family() != ip(self[1]).family() : true' + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. Each network is provided + in the CIDR format and should be IPv4 or IPv6, for example + "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeNetworking: + description: nodeNetworking contains the definition of internal + and external network constraints for assigning the node's + networking. If this field is omitted, networking defaults + to the legacy address selection behavior which is to only + support a single address and return the first one found. + properties: + external: + description: external represents the network configuration + of the node that is externally routable. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses + in subnet ranges will be excluded when selecting + the IP address from the VirtualMachine's VM for + use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + x-kubernetes-list-type: atomic + network: + description: network VirtualMachine's VM Network names + that will be used to when searching for status.addresses + fields. Note that if internal.networkSubnetCIDR + and external.networkSubnetCIDR are not set, then + the vNIC associated to this network must only have + a single IP address assigned to it. The available + networks (port groups) can be listed using `govc + ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's + network interfaces included in the fields' CIDRs + that will be used in respective status.addresses + fields. --- + items: + format: cidr + type: string + type: array + x-kubernetes-list-type: set + type: object + internal: + description: internal represents the network configuration + of the node that is routable only within the cluster. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses + in subnet ranges will be excluded when selecting + the IP address from the VirtualMachine's VM for + use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + x-kubernetes-list-type: atomic + network: + description: network VirtualMachine's VM Network names + that will be used to when searching for status.addresses + fields. Note that if internal.networkSubnetCIDR + and external.networkSubnetCIDR are not set, then + the vNIC associated to this network must only have + a single IP address assigned to it. The available + networks (port groups) can be listed using `govc + ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's + network interfaces included in the fields' CIDRs + that will be used in respective status.addresses + fields. --- + items: + format: cidr + type: string + type: array + x-kubernetes-list-type: set + type: object + type: object + vcenters: + description: vcenters holds the connection details for services + to communicate with vCenter. Currently, only a single vCenter + is supported. --- + items: + description: VSpherePlatformVCenterSpec stores the vCenter + connection fields. This is used by the vSphere CCM. + properties: + datacenters: + description: The vCenter Datacenters in which the RHCOS + vm guests are located. This field will be used by + the Cloud Controller Manager. Each datacenter listed + here should be used within a topology. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + port: + description: port is the TCP port that will be used + to communicate to the vCenter endpoint. When omitted, + this means the user has no opinion and it is up to + the platform to choose a sensible default, which is + subject to change over time. + format: int32 + maximum: 32767 + minimum: 1 + type: integer + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name + or the IP address of the vCenter server. --- + maxLength: 255 + type: string + required: + - datacenters + - server + type: object + maxItems: 1 + minItems: 0 + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme 'https', + address and optionally a port (defaulting to 443). apiServerInternalURL + can be used by components like kubelets, to contact the Kubernetes + API server using the infrastructure provider rather than Kubernetes + networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', address + and optionally a port (defaulting to 443). apiServerURL can be + used by components like the web console to tell users where to find + the Kubernetes API. + type: string + controlPlaneTopology: + default: HighlyAvailable + description: controlPlaneTopology expresses the expectations for operands + that normally run on control nodes. The default is 'HighlyAvailable', + which represents the behavior operators have in a "normal" cluster. + The 'SingleReplica' mode will be used in single-node deployments + and the operators should not configure the operand for highly-available + operation The 'External' mode indicates that the control plane is + hosted externally to the cluster and that its components are not + visible within the cluster. + enum: + - HighlyAvailable + - SingleReplica + - External + type: string + cpuPartitioning: + default: None + description: cpuPartitioning expresses if CPU partitioning is a currently + enabled feature in the cluster. CPU Partitioning means that this + cluster can support partitioning workloads to specific CPU Sets. + Valid values are "None" and "AllNodes". When omitted, the default + value is "None". The default value of "None" indicates that no nodes + will be setup with CPU partitioning. The "AllNodes" value indicates + that all nodes have been setup with CPU partitioning, and can then + be further configured via the PerformanceProfile API. + enum: + - None + - AllNodes + type: string + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the + SRV records for discovering etcd servers and clients. For more info: + https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery + deprecated: as of 4.7, this field is no longer set or honored. It + will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with + a human friendly name. Once set it should not be changed. Must be + of max length 27 and must have only alphanumeric or hyphen characters. + type: string + infrastructureTopology: + default: HighlyAvailable + description: 'infrastructureTopology expresses the expectations for + infrastructure services that do not run on control plane nodes, + usually indicated by a node selector for a `role` value other than + `master`. The default is ''HighlyAvailable'', which represents the + behavior operators have in a "normal" cluster. The ''SingleReplica'' + mode will be used in single-node deployments and the operators should + not configure the operand for highly-available operation NOTE: External + topology mode is not applicable for this field.' + enum: + - HighlyAvailable + - SingleReplica + type: string + platform: + description: "platform is the underlying infrastructure provider for + the cluster. \n Deprecated: Use platformStatus.type instead." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + platformStatus: + description: platformStatus holds status information specific to the + underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba + Cloud infrastructure provider. + properties: + region: + description: region specifies the region for Alibaba Cloud + resources created for the cluster. + pattern: ^[0-9A-Za-z-]+$ + type: string + resourceGroupID: + description: resourceGroupID is the ID of the resource group + for the cluster. + pattern: ^(rg-[0-9A-Za-z]+)?$ + type: string + resourceTags: + description: resourceTags is a list of additional tags to + apply to Alibaba Cloud resources created for the cluster. + items: + description: AlibabaCloudResourceTag is the set of tags + to add to apply to resources. + properties: + key: + description: key is the key of the tag. + maxLength: 128 + minLength: 1 + type: string + value: + description: value is the value of the tag. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + required: + - region + type: object + aws: + description: AWS contains settings specific to the Amazon Web + Services infrastructure provider. + properties: + region: + description: region holds the default AWS region for new AWS + resources created by the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to + apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html + for information on tagging AWS resources. AWS supports a + maximum of 50 tags per resource. OpenShift reserves 25 tags + for its use, leaving 25 tags available for the user. + items: + description: AWSResourceTag is a tag to apply to AWS resources + created for the cluster. + properties: + key: + description: key is the key of the tag + maxLength: 128 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + value: + description: value is the value of the tag. Some AWS + service do not support empty values. Since tags are + added to resources in many services, the length of + the tag value must meet the requirements of all services. + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 25 + type: array + x-kubernetes-list-type: atomic + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration + of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + pattern: ^https:// + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure + provider. + properties: + armEndpoint: + description: armEndpoint specifies a URL to use for resource + management in non-soverign clouds such as Azure Stack. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureStackCloud + type: string + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group + for network resources like the Virtual Network and Subnets + used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new + Azure resources created for the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to + apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags + for information on tagging Azure resources. Due to limitations + on Automation, Content Delivery Network, DNS Azure resources, + a maximum of 15 tags may be applied. OpenShift reserves + 5 tags for internal use, allowing 10 tags for user configuration. + items: + description: AzureResourceTag is a tag to apply to Azure + resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key + can have a maximum of 128 characters and cannot be + empty. Key must begin with a letter, end with a letter, + number or underscore, and must contain only alphanumeric + characters and the following special characters `_ + . -`. + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ + type: string + value: + description: 'value is the value part of the tag. A + tag value can have a maximum of 256 characters and + cannot be empty. Value must contain only alphanumeric + characters and the following special characters `_ + + , - . / : ; < = > ? @`.' + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured + during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + type: object + x-kubernetes-validations: + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) + || has(oldSelf.resourceTags) && has(self.resourceTags)' + baremetal: + description: BareMetal contains settings specific to the BareMetal + platform. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on BareMetal platform which can be a + user-managed or openshift-managed load balancer that + is to be used for the OpenShift API and Ingress endpoints. + When set to OpenShiftManagedDefault the static pods + in charge of API and Ingress traffic load-balancing + defined in the machine config operator will be deployed. + When set to UserManaged these static pods will not be + deployed and it is expected that the load balancer is + configured out of band by the deployer. When omitted, + this means no opinion and the platform is left to choose + a reasonable default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the DNS + operator, `NodeDNSIP` provides name resolution for the nodes + themselves. There is no DNS-as-a-service for BareMetal deployments. + In order to minimize necessary changes to the datacenter + DNS, a DNS service is hosted as a static pod to serve those + hostnames to the nodes in the cluster. + type: string + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix + Metal infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + type: object + external: + description: External contains settings specific to the generic + External infrastructure provider. + properties: + cloudControllerManager: + description: cloudControllerManager contains settings specific + to the external Cloud Controller Manager (a.k.a. CCM or + CPI). When omitted, new nodes will be not tainted and no + extra initialization from the cloud controller manager is + expected. + properties: + state: + description: "state determines whether or not an external + Cloud Controller Manager is expected to be installed + within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager + \n Valid values are \"External\", \"None\" and omitted. + When set to \"External\", new nodes will be tainted + as uninitialized when created, preventing them from + running workloads until they are initialized by the + cloud controller manager. When omitted or set to \"None\", + new nodes will be not tainted and no extra initialization + from the cloud controller manager is expected." + enum: + - "" + - External + - None + type: string + x-kubernetes-validations: + - message: state is immutable once set + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: state may not be added or removed once set + rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) + && self.state != "External") + type: object + x-kubernetes-validations: + - message: cloudControllerManager may not be added or removed + once set + rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) + gcp: + description: GCP contains settings specific to the Google Cloud + Platform infrastructure provider. + properties: + cloudLoadBalancerConfig: + default: + dnsType: PlatformDefault + description: cloudLoadBalancerConfig is a union that contains + the IP addresses of API, API-Int and Ingress Load Balancers + created on the cloud platform. These values would not be + populated on on-prem platforms. These Load Balancer IPs + are used to configure the in-cluster DNS instances for API, + API-Int and Ingress services. `dnsType` is expected to be + set to `ClusterHosted` when these Load Balancer IP addresses + are populated and used. + nullable: true + properties: + clusterHosted: + description: clusterHosted holds the IP addresses of API, + API-Int and Ingress Load Balancers on Cloud Platforms. + The DNS solution hosted within the cluster use these + IP addresses to provide resolution for API, API-Int + and Ingress services. + properties: + apiIntLoadBalancerIPs: + description: apiIntLoadBalancerIPs holds Load Balancer + IPs for the internal API service. These Load Balancer + IP addresses can be IPv4 and/or IPv6 addresses. + Entries in the apiIntLoadBalancerIPs must be unique. + A maximum of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + apiLoadBalancerIPs: + description: apiLoadBalancerIPs holds Load Balancer + IPs for the API service. These Load Balancer IP + addresses can be IPv4 and/or IPv6 addresses. Could + be empty for private clusters. Entries in the apiLoadBalancerIPs + must be unique. A maximum of 16 IP addresses are + permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + ingressLoadBalancerIPs: + description: ingressLoadBalancerIPs holds IPs for + Ingress Load Balancers. These Load Balancer IP addresses + can be IPv4 and/or IPv6 addresses. Entries in the + ingressLoadBalancerIPs must be unique. A maximum + of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + type: object + dnsType: + default: PlatformDefault + description: dnsType indicates the type of DNS solution + in use within the cluster. Its default value of `PlatformDefault` + indicates that the cluster's DNS is the default provided + by the cloud platform. It can be set to `ClusterHosted` + to bypass the configuration of the cloud default DNS. + In this mode, the cluster needs to provide a self-hosted + DNS solution for the cluster's installation to succeed. + The cluster's use of the cloud's Load Balancers is unaffected + by this setting. The value is immutable after it has + been set at install time. Currently, there is no way + for the customer to add additional DNS entries into + the cluster hosted DNS. Enabling this functionality + allows the user to start their own DNS solution outside + the cluster after installation is complete. The customer + would be responsible for configuring this custom DNS + solution, and it can be run in addition to the in-cluster + DNS solution. + enum: + - ClusterHosted + - PlatformDefault + type: string + x-kubernetes-validations: + - message: dnsType is immutable + rule: oldSelf == '' || self == oldSelf + type: object + x-kubernetes-validations: + - message: clusterHosted is permitted only when dnsType is + ClusterHosted + rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' + ? !has(self.clusterHosted) : true' + projectID: + description: resourceGroupName is the Project ID for new GCP + resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources + created for the cluster. + type: string + resourceLabels: + description: resourceLabels is a list of additional labels + to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources + for information on labeling GCP resources. GCP supports + a maximum of 64 labels per resource. OpenShift reserves + 32 labels for internal use, allowing 32 labels for user + configuration. + items: + description: GCPResourceLabel is a label to apply to GCP + resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label + key can have a maximum of 63 characters and cannot + be empty. Label key must begin with a lowercase letter, + and must contain only lowercase letters, numeric characters, + and the following special characters `_-`. Label key + must not have the reserved prefixes `kubernetes-io` + and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]{0,62}$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` + or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A + label value can have a maximum of 63 characters and + cannot be empty. Value must contain only lowercase + letters, numeric characters, and the following special + characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]{1,63}$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured + during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to + apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview + for information on tagging GCP resources. GCP supports a + maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources + created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key + can have a maximum of 63 characters and cannot be + empty. Tag key must begin and end with an alphanumeric + character, and must contain only uppercase, lowercase + alphanumeric characters, and the following special + characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical + resource where the tags are defined, e.g. at the Organization + or the Project level. To find the Organization or + Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, + https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. + An OrganizationID must consist of decimal numbers, + and cannot have leading zeroes. A ProjectID must be + 6 to 30 characters in length, can only contain lowercase + letters, numbers, and hyphens, and must start with + a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag + value can have a maximum of 63 characters and cannot + be empty. Tag value must begin and end with an alphanumeric + character, and must contain only uppercase, lowercase + alphanumeric characters, and the following special + characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured + during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) + || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) + || has(oldSelf.resourceTags) && has(self.resourceTags)' + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet + Services instance managing the DNS zone for the cluster's + base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services + instance managing the DNS zone for the cluster's base domain + type: string + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that + was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new + IBMCloud resources created for the cluster. + type: string + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints + which will override the default service endpoints of an + IBM Cloud service. These endpoints are consumed by components + within the cluster to reach the respective IBM Cloud Services. + items: + description: IBMCloudServiceEndpoint stores the configuration + of a custom url to override existing defaults of IBM Cloud + Services. + properties: + name: + description: 'name is the name of the IBM Cloud service. + Possible values are: CIS, COS, DNSServices, GlobalSearch, + GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, + ResourceManager, or VPC. For example, the IBM Cloud + Private IAM service could be configured with the service + `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` + Whereas the IBM Cloud Private VPC service for US South + (Dallas) could be configured with the service `name` + of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' + enum: + - CIS + - COS + - DNSServices + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + type: string + x-kubernetes-validations: + - message: url must be a valid absolute URL + rule: isURL(self) + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt + infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix + infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on Nutanix platform which can be a user-managed + or openshift-managed load balancer that is to be used + for the OpenShift API and Ingress endpoints. When set + to OpenShiftManagedDefault the static pods in charge + of API and Ingress traffic load-balancing defined in + the machine config operator will be deployed. When set + to UserManaged these static pods will not be deployed + and it is expected that the load balancer is configured + out of band by the deployer. When omitted, this means + no opinion and the platform is left to choose a reasonable + default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack + infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + cloudName: + description: cloudName is the name of the desired OpenStack + cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on OpenStack platform which can be a + user-managed or openshift-managed load balancer that + is to be used for the OpenShift API and Ingress endpoints. + When set to OpenShiftManagedDefault the static pods + in charge of API and Ingress traffic load-balancing + defined in the machine config operator will be deployed. + When set to UserManaged these static pods will not be + deployed and it is expected that the load balancer is + configured out of band by the deployer. When omitted, + this means no opinion and the platform is left to choose + a reasonable default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the DNS + operator, `NodeDNSIP` provides name resolution for the nodes + themselves. There is no DNS-as-a-service for OpenStack deployments. + In order to minimize necessary changes to the datacenter + DNS, a DNS service is hosted as a static pod to serve those + hostnames to the nodes in the cluster. + type: string + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure + provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on Ovirt platform which can be a user-managed + or openshift-managed load balancer that is to be used + for the OpenShift API and Ingress endpoints. When set + to OpenShiftManagedDefault the static pods in charge + of API and Ingress traffic load-balancing defined in + the machine config operator will be deployed. When set + to UserManaged these static pods will not be deployed + and it is expected that the load balancer is configured + out of band by the deployer. When omitted, this means + no opinion and the platform is left to choose a reasonable + default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is no longer + set or honored. It will be removed in a future release.' + type: string + type: object + powervs: + description: PowerVS contains settings specific to the Power Systems + Virtual Servers infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet + Services instance managing the DNS zone for the cluster's + base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services + instance managing the DNS zone for the cluster's base domain + type: string + region: + description: region holds the default Power VS region for + new Power VS resources created by the cluster. + type: string + resourceGroup: + description: 'resourceGroup is the resource group name for + new IBMCloud resources created for a cluster. The resource + group specified here will be used by cluster-image-registry-operator + to set up a COS Instance in IBMCloud for the cluster registry. + More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. + When omitted, the image registry operator won''t be able + to configure storage, which results in the image registry + cluster operator not being in an available state.' + maxLength: 40 + pattern: ^[a-zA-Z0-9-_ ]+$ + type: string + x-kubernetes-validations: + - message: resourceGroup is immutable once set + rule: oldSelf == '' || self == oldSelf + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints + which will override the default service endpoints of a Power + VS service. + items: + description: PowervsServiceEndpoint stores the configuration + of a custom url to override existing defaults of PowerVS + Services. + properties: + name: + description: name is the name of the Power VS service. + Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api + ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller + Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + zone: + description: 'zone holds the default zone for the new Power + VS resources created by the cluster. Note: Currently only + single-zone OCP clusters are supported' + type: string + type: object + x-kubernetes-validations: + - message: cannot unset resourceGroup once set + rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' + type: + description: "type is the underlying infrastructure provider for + the cluster. This value controls whether infrastructure automation + such as service load balancers, dynamic volume provisioning, + machine creation and deletion, and other integrations are enabled. + If None, no infrastructure automation is enabled. Allowed values + are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", + \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", + \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components + may not support all platforms, and must handle unrecognized + platforms as None if they do not support that platform. \n This + value will be synced with to the `status.platform` and `status.platformStatus.type`. + Currently this value cannot be changed once set." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the VSphere + infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to + contact the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. These are the IPs for + a self-hosted load balancer in front of the API servers. + In dual stack clusters this list contains two IPs otherwise + only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + ingressIP: + description: "ingressIP is an external IP which routes to + the default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to + the default ingress controller. The IPs are suitable targets + of a wildcard DNS record used to resolve default route host + names. In dual stack clusters this list contains two IPs + otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used + by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used + by the cluster on VSphere platform which can be a user-managed + or openshift-managed load balancer that is to be used + for the OpenShift API and Ingress endpoints. When set + to OpenShiftManagedDefault the static pods in charge + of API and Ingress traffic load-balancing defined in + the machine config operator will be deployed. When set + to UserManaged these static pods will not be deployed + and it is expected that the load balancer is configured + out of band by the deployer. When omitted, this means + no opinion and the platform is left to choose a reasonable + default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + machineNetworks: + description: machineNetworks are IP networks used to connect + all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation + (for example, "10.0.0.0/8" or "fd00::/8"). + maxLength: 43 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid CIDR network address + rule: isCIDR(self) + maxItems: 32 + type: array + x-kubernetes-list-type: set + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the DNS + operator, `NodeDNSIP` provides name resolution for the nodes + themselves. There is no DNS-as-a-service for vSphere deployments. + In order to minimize necessary changes to the datacenter + DNS, a DNS service is hosted as a static pod to serve those + hostnames to the nodes in the cluster. + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_10_config-operator_01_schedulers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_schedulers-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..b18926fed65 --- /dev/null +++ b/payload-manifests/crds/0000_10_config-operator_01_schedulers-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,130 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: schedulers.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Scheduler + listKind: SchedulerList + plural: schedulers + singular: scheduler + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Scheduler holds cluster-wide config information to run the Kubernetes + Scheduler and influence its placement decisions. The canonical name for + this config is `cluster`. \n Compatibility level 1: Stable within a major + release for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + defaultNodeSelector: + description: 'defaultNodeSelector helps set the cluster-wide default + node selector to restrict pod placement to specific nodes. This + is applied to the pods created in all namespaces and creates an + intersection with any existing nodeSelectors already set on a pod, + additionally constraining that pod''s selector. For example, defaultNodeSelector: + "type=user-node,region=east" would set nodeSelector field in pod + spec to "type=user-node,region=east" to all pods created in all + namespaces. Namespaces having project-wide node selectors won''t + be impacted even if this field is set. This adds an annotation section + to the namespace. For example, if a new namespace is created with + node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: + type=user-node,region=east gets added to the project. When the openshift.io/node-selector + annotation is set on the project the value is used in preference + to the value we are setting for defaultNodeSelector field. For instance, + openshift.io/node-selector: "type=user-node,region=west" means that + the default of "type=user-node,region=east" set in defaultNodeSelector + would not be applied.' + type: string + mastersSchedulable: + description: 'MastersSchedulable allows masters nodes to be schedulable. + When this flag is turned on, all the master nodes in the cluster + will be made schedulable, so that workload pods can run on them. + The default value for this field is false, meaning none of the master + nodes are schedulable. Important Note: Once the workload pods start + running on the master nodes, extreme care must be taken to ensure + that cluster-critical control plane components are not impacted. + Please turn on this field after doing due diligence.' + type: boolean + policy: + description: 'DEPRECATED: the scheduler Policy API has been deprecated + and will be removed in a future release. policy is a reference to + a ConfigMap containing scheduler policy which has user specified + predicates and priorities. If this ConfigMap is not available scheduler + will default to use DefaultAlgorithmProvider. The namespace for + this configmap is openshift-config.' + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + profile: + description: "profile sets which scheduling profile should be set + in order to configure scheduling decisions for new pods. \n Valid + values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" + Defaults to \"LowNodeUtilization\"" + enum: + - "" + - LowNodeUtilization + - HighNodeUtilization + - NoScoring + type: string + profileCustomizations: + description: profileCustomizations contains configuration for modifying + the default behavior of existing scheduler profiles. + properties: + dynamicResourceAllocation: + description: dynamicResourceAllocation allows to enable or disable + dynamic resource allocation within the scheduler. Dynamic resource + allocation is an API for requesting and sharing resources between + pods and containers inside a pod. Third-party resource drivers + are responsible for tracking and allocating resources. Different + kinds of resources support arbitrary parameters for defining + requirements and initialization. Valid values are Enabled, Disabled + and omitted. When omitted, this means no opinion and the platform + is left to choose a reasonable default, which is subject to + change over time. The current default is Disabled. + enum: + - "" + - Enabled + - Disabled + type: string + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml index 09c68052a67..12baccb0302 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml @@ -18,29 +18,17 @@ { "name": "ClusterAPIInstall" }, - { - "name": "DisableKubeletCloudCredentialProviders" - }, { "name": "EventedPLEG" }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" - }, - { - "name": "MetricsCollectionProfiles" - }, - { - "name": "NodeDisruptionPolicy" } ], "enabled": [ { "name": "AdminNetworkPolicy" }, - { - "name": "AlertingRules" - }, { "name": "AlibabaPlatform" }, @@ -65,6 +53,9 @@ { "name": "DNSNameResolver" }, + { + "name": "DisableKubeletCloudCredentialProviders" + }, { "name": "DynamicResourceAllocation" }, @@ -131,18 +122,27 @@ { "name": "MaxUnavailableStatefulSet" }, + { + "name": "MetricsCollectionProfiles" + }, { "name": "MetricsServer" }, { "name": "MixedCPUsAllocation" }, + { + "name": "NetworkDiagnosticsConfig" + }, { "name": "NetworkLiveMigration" }, { "name": "NewOLM" }, + { + "name": "NodeDisruptionPolicy" + }, { "name": "NodeSwap" }, @@ -164,6 +164,15 @@ { "name": "RouteExternalCertificate" }, + { + "name": "ServiceAccountTokenNodeBinding" + }, + { + "name": "ServiceAccountTokenNodeBindingValidation" + }, + { + "name": "ServiceAccountTokenPodNodeInfo" + }, { "name": "SignatureStores" }, @@ -179,6 +188,9 @@ { "name": "VSphereControlPlaneMachineSet" }, + { + "name": "VSphereDriverConfiguration" + }, { "name": "VSphereStaticIPs" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml index d89cb6732ea..38120adfa40 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml @@ -18,29 +18,17 @@ { "name": "ClusterAPIInstall" }, - { - "name": "DisableKubeletCloudCredentialProviders" - }, { "name": "EventedPLEG" }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" - }, - { - "name": "MetricsCollectionProfiles" - }, - { - "name": "NodeDisruptionPolicy" } ], "enabled": [ { "name": "AdminNetworkPolicy" }, - { - "name": "AlertingRules" - }, { "name": "AlibabaPlatform" }, @@ -65,6 +53,9 @@ { "name": "DNSNameResolver" }, + { + "name": "DisableKubeletCloudCredentialProviders" + }, { "name": "DynamicResourceAllocation" }, @@ -131,18 +122,27 @@ { "name": "MaxUnavailableStatefulSet" }, + { + "name": "MetricsCollectionProfiles" + }, { "name": "MetricsServer" }, { "name": "MixedCPUsAllocation" }, + { + "name": "NetworkDiagnosticsConfig" + }, { "name": "NetworkLiveMigration" }, { "name": "NewOLM" }, + { + "name": "NodeDisruptionPolicy" + }, { "name": "NodeSwap" }, @@ -164,6 +164,15 @@ { "name": "RouteExternalCertificate" }, + { + "name": "ServiceAccountTokenNodeBinding" + }, + { + "name": "ServiceAccountTokenNodeBindingValidation" + }, + { + "name": "ServiceAccountTokenPodNodeInfo" + }, { "name": "SignatureStores" }, @@ -179,6 +188,9 @@ { "name": "VSphereControlPlaneMachineSet" }, + { + "name": "VSphereDriverConfiguration" + }, { "name": "VSphereStaticIPs" }, diff --git a/payload-manifests/featuregates/featureGate-SingleNode-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SingleNode-DevPreviewNoUpgrade.yaml deleted file mode 100644 index e36030b90eb..00000000000 --- a/payload-manifests/featuregates/featureGate-SingleNode-DevPreviewNoUpgrade.yaml +++ /dev/null @@ -1,190 +0,0 @@ -{ - "apiVersion": "config.openshift.io/v1", - "kind": "FeatureGate", - "metadata": { - "annotations": { - "include.release.openshift.io/single-node-developer": "false-except-for-the-config-operator" - }, - "creationTimestamp": null, - "name": "cluster" - }, - "spec": { - "featureSet": "DevPreviewNoUpgrade" - }, - "status": { - "featureGates": [ - { - "disabled": [ - { - "name": "ClusterAPIInstall" - }, - { - "name": "DisableKubeletCloudCredentialProviders" - }, - { - "name": "EventedPLEG" - }, - { - "name": "MachineAPIOperatorDisableMachineHealthCheckController" - } - ], - "enabled": [ - { - "name": "AdminNetworkPolicy" - }, - { - "name": "AlertingRules" - }, - { - "name": "AlibabaPlatform" - }, - { - "name": "AutomatedEtcdBackup" - }, - { - "name": "AzureWorkloadIdentity" - }, - { - "name": "BareMetalLoadBalancer" - }, - { - "name": "BuildCSIVolumes" - }, - { - "name": "CSIDriverSharedResource" - }, - { - "name": "CloudDualStackNodeIPs" - }, - { - "name": "DNSNameResolver" - }, - { - "name": "DynamicResourceAllocation" - }, - { - "name": "Example" - }, - { - "name": "ExternalCloudProvider" - }, - { - "name": "ExternalCloudProviderAzure" - }, - { - "name": "ExternalCloudProviderExternal" - }, - { - "name": "ExternalCloudProviderGCP" - }, - { - "name": "ExternalOIDC" - }, - { - "name": "ExternalRouteCertificate" - }, - { - "name": "GCPClusterHostedDNS" - }, - { - "name": "GCPLabelsTags" - }, - { - "name": "GatewayAPI" - }, - { - "name": "HardwareSpeed" - }, - { - "name": "ImagePolicy" - }, - { - "name": "InsightsConfig" - }, - { - "name": "InsightsConfigAPI" - }, - { - "name": "InsightsOnDemandDataGather" - }, - { - "name": "InstallAlternateInfrastructureAWS" - }, - { - "name": "KMSv1" - }, - { - "name": "MachineAPIProviderOpenStack" - }, - { - "name": "MachineConfigNodes" - }, - { - "name": "ManagedBootImages" - }, - { - "name": "MaxUnavailableStatefulSet" - }, - { - "name": "MetricsServer" - }, - { - "name": "MixedCPUsAllocation" - }, - { - "name": "NetworkLiveMigration" - }, - { - "name": "NewOLM" - }, - { - "name": "NodeSwap" - }, - { - "name": "OnClusterBuild" - }, - { - "name": "OpenShiftPodSecurityAdmission" - }, - { - "name": "PinnedImages" - }, - { - "name": "PlatformOperators" - }, - { - "name": "PrivateHostedZoneAWS" - }, - { - "name": "RouteExternalCertificate" - }, - { - "name": "SignatureStores" - }, - { - "name": "SigstoreImageVerification" - }, - { - "name": "TranslateStreamCloseWebsocketRequests" - }, - { - "name": "UpgradeStatus" - }, - { - "name": "VSphereControlPlaneMachineSet" - }, - { - "name": "VSphereStaticIPs" - }, - { - "name": "ValidatingAdmissionPolicy" - }, - { - "name": "VolumeGroupSnapshot" - } - ], - "version": "" - } - ] - } -} diff --git a/platform/v1alpha1/zz_generated.crd-manifests/platformoperators-DevPreviewNoUpgrade.crd.yaml b/platform/v1alpha1/zz_generated.crd-manifests/platformoperators-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..05d2275d1b4 --- /dev/null +++ b/platform/v1alpha1/zz_generated.crd-manifests/platformoperators-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,159 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1234 + api.openshift.io/merged-by-featuregates: "true" + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: platformoperators.platform.openshift.io +spec: + group: platform.openshift.io + names: + kind: PlatformOperator + listKind: PlatformOperatorList + plural: platformoperators + singular: platformoperator + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "PlatformOperator is the Schema for the PlatformOperators API. + \n Compatibility level 4: No compatibility is provided, the API can change + at any point for any reason. These capabilities should not be used by applications + needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PlatformOperatorSpec defines the desired state of PlatformOperator. + properties: + package: + description: package contains the desired package and its configuration + for this PlatformOperator. + properties: + name: + description: "name contains the desired OLM-based Operator package + name that is defined in an existing CatalogSource resource in + the cluster. \n This configured package will be managed with + the cluster's lifecycle. In the current implementation, it will + be retrieving this name from a list of supported operators out + of the catalogs included with OpenShift. \n ---" + maxLength: 56 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + type: string + required: + - name + type: object + required: + - package + type: object + status: + description: PlatformOperatorStatus defines the observed state of PlatformOperator + properties: + activeBundleDeployment: + description: activeBundleDeployment is the reference to the BundleDeployment + resource that's being managed by this PO resource. If this field + is not populated in the status then it means the PlatformOperator + has either not been installed yet or is failing to install. + properties: + name: + description: name is the metadata.name of the referenced BundleDeployment + object. + type: string + required: + - name + type: object + conditions: + description: conditions represent the latest available observations + of a platform operator's current state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/route/v1/zz_generated.crd-manifests/routes-DevPreviewNoUpgrade.crd.yaml b/route/v1/zz_generated.crd-manifests/routes-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..0c38ccdb38c --- /dev/null +++ b/route/v1/zz_generated.crd-manifests/routes-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,678 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1228 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: routes.route.openshift.io +spec: + group: route.openshift.io + names: + kind: Route + listKind: RouteList + plural: routes + singular: route + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.ingress[0].host + name: Host + type: string + - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status + name: Admitted + type: string + - jsonPath: .spec.to.name + name: Service + type: string + - jsonPath: .spec.tls.type + name: TLS + type: string + name: v1 + schema: + openAPIV3Schema: + description: "A route allows developers to expose services through an HTTP(S) + aware load balancing and proxy layer via a public DNS entry. The route may + further specify TLS options and a certificate, or specify a public CNAME + that the router should also accept for HTTP and HTTPS traffic. An administrator + typically configures their router to be visible outside the cluster firewall, + and may also add additional security, caching, or traffic controls on the + service content. Routers usually talk directly to the service endpoints. + \n Once a route is created, the `host` field may not be changed. Generally, + routers use the oldest route with a given host when resolving conflicts. + \n Routers are subject to additional customization and may support additional + controls via the annotations field. \n Because administrators may configure + multiple routers, the route status field is used to return information to + clients about the names and states of the route under each router. If a + client chooses a duplicate name, for instance, the route status conditions + are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN + on a route it requires a custom (non-wildcard) certificate. This prevents + connection coalescing by clients, notably web browsers. We do not support + HTTP/2 ALPN on routes that use the default certificate because of the risk + of connection re-use/coalescing. Routes that do not have their own custom + certificate will not be HTTP/2 ALPN-enabled on either the frontend or the + backend. \n Compatibility level 1: Stable within a major release for a minimum + of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + allOf: + - anyOf: + - properties: + path: + maxLength: 0 + - properties: + tls: + enum: + - null + - not: + properties: + tls: + properties: + termination: + enum: + - passthrough + - anyOf: + - not: + properties: + host: + maxLength: 0 + - not: + properties: + wildcardPolicy: + enum: + - Subdomain + description: spec is the desired state of the route + properties: + alternateBackends: + description: alternateBackends allows up to 3 additional backends + to be assigned to the route. Only the Service kind is allowed, and + it will be defaulted to Service. Use the weight field in RouteTargetReference + object to specify relative preference. + items: + description: RouteTargetReference specifies the target that resolve + into endpoints. Only the 'Service' kind is allowed. Use 'weight' + field to emphasize one over others. + properties: + kind: + default: Service + description: The kind of target that the route is referring + to. Currently, only 'Service' is allowed + enum: + - Service + - "" + type: string + name: + description: name of the service/target that is being referred + to. e.g. name of the service + minLength: 1 + type: string + weight: + default: 100 + description: weight as an integer between 0 and 256, default + 100, that specifies the target's relative weight against other + target reference objects. 0 suppresses requests to this backend. + format: int32 + maximum: 256 + minimum: 0 + type: integer + required: + - kind + - name + type: object + maxItems: 3 + type: array + host: + description: host is an alias/DNS that points to the service. Optional. + If not specified a route name will typically be automatically chosen. + Must follow DNS952 subdomain conventions. + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + httpHeaders: + description: httpHeaders defines policy for HTTP headers. + properties: + actions: + description: 'actions specifies options for modifying headers + and their values. Note that this option only applies to cleartext + HTTP connections and to secure HTTP connections for which the + ingress controller terminates encryption (that is, edge-terminated + or reencrypt connections). Headers cannot be modified for TLS + passthrough connections. Setting the HSTS (`Strict-Transport-Security`) + header is not supported via actions. `Strict-Transport-Security` + may only be configured using the "haproxy.router.openshift.io/hsts_header" + route annotation, and only in accordance with the policy specified + in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request + headers, the actions specified in spec.httpHeaders.actions on + the Route will be executed after the actions specified in the + IngressController''s spec.httpHeaders.actions field. In case + of HTTP response headers, the actions specified in spec.httpHeaders.actions + on the IngressController will be executed after the actions + specified in the Route''s spec.httpHeaders.actions field. The + headers set via this API will not appear in access logs. Any + actions defined here are applied after any actions related to + the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, + spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. + The following header names are reserved and may not be modified + via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating + dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes + on the IngressController. Please refer to the documentation + for that API field for more details.' + properties: + request: + description: 'request is a list of HTTP request headers to + modify. Currently, actions may define to either `Set` or + `Delete` headers values. Actions defined here will modify + the request headers of all requests made through a route. + These actions are applied to a specific Route defined within + a cluster i.e. connections made through a route. Currently, + actions may define to either `Set` or `Delete` headers values. + Route actions will be executed after IngressController actions + for request headers. Actions are applied in sequence as + defined in this list. A maximum of 20 request header actions + may be configured. You can use this field to specify HTTP + request headers that should be set or deleted when forwarding + connections from the client to your application. Sample + fetchers allowed are "req.hdr" and "ssl_c_der". Converters + allowed are "lower" and "base64". Example header values: + "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + Any request header configuration applied directly via a + Route resource using this API will override header configuration + for a header of the same name applied via spec.httpHeaders.actions + on the IngressController or route annotation. Note: This + field cannot be used if your route uses TLS passthrough.' + items: + description: RouteHTTPHeader specifies configuration for + setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: 'set defines the HTTP header that should + be set: added if it doesn''t exist or replaced + if it does. This field is required when type is + Set and forbidden otherwise.' + properties: + value: + description: value specifies a header value. + Dynamic values can be added. The value will + be interpreted as an HAProxy format string + as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise + must be a valid HTTP header value as defined + in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than + 16384 characters in length. Note that the + total size of all net added headers *after* + interpolating dynamic values must not exceed + the value of spec.tuningOptions.headerBufferMaxRewriteBytes + on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action + to be applied on the header. Possible values are + Set or Delete. Set allows you to set HTTP request + and response headers. Delete allows you to delete + HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: 'name specifies the name of a header on + which to perform an action. Its value must be a valid + HTTP header name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the + following special characters, "-!#$%&''*+.^_`". The + following header names are reserved and may not be + modified via this API: Strict-Transport-Security, + Proxy, Cookie, Set-Cookie. It must be no more than + 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are req.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: 'response is a list of HTTP response headers + to modify. Currently, actions may define to either `Set` + or `Delete` headers values. Actions defined here will modify + the response headers of all requests made through a route. + These actions are applied to a specific Route defined within + a cluster i.e. connections made through a route. Route actions + will be executed before IngressController actions for response + headers. Actions are applied in sequence as defined in this + list. A maximum of 20 response header actions may be configured. + You can use this field to specify HTTP response headers + that should be set or deleted when forwarding responses + from your application to the client. Sample fetchers allowed + are "res.hdr" and "ssl_c_der". Converters allowed are "lower" + and "base64". Example header values: "%[res.hdr(X-target),lower]", + "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used + if your route uses TLS passthrough.' + items: + description: RouteHTTPHeader specifies configuration for + setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: 'set defines the HTTP header that should + be set: added if it doesn''t exist or replaced + if it does. This field is required when type is + Set and forbidden otherwise.' + properties: + value: + description: value specifies a header value. + Dynamic values can be added. The value will + be interpreted as an HAProxy format string + as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise + must be a valid HTTP header value as defined + in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than + 16384 characters in length. Note that the + total size of all net added headers *after* + interpolating dynamic values must not exceed + the value of spec.tuningOptions.headerBufferMaxRewriteBytes + on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action + to be applied on the header. Possible values are + Set or Delete. Set allows you to set HTTP request + and response headers. Delete allows you to delete + HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: 'name specifies the name of a header on + which to perform an action. Its value must be a valid + HTTP header name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the + following special characters, "-!#$%&''*+.^_`". The + following header names are reserved and may not be + modified via this API: Strict-Transport-Security, + Proxy, Cookie, Set-Cookie. It must be no more than + 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are res.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object + type: object + path: + description: path that the router watches for, to route traffic for + to the service. Optional + pattern: ^/ + type: string + port: + description: If specified, the port to be used by the router. Most + routers will use all endpoints exposed by the service by default + - set this value to instruct routers which port to use. + properties: + targetPort: + allOf: + - not: + enum: + - 0 + - not: + enum: + - "" + anyOf: null + description: The target port on pods selected by the service this + route points to. If this is a string, it will be looked up as + a named port in the target endpoints port list. Required + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + description: "subdomain is a DNS subdomain that is requested within + the ingress controller's domain (as a subdomain). If host is set + this field is ignored. An ingress controller may choose to ignore + this suggested name, in which case the controller will report the + assigned name in the status.ingress array or refuse to admit the + route. If this value is set and the server does not support this + field host will be populated automatically. Otherwise host is left + empty. The field may have multiple parts separated by a dot, but + not all ingress controllers may honor the request. This field may + not be changed after creation except by a user with the update routes/custom-host + permission. \n Example: subdomain `frontend` automatically receives + the router subdomain `apps.mycluster.com` to have a full hostname + `frontend.apps.mycluster.com`." + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + allOf: + - anyOf: + - properties: + caCertificate: + maxLength: 0 + certificate: + maxLength: 0 + destinationCACertificate: + maxLength: 0 + key: + maxLength: 0 + - not: + properties: + termination: + enum: + - passthrough + - anyOf: + - properties: + destinationCACertificate: + maxLength: 0 + - not: + properties: + termination: + enum: + - edge + description: The tls field provides the ability to configure certificates + and termination for the route. + properties: + caCertificate: + description: caCertificate provides the cert authority certificate + contents + type: string + certificate: + description: certificate provides certificate contents. This should + be a single serving certificate, not a certificate chain. Do + not include a CA certificate. + type: string + destinationCACertificate: + description: destinationCACertificate provides the contents of + the ca certificate of the final destination. When using reencrypt + termination this file should be provided in order to have routers + use it for health checks on the secure connection. If this field + is not specified, the router may provide its own destination + CA and perform hostname validation using the short service name + (service.namespace.svc), which allows infrastructure generated + certificates to automatically verify. + type: string + externalCertificate: + description: externalCertificate provides certificate contents + as a secret reference. This should be a single serving certificate, + not a certificate chain. Do not include a CA certificate. The + secret referenced should be present in the same namespace as + that of the Route. Forbidden when `certificate` is set. + properties: + name: + description: 'name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + x-kubernetes-map-type: atomic + insecureEdgeTerminationPolicy: + description: "insecureEdgeTerminationPolicy indicates the desired + behavior for insecure connections to a route. While each router + may make its own decisions on which ports to expose, this is + normally port 80. \n * Allow - traffic is sent to the server + on the insecure port (edge/reencrypt terminations only) (default). + * None - no traffic is allowed on the insecure port. * Redirect + - clients are redirected to the secure port." + enum: + - Allow + - None + - Redirect + - "" + type: string + key: + description: key provides key file contents + type: string + termination: + description: "termination indicates termination type. \n * edge + - TLS termination is done by the router and http is used to + communicate with the backend (default) * passthrough - Traffic + is sent straight to the destination without the router providing + TLS termination * reencrypt - TLS termination is done by the + router and https is used to communicate with the backend \n + Note: passthrough termination is incompatible with httpHeader + actions" + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + x-kubernetes-validations: + - message: cannot have both spec.tls.certificate and spec.tls.externalCertificate + rule: '!(has(self.certificate) && has(self.externalCertificate))' + - message: 'cannot have both spec.tls.termination: passthrough and + spec.tls.insecureEdgeTerminationPolicy: Allow' + rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) + ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) + : true' + to: + description: to is an object the route should use as the primary backend. + Only the Service kind is allowed, and it will be defaulted to Service. + If the weight field (0-256 default 100) is set to zero, no traffic + will be sent to this backend. + properties: + kind: + default: Service + description: The kind of target that the route is referring to. + Currently, only 'Service' is allowed + enum: + - Service + - "" + type: string + name: + description: name of the service/target that is being referred + to. e.g. name of the service + minLength: 1 + type: string + weight: + default: 100 + description: weight as an integer between 0 and 256, default 100, + that specifies the target's relative weight against other target + reference objects. 0 suppresses requests to this backend. + format: int32 + maximum: 256 + minimum: 0 + type: integer + required: + - kind + - name + type: object + wildcardPolicy: + default: None + description: Wildcard policy if any for the route. Currently only + 'Subdomain' or 'None' is allowed. + enum: + - None + - Subdomain + - "" + type: string + required: + - to + type: object + x-kubernetes-validations: + - message: header actions are not permitted when tls termination is passthrough. + rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || + !has(self.httpHeaders)' + status: + description: status is the current state of the route + properties: + ingress: + description: ingress describes the places where the route may be exposed. + The list of ingress points may contain duplicate Host or RouterName + values. Routes are considered live once they are `Ready` + items: + description: RouteIngress holds information about the places where + a route is exposed. + properties: + conditions: + description: Conditions is the state of the route, may be empty. + items: + description: RouteIngressCondition contains details for the + current condition of this route on a particular router. + properties: + lastTransitionTime: + description: RFC 3339 date and time when this condition + last transitioned + format: date-time + type: string + message: + description: Human readable message indicating details + about last transition. + type: string + reason: + description: (brief) reason for the condition's last transition, + and is usually a machine and human readable constant + type: string + status: + description: Status is the status of the condition. Can + be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. Currently + only Admitted or UnservableInFutureVersions. + type: string + required: + - status + - type + type: object + type: array + host: + description: Host is the host string under which the route is + exposed; this value is required + type: string + routerCanonicalHostname: + description: CanonicalHostname is the external host name for + the router that can be used as a CNAME for the host requested + for this route. This value is optional and may not be set + in all cases. + type: string + routerName: + description: Name is a name chosen by the router to identify + itself; this value is required + type: string + wildcardPolicy: + description: Wildcard policy is the wildcard policy that was + allowed where this route is exposed. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/tools/codegen/cmd/featureset-markdown.go b/tools/codegen/cmd/featureset-markdown.go index 6a143e96ef9..4e93bf24b8e 100644 --- a/tools/codegen/cmd/featureset-markdown.go +++ b/tools/codegen/cmd/featureset-markdown.go @@ -251,7 +251,12 @@ func readFeatureGate(ctx context.Context, featureSetManifestDir string) (sets.St if len(clusterProfiles) != 1 { return nil, nil, nil, nil, fmt.Errorf("expected exactly one clusterProfile from %q: %v", featureGateFilename, clusterProfiles.List()) } - currFeatureGateInfo.clusterProfile = utils.ClusterProfileToShortName(clusterProfiles.List()[0]) + + clusterProfileShortName, err := utils.ClusterProfileToShortName(clusterProfiles.List()[0]) + if err != nil { + return nil, nil, nil, nil, fmt.Errorf("unrecognized clusterprofile name %q: %w", clusterProfiles.List()[0], err) + } + currFeatureGateInfo.clusterProfile = clusterProfileShortName allClusterProfiles.Insert(currFeatureGateInfo.clusterProfile) currFeatureGateInfo.featureSet, _, _ = unstructured.NestedString(uncastFeatureGate.Object, "spec", "featureSet") diff --git a/tools/codegen/pkg/manifestmerge/filters.go b/tools/codegen/pkg/manifestmerge/filters.go index 7c7a7a183d0..3d68d6ce6d7 100644 --- a/tools/codegen/pkg/manifestmerge/filters.go +++ b/tools/codegen/pkg/manifestmerge/filters.go @@ -8,10 +8,45 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "os" "path" + "path/filepath" kyaml "sigs.k8s.io/yaml" "strings" ) +func AllKnownFeatureSets(payloadFeatureGatePath string) (sets.String, error) { + allFeatureSets := sets.String{} + allFeatureSets.Insert("CustomNoUpgrade") // this one won't have a rendered version since we don't know the gates + + featureSetManifestFiles, err := os.ReadDir(payloadFeatureGatePath) + if err != nil { + return nil, fmt.Errorf("cannot read FeatureSetManifestDir: %w", err) + } + for _, currFeatureSetManifestFile := range featureSetManifestFiles { + featureGateFilename := filepath.Join(payloadFeatureGatePath, currFeatureSetManifestFile.Name()) + featureGateBytes, err := os.ReadFile(featureGateFilename) + if err != nil { + return nil, fmt.Errorf("unable to read %q: %w", featureGateFilename, err) + } + + // use unstructured to pull this information to avoid vendoring openshift/api + featureGateMap := map[string]interface{}{} + if err := kyaml.Unmarshal(featureGateBytes, &featureGateMap); err != nil { + return nil, fmt.Errorf("unable to parse featuregate %q: %w", featureGateFilename, err) + } + uncastFeatureGate := unstructured.Unstructured{ + Object: featureGateMap, + } + + currFeatureSet, _, _ := unstructured.NestedString(uncastFeatureGate.Object, "spec", "featureSet") + if len(currFeatureSet) == 0 { + currFeatureSet = "Default" + } + allFeatureSets.Insert(currFeatureSet) + } + + return allFeatureSets, nil +} + func FilterForFeatureSet(payloadFeatureGatePath, clusterProfile, featureSetName string) (ManifestFilter, error) { if featureSetName == "CustomNoUpgrade" { return &AndManifestFilter{ @@ -24,13 +59,18 @@ func FilterForFeatureSet(payloadFeatureGatePath, clusterProfile, featureSetName }, nil } - switch { - case featureSetName == "TechPreviewNoUpgrade": - case featureSetName == "Default": - default: + allKnownFeatureSets, err := AllKnownFeatureSets(payloadFeatureGatePath) + if err != nil { + return nil, fmt.Errorf("failed reading featuresets from %q", payloadFeatureGatePath) + } + if !allKnownFeatureSets.Has(featureSetName) { return nil, fmt.Errorf("unrecognized featureset name %q", featureSetName) } - featureGateFilename := path.Join(payloadFeatureGatePath, fmt.Sprintf("featureGate-%s-%s.yaml", utils.ClusterProfileToShortName(clusterProfile), featureSetName)) + clusterProfileShortName, err := utils.ClusterProfileToShortName(clusterProfile) + if err != nil { + return nil, fmt.Errorf("unrecognized clusterprofile name %q: %w", clusterProfile, err) + } + featureGateFilename := path.Join(payloadFeatureGatePath, fmt.Sprintf("featureGate-%s-%s.yaml", clusterProfileShortName, featureSetName)) enabledFeatureGatesSet := sets.NewString() diff --git a/tools/codegen/pkg/manifestmerge/generator.go b/tools/codegen/pkg/manifestmerge/generator.go index a7f4dec326a..076c1cefcc6 100644 --- a/tools/codegen/pkg/manifestmerge/generator.go +++ b/tools/codegen/pkg/manifestmerge/generator.go @@ -36,7 +36,6 @@ var ( "include.release.openshift.io/ibm-cloud-managed", "include.release.openshift.io/self-managed-high-availability", } - allFeatureSets = []string{"Default", "TechPreviewNoUpgrade", "CustomNoUpgrade"} ) // Options contains the configuration required for the schemapatch generator. @@ -61,6 +60,7 @@ type generator struct { disabled bool verify bool payloadFeatureGatePath string + allKnownFeatureSets sets.String } // NewGenerator builds a new schemapatch generator. @@ -70,10 +70,16 @@ func NewGenerator(opts Options) generation.Generator { payloadFeatureGatePath = opts.PayloadFeatureGatePath } + allKnownFeatureSets, err := AllKnownFeatureSets(payloadFeatureGatePath) + if err != nil { + panic(err) + } + return &generator{ disabled: opts.Disabled, verify: opts.Verify, payloadFeatureGatePath: payloadFeatureGatePath, + allKnownFeatureSets: allKnownFeatureSets, } } @@ -84,10 +90,12 @@ func (g *generator) ApplyConfig(config *generation.Config) generation.Generator return g } - return NewGenerator(Options{ - Disabled: config.ManifestMerge.Disabled, - Verify: g.verify, - }) + return NewGenerator( + Options{ + Disabled: config.ManifestMerge.Disabled, + Verify: g.verify, + }, + ) } // Name returns the name of the generator. @@ -171,7 +179,7 @@ func (g *generator) genGroupVersion(group string, version generation.APIVersionC resultingCRDs := []crdForFeatureSet{} crdFilenamePattern := "" for _, clusterProfile := range allClusterProfiles { - for _, featureSetName := range allFeatureSets { + for _, featureSetName := range g.allKnownFeatureSets.List() { partialManifestFilter, err := FilterForFeatureSet(g.payloadFeatureGatePath, clusterProfile, featureSetName) if err != nil { errs = append(errs, err) @@ -266,7 +274,7 @@ func (g *generator) genGroupVersion(group string, version generation.APIVersionC } // check to see if all the resultingCRDs are the same - crdsToRender := getCRDsToRender(resultingCRDs, crdFilenamePattern, generatedOutputPath) + crdsToRender := getCRDsToRender(resultingCRDs, crdFilenamePattern, generatedOutputPath, g.allKnownFeatureSets) allCRDsToRender = append(allCRDsToRender, crdsToRender...) } @@ -364,10 +372,10 @@ func (g *generator) genGroupVersion(group string, version generation.APIVersionC return kerrors.NewAggregate(errs) } -func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outputPath string) []crdForFeatureSet { +func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outputPath string, allKnownFeatureSets sets.String) []crdForFeatureSet { allCRDsWithData := filterCRDs(resultingCRDs, &HasData{}) sameSchemaInAllCRDs := areCRDsTheSame(allCRDsWithData) - hasAllFeatureSets := featureSetsFromCRDs(allCRDsWithData).Equal(sets.NewString(allFeatureSets...)) + hasAllFeatureSets := featureSetsFromCRDs(allCRDsWithData).Equal(allKnownFeatureSets) if sameSchemaInAllCRDs && hasAllFeatureSets { crdFilename := strings.ReplaceAll(crdFilenamePattern, "MARKERS", "") crdFullPath := filepath.Join(outputPath, crdFilename) @@ -397,7 +405,7 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu // if they only vary by clusterprofile, then clusterprofile files only // if they vary by both, slice by clusterprofile first, then by featureset eachFeatureSetTheSameForAllClusterProfiles := true - for _, featureSet := range allFeatureSets { + for _, featureSet := range allKnownFeatureSets.List() { filter := &AndCRDFilter{ filters: []CRDFilter{ &HasData{}, @@ -412,7 +420,7 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu } if eachFeatureSetTheSameForAllClusterProfiles { crdsToWrite := []crdForFeatureSet{} - for _, featureSet := range allFeatureSets { + for _, featureSet := range allKnownFeatureSets.List() { filter := &AndCRDFilter{ filters: []CRDFilter{ &HasData{}, @@ -463,7 +471,11 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu continue } - crdFilename := strings.ReplaceAll(crdFilenamePattern, "MARKERS", fmt.Sprintf("-%s", utils.ClusterProfileToShortName(clusterProfile))) + clusterProfileShortName, err := utils.ClusterProfileToShortName(clusterProfile) + if err != nil { + panic(fmt.Sprintf("unrecognized clusterprofile name %q: %w", clusterProfile, err)) + } + crdFilename := strings.ReplaceAll(crdFilenamePattern, "MARKERS", fmt.Sprintf("-%s", clusterProfileShortName)) crdFullPath := filepath.Join(outputPath, crdFilename) crdToWrite := filteredCRDs[0].crd.DeepCopy() @@ -488,7 +500,11 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu if curr.noData { continue } - crdFilename := strings.ReplaceAll(crdFilenamePattern, "MARKERS", fmt.Sprintf("-%s-%s", utils.ClusterProfileToShortName(curr.clusterProfile), curr.featureSet)) + clusterProfileShortName, err := utils.ClusterProfileToShortName(curr.clusterProfile) + if err != nil { + panic(fmt.Sprintf("unrecognized clusterprofile name %q: %w", curr.clusterProfile, err)) + } + crdFilename := strings.ReplaceAll(crdFilenamePattern, "MARKERS", fmt.Sprintf("-%s-%s", clusterProfileShortName, curr.featureSet)) crdFullPath := filepath.Join(outputPath, crdFilename) crdToWrite := notHandled[i].crd.DeepCopy() diff --git a/tools/codegen/pkg/utils/featureset.go b/tools/codegen/pkg/utils/featureset.go index c2f1a3b468f..1fb05a0a35b 100644 --- a/tools/codegen/pkg/utils/featureset.go +++ b/tools/codegen/pkg/utils/featureset.go @@ -1,6 +1,7 @@ package utils import ( + "fmt" "strings" ) @@ -11,8 +12,12 @@ var ( } ) -func ClusterProfileToShortName(annotation string) string { - return clusterProfileToShortName[annotation] +func ClusterProfileToShortName(annotation string) (string, error) { + ret, ok := clusterProfileToShortName[annotation] + if !ok { + return "FAIL", fmt.Errorf("failed on %v", annotation) + } + return ret, nil } func HasClusterProfilePreference(annotations map[string]string) bool { From 17878f0a67771c7e781519884ee92dc7a8b85e4f Mon Sep 17 00:00:00 2001 From: David Eads Date: Tue, 16 Apr 2024 11:37:22 -0400 Subject: [PATCH 4/4] gracefully return generator errors --- tools/codegen/pkg/manifestmerge/generator.go | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tools/codegen/pkg/manifestmerge/generator.go b/tools/codegen/pkg/manifestmerge/generator.go index 076c1cefcc6..5b798140b4f 100644 --- a/tools/codegen/pkg/manifestmerge/generator.go +++ b/tools/codegen/pkg/manifestmerge/generator.go @@ -274,7 +274,11 @@ func (g *generator) genGroupVersion(group string, version generation.APIVersionC } // check to see if all the resultingCRDs are the same - crdsToRender := getCRDsToRender(resultingCRDs, crdFilenamePattern, generatedOutputPath, g.allKnownFeatureSets) + crdsToRender, err := getCRDsToRender(resultingCRDs, crdFilenamePattern, generatedOutputPath, g.allKnownFeatureSets) + if err != nil { + errs = append(errs, fmt.Errorf("crd %q failed to compute CRDs to render: %w", crdName, err)) + continue + } allCRDsToRender = append(allCRDsToRender, crdsToRender...) } @@ -372,7 +376,7 @@ func (g *generator) genGroupVersion(group string, version generation.APIVersionC return kerrors.NewAggregate(errs) } -func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outputPath string, allKnownFeatureSets sets.String) []crdForFeatureSet { +func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outputPath string, allKnownFeatureSets sets.String) ([]crdForFeatureSet, error) { allCRDsWithData := filterCRDs(resultingCRDs, &HasData{}) sameSchemaInAllCRDs := areCRDsTheSame(allCRDsWithData) hasAllFeatureSets := featureSetsFromCRDs(allCRDsWithData).Equal(allKnownFeatureSets) @@ -396,7 +400,7 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu crd: crdToWrite, outputFile: crdFullPath, }, - } + }, nil } // so they aren't all the same. Check first to see if they're the same for FeatureSet across all ClusterProfiles @@ -450,7 +454,7 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu outputFile: crdFullPath, }) } - return crdsToWrite + return crdsToWrite, nil } eachClusterProfiletheSameForAllFeatureSets := true @@ -473,7 +477,7 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu clusterProfileShortName, err := utils.ClusterProfileToShortName(clusterProfile) if err != nil { - panic(fmt.Sprintf("unrecognized clusterprofile name %q: %w", clusterProfile, err)) + return nil, fmt.Errorf("unrecognized clusterprofile name %q: %w", clusterProfile, err) } crdFilename := strings.ReplaceAll(crdFilenamePattern, "MARKERS", fmt.Sprintf("-%s", clusterProfileShortName)) crdFullPath := filepath.Join(outputPath, crdFilename) @@ -491,7 +495,7 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu } if eachClusterProfiletheSameForAllFeatureSets { - return crdsToWrite + return crdsToWrite, nil } // at this point, write each clusterProfile that IS unique, then write the remainder @@ -502,7 +506,7 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu } clusterProfileShortName, err := utils.ClusterProfileToShortName(curr.clusterProfile) if err != nil { - panic(fmt.Sprintf("unrecognized clusterprofile name %q: %w", curr.clusterProfile, err)) + return nil, fmt.Errorf("unrecognized clusterprofile name %q: %w", curr.clusterProfile, err) } crdFilename := strings.ReplaceAll(crdFilenamePattern, "MARKERS", fmt.Sprintf("-%s-%s", clusterProfileShortName, curr.featureSet)) crdFullPath := filepath.Join(outputPath, crdFilename) @@ -519,7 +523,7 @@ func getCRDsToRender(resultingCRDs []crdForFeatureSet, crdFilenamePattern, outpu outputFile: crdFullPath, }) } - return crdsToWrite + return crdsToWrite, nil } func clusterProfilesFromCRDs(resultingCRDs []crdForFeatureSet) sets.String {