diff --git a/assets/controller.yaml b/assets/controller.yaml index 5ef22a5dd..bcf54c2fd 100644 --- a/assets/controller.yaml +++ b/assets/controller.yaml @@ -52,10 +52,8 @@ spec: value: '1' - name: AWS_CONFIG_FILE value: /var/run/secrets/aws/credentials - {{- if .CABundleConfigMap}} - - name: AWS_CA_BUNDLE + - name: ${AWS_CA_BUNDLE_ENV_VAR} value: /etc/ca/ca-bundle.pem - {{- end}} ports: - name: healthz # Due to hostNetwork, this port is open on a node! @@ -68,11 +66,9 @@ spec: - name: bound-sa-token mountPath: /var/run/secrets/openshift/serviceaccount readOnly: true - {{- if .CABundleConfigMap}} - name: ca-bundle mountPath: /etc/ca readOnly: true - {{- end}} - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ resources: @@ -168,10 +164,9 @@ spec: - serviceAccountToken: path: token audience: openshift - {{- if .CABundleConfigMap}} - name: ca-bundle configMap: - name: {{.CABundleConfigMap}} - {{- end}} + name: kube-cloud-config + optional: ${CA_BUNDLE_OPTIONAL} - name: socket-dir emptyDir: {} diff --git a/go.mod b/go.mod index b93f436ae..67266f275 100644 --- a/go.mod +++ b/go.mod @@ -4,16 +4,18 @@ go 1.14 require ( github.com/go-bindata/go-bindata v3.1.2+incompatible - github.com/openshift/api v0.0.0-20200827090112-c05698d102cf - github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 - github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5 + github.com/openshift/api v0.0.0-20201019163320-c6a5ec25f267 + github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab + github.com/openshift/client-go v0.0.0-20201020074620-f8fd44879f7c github.com/openshift/library-go v0.0.0-20201006115306-ed636feadb9c github.com/prometheus/client_golang v1.7.1 github.com/spf13/cobra v1.0.0 github.com/spf13/pflag v1.0.5 - k8s.io/api v0.19.0 - k8s.io/apimachinery v0.19.0 - k8s.io/client-go v0.19.0 - k8s.io/component-base v0.19.0 + k8s.io/api v0.19.2 + k8s.io/apimachinery v0.19.2 + k8s.io/client-go v0.19.2 + k8s.io/component-base v0.19.2 k8s.io/klog/v2 v2.3.0 ) + +replace github.com/openshift/library-go => github.com/staebler/library-go v0.0.0-20201207154726-5bb9578833aa diff --git a/go.sum b/go.sum index 72756a327..2e7f4db09 100644 --- a/go.sum +++ b/go.sum @@ -349,14 +349,12 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.0.0-20191031171055-b133feaeeb2e/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/openshift/api v0.0.0-20200827090112-c05698d102cf h1:s/d912Y7MW7bD/6XNL0gMe6lC0zPiDjq5w8u0OyCSpc= -github.com/openshift/api v0.0.0-20200827090112-c05698d102cf/go.mod h1:M3xexPhgM8DISzzRpuFUy+jfPjQPIcs9yqEYj17mXV8= -github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 h1:mOq7Mg1Q9d7nIDxe1SJ6pluMBQsbVxa6olyAGmfYWTg= -github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= -github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5 h1:E6WhVL5p3rfjtc+o+jVG/29Aclnf3XIF7akxXvadwR0= -github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5/go.mod h1:5rGmrkQ8DJEUXA+AR3rEjfH+HFyg4/apY9iCQFgvPfE= -github.com/openshift/library-go v0.0.0-20201006115306-ed636feadb9c h1:cECl9xW1/QDE/XpuLIA3utu9SXXlRvqEZYikKMucyas= -github.com/openshift/library-go v0.0.0-20201006115306-ed636feadb9c/go.mod h1:NI6xOQGuTnLXeHW8Z2glKSFhF7X+YxlAlqlBMaK0zEM= +github.com/openshift/api v0.0.0-20201019163320-c6a5ec25f267 h1:d6qOoblJz8DjQ44PRT0hYt3qLqJ/Lnvipk1vXr0gpfo= +github.com/openshift/api v0.0.0-20201019163320-c6a5ec25f267/go.mod h1:RDvBcRQMGLa3aNuDuejVBbTEQj/2i14NXdpOLqbNBvM= +github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab h1:lBrojddP6C9C2p67EMs2vcdpC8eF+H0DDom+fgI2IF0= +github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= +github.com/openshift/client-go v0.0.0-20201020074620-f8fd44879f7c h1:NB9g4Y/aegId7fyNqYyGxEfyNOytYFT5dxWJtfOJFQs= +github.com/openshift/client-go v0.0.0-20201020074620-f8fd44879f7c/go.mod h1:yZ3u8vgWC19I9gbDMRk8//9JwG/0Sth6v7C+m6R8HXs= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= @@ -428,6 +426,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= +github.com/staebler/library-go v0.0.0-20201207154726-5bb9578833aa h1:vbqLVfV90fYdJlIc7usNvMZ5GLitFXCjSH9uOyWJZZ8= +github.com/staebler/library-go v0.0.0-20201207154726-5bb9578833aa/go.mod h1:1xYaYQcQsn+AyCRsvOU+Qn5z6GGiCmcblXkT/RZLVfo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= @@ -716,31 +716,31 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= k8s.io/api v0.18.0-beta.2/go.mod h1:2oeNnWEqcSmaM/ibSh3t7xcIqbkGXhzZdn4ezV9T4m0= -k8s.io/api v0.19.0 h1:XyrFIJqTYZJ2DU7FBE/bSPz7b1HvbVBuBf07oeo6eTc= -k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw= +k8s.io/api v0.19.2 h1:q+/krnHWKsL7OBZg/rxnycsl9569Pud76UJ77MvKXms= +k8s.io/api v0.19.2/go.mod h1:IQpK0zFQ1xc5iNIQPqzgoOwuFugaYHK4iCknlAQP9nI= k8s.io/apiextensions-apiserver v0.17.0/go.mod h1:XiIFUakZywkUl54fVXa7QTEHcqQz9HG55nHd1DCoHj8= k8s.io/apiextensions-apiserver v0.18.0-beta.2/go.mod h1:Hnrg5jx8/PbxRbUoqDGxtQkULjwx8FDW4WYJaKNK+fk= -k8s.io/apiextensions-apiserver v0.19.0 h1:jlY13lvZp+0p9fRX2khHFdiT9PYzT7zUrANz6R1NKtY= -k8s.io/apiextensions-apiserver v0.19.0/go.mod h1:znfQxNpjqz/ZehvbfMg5N6fvBJW5Lqu5HVLTJQdP4Fs= +k8s.io/apiextensions-apiserver v0.19.2 h1:oG84UwiDsVDu7dlsGQs5GySmQHCzMhknfhFExJMz9tA= +k8s.io/apiextensions-apiserver v0.19.2/go.mod h1:EYNjpqIAvNZe+svXVx9j4uBaVhTB4C94HkY3w058qcg= k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= k8s.io/apimachinery v0.18.0-beta.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= -k8s.io/apimachinery v0.19.0 h1:gjKnAda/HZp5k4xQYjL0K/Yb66IvNqjthCb03QlKpaQ= -k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= +k8s.io/apimachinery v0.19.2 h1:5Gy9vQpAGTKHPVOh5c4plE274X8D/6cuEiTO2zve7tc= +k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= k8s.io/apiserver v0.17.0/go.mod h1:ABM+9x/prjINN6iiffRVNCBR2Wk7uY4z+EtEGZD48cg= k8s.io/apiserver v0.18.0-beta.2/go.mod h1:bnblMkMoCFnIfVnVftd0SXJPzyvrk3RtaqSbblphF/A= -k8s.io/apiserver v0.19.0 h1:jLhrL06wGAADbLUUQm8glSLnAGP6c7y5R3p19grkBoY= -k8s.io/apiserver v0.19.0/go.mod h1:XvzqavYj73931x7FLtyagh8WibHpePJ1QwWrSJs2CLk= +k8s.io/apiserver v0.19.2 h1:xq2dXAzsAoHv7S4Xc/p7PKhiowdHV/PgdePWo3MxIYM= +k8s.io/apiserver v0.19.2/go.mod h1:FreAq0bJ2vtZFj9Ago/X0oNGC51GfubKK/ViOKfVAOA= k8s.io/client-go v0.17.0/go.mod h1:TYgR6EUHs6k45hb6KWjVD6jFZvJV4gHDikv/It0xz+k= k8s.io/client-go v0.18.0-beta.2/go.mod h1:UvuVxHjKWIcgy0iMvF+bwNDW7l0mskTNOaOW1Qv5BMA= -k8s.io/client-go v0.19.0 h1:1+0E0zfWFIWeyRhQYWzimJOyAk2UT7TiARaLNwJCf7k= -k8s.io/client-go v0.19.0/go.mod h1:H9E/VT95blcFQnlyShFgnFT9ZnJOAceiUHM3MlRC+mU= +k8s.io/client-go v0.19.2 h1:gMJuU3xJZs86L1oQ99R4EViAADUPMHHtS9jFshasHSc= +k8s.io/client-go v0.19.2/go.mod h1:S5wPhCqyDNAlzM9CnEdgTGV4OqhsW3jGO1UM1epwfJA= k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= k8s.io/code-generator v0.18.0-beta.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= -k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= +k8s.io/code-generator v0.19.2/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= k8s.io/component-base v0.17.0/go.mod h1:rKuRAokNMY2nn2A6LP/MiwpoaMRHpfRnrPaUJJj1Yoc= k8s.io/component-base v0.18.0-beta.2/go.mod h1:HVk5FpRnyzQ/MjBr9//e/yEBjTVa2qjGXCTuUzcD7ks= -k8s.io/component-base v0.19.0 h1:OueXf1q3RW7NlLlUCj2Dimwt7E1ys6ZqRnq53l2YuoE= -k8s.io/component-base v0.19.0/go.mod h1:dKsY8BxkA+9dZIAh2aWJLL/UdASFDNtGYTCItL4LM7Y= +k8s.io/component-base v0.19.2 h1:jW5Y9RcZTb79liEhW3XDVTW7MuvEGP0tQZnfSX6/+gs= +k8s.io/component-base v0.19.2/go.mod h1:g5LrsiTiabMLZ40AR6Hl45f088DevyGY+cCE2agEIVo= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= @@ -757,8 +757,8 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.3.0 h1:WmkrnW7fdrm0/DMClc+HIxtftvxVIPAhlVwMQo5yLco= k8s.io/klog/v2 v2.3.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/kube-aggregator v0.18.0-beta.2/go.mod h1:O3Td9mheraINbLHH4pzoFP2gRzG0Wk1COqzdSL4rBPk= -k8s.io/kube-aggregator v0.19.0 h1:rL4fsftMaqkKjaibArYDaBeqN41CHaJzgRJjUB9IrIg= -k8s.io/kube-aggregator v0.19.0/go.mod h1:1Ln45PQggFAG8xOqWPIYMxUq8WNtpPnYsbUJ39DpF/A= +k8s.io/kube-aggregator v0.19.2 h1:iDJILLwIKjojE0bjZHKMGp8Ry5U1ugsJzrb/A9lD+00= +k8s.io/kube-aggregator v0.19.2/go.mod h1:wVsjy6OTeUrWkgG9WVsGftnjpm8JIY0vJV7LH2j4nhM= k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6 h1:+WnxoVtG8TMiudHBSEtrVL1egv36TkkJm+bA8AxicmQ= diff --git a/pkg/generated/bindata.go b/pkg/generated/bindata.go index 256431808..50466bd25 100644 --- a/pkg/generated/bindata.go +++ b/pkg/generated/bindata.go @@ -125,10 +125,8 @@ spec: value: '1' - name: AWS_CONFIG_FILE value: /var/run/secrets/aws/credentials - {{- if .CABundleConfigMap}} - - name: AWS_CA_BUNDLE + - name: ${AWS_CA_BUNDLE_ENV_VAR} value: /etc/ca/ca-bundle.pem - {{- end}} ports: - name: healthz # Due to hostNetwork, this port is open on a node! @@ -141,11 +139,9 @@ spec: - name: bound-sa-token mountPath: /var/run/secrets/openshift/serviceaccount readOnly: true - {{- if .CABundleConfigMap}} - name: ca-bundle mountPath: /etc/ca readOnly: true - {{- end}} - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ resources: @@ -241,11 +237,10 @@ spec: - serviceAccountToken: path: token audience: openshift - {{- if .CABundleConfigMap}} - name: ca-bundle configMap: - name: {{.CABundleConfigMap}} - {{- end}} + name: kube-cloud-config + optional: ${CA_BUNDLE_OPTIONAL} - name: socket-dir emptyDir: {} `) diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go index 32cbfac95..00e2cff20 100644 --- a/pkg/operator/starter.go +++ b/pkg/operator/starter.go @@ -1,10 +1,8 @@ package operator import ( - "bytes" "context" "fmt" - "text/template" "time" "github.com/openshift/library-go/pkg/controller/factory" @@ -83,13 +81,14 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller "rbac/snapshotter_role.yaml", "rbac/snapshotter_binding.yaml", }, - ).WithCSIDriverControllerService( + ).WithCSIDriverControllerServiceWithExtraReplaces( "AWSEBSDriverControllerServiceController", - withCustomCABundle(generated.MustAsset, kubeClient), + generated.MustAsset, "controller.yaml", kubeClient, kubeInformersForNamespaces.InformersFor(defaultNamespace), configInformers, + replacementsForCustomCABundle(kubeClient), ).WithCSIDriverNodeService( "AWSEBSDriverNodeServiceController", generated.MustAsset, @@ -126,29 +125,22 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller return fmt.Errorf("stopped") } -type controllerTemplateData struct { - CABundleConfigMap string -} - -// withCustomCABundle executes the asset as a template to fill out the parts required when using a custom CA bundle. -// The `caBundleConfigMap` parameter specifies the name of the ConfigMap containing the custom CA bundle. If the -// argument supplied is empty, then no custom CA bundle will be used. -func withCustomCABundle(assetFunc func(string) []byte, kubeClient kubeclient.Interface) func(string) []byte { - templateData := controllerTemplateData{} - switch used, err := isCustomCABundleUsed(kubeClient); { - case err != nil: - klog.Fatalf("could not determine if a custom CA bundle is in use: %v", err) - case used: - templateData.CABundleConfigMap = cloudConfigName - } - return func(name string) []byte { - asset := assetFunc(name) - template := template.Must(template.New("template").Parse(string(asset))) - buf := &bytes.Buffer{} - if err := template.Execute(buf, templateData); err != nil { - klog.Fatalf("Failed to execute ") +func replacementsForCustomCABundle(kubeClient kubeclient.Interface) func() (map[string]string, error) { + return func() (map[string]string, error) { + customCABundleUsed, err := isCustomCABundleUsed(kubeClient) + if err != nil { + return nil, fmt.Errorf("could not determine if a custom CA bundle is in use: %w", err) + } + if customCABundleUsed { + return map[string]string{ + "AWS_CA_BUNDLE_ENV_VAR": "AWS_CA_BUNDLE", + "CA_BUNDLE_OPTIONAL": "false", + }, nil } - return buf.Bytes() + return map[string]string{ + "AWS_CA_BUNDLE_ENV_VAR": "UNUSED_AWS_CA_BUNDLE", + "CA_BUNDLE_OPTIONAL": "true", + }, nil } } diff --git a/pkg/operator/starter_test.go b/pkg/operator/starter_test.go index 516894010..7f56dba62 100644 --- a/pkg/operator/starter_test.go +++ b/pkg/operator/starter_test.go @@ -7,357 +7,19 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/fake" - - "github.com/openshift/aws-ebs-csi-driver-operator/pkg/generated" ) -const controllerWithoutCABundle = `kind: Deployment -apiVersion: apps/v1 -metadata: - name: aws-ebs-csi-driver-controller - namespace: openshift-cluster-csi-drivers -spec: - selector: - matchLabels: - app: aws-ebs-csi-driver-controller - serviceName: aws-ebs-csi-driver-controller - replicas: 1 - template: - metadata: - labels: - app: aws-ebs-csi-driver-controller - spec: - hostNetwork: true - serviceAccount: aws-ebs-csi-driver-controller-sa - priorityClassName: system-cluster-critical - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - effect: "NoSchedule" - containers: - - name: csi-driver - image: ${DRIVER_IMAGE} - args: - - --endpoint=$(CSI_ENDPOINT) - - --k8s-tag-cluster-id=${CLUSTER_ID} - - --logtostderr - - --v=${LOG_LEVEL} - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: ebs-cloud-credentials - key: aws_access_key_id - optional: true - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: ebs-cloud-credentials - key: aws_secret_access_key - optional: true - - name: AWS_SDK_LOAD_CONFIG - value: '1' - - name: AWS_CONFIG_FILE - value: /var/run/secrets/aws/credentials - ports: - - name: healthz - # Due to hostNetwork, this port is open on a node! - containerPort: 10301 - protocol: TCP - volumeMounts: - - name: aws-credentials - mountPath: /var/run/secrets/aws - readOnly: true - - name: bound-sa-token - mountPath: /var/run/secrets/openshift/serviceaccount - readOnly: true - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-provisioner - image: ${PROVISIONER_IMAGE} - args: - - --csi-address=$(ADDRESS) - - --default-fstype=ext4 - - --feature-gates=Topology=true - - --extra-create-metadata=true - - --v=${LOG_LEVEL} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-attacher - image: ${ATTACHER_IMAGE} - args: - - --csi-address=$(ADDRESS) - - --v=${LOG_LEVEL} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-resizer - image: ${RESIZER_IMAGE} - args: - - --csi-address=$(ADDRESS) - - --timeout=300s - - --v=${LOG_LEVEL} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-snapshotter - image: ${SNAPSHOTTER_IMAGE} - args: - - --csi-address=$(ADDRESS) - - --v=${LOG_LEVEL} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-liveness-probe - image: ${LIVENESS_PROBE_IMAGE} - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=10301 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - requests: - memory: 50Mi - cpu: 10m - volumes: - - name: aws-credentials - secret: - secretName: ebs-cloud-credentials - # This service account token can be used to provide identity outside the cluster. - # For example, this token can be used with AssumeRoleWithWebIdentity to authenticate with AWS using IAM OIDC provider and STS. - - name: bound-sa-token - projected: - sources: - - serviceAccountToken: - path: token - audience: openshift - - name: socket-dir - emptyDir: {} -` - -const controllerWithCABundle = `kind: Deployment -apiVersion: apps/v1 -metadata: - name: aws-ebs-csi-driver-controller - namespace: openshift-cluster-csi-drivers -spec: - selector: - matchLabels: - app: aws-ebs-csi-driver-controller - serviceName: aws-ebs-csi-driver-controller - replicas: 1 - template: - metadata: - labels: - app: aws-ebs-csi-driver-controller - spec: - hostNetwork: true - serviceAccount: aws-ebs-csi-driver-controller-sa - priorityClassName: system-cluster-critical - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - effect: "NoSchedule" - containers: - - name: csi-driver - image: ${DRIVER_IMAGE} - args: - - --endpoint=$(CSI_ENDPOINT) - - --k8s-tag-cluster-id=${CLUSTER_ID} - - --logtostderr - - --v=${LOG_LEVEL} - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: ebs-cloud-credentials - key: aws_access_key_id - optional: true - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: ebs-cloud-credentials - key: aws_secret_access_key - optional: true - - name: AWS_SDK_LOAD_CONFIG - value: '1' - - name: AWS_CONFIG_FILE - value: /var/run/secrets/aws/credentials - - name: AWS_CA_BUNDLE - value: /etc/ca/ca-bundle.pem - ports: - - name: healthz - # Due to hostNetwork, this port is open on a node! - containerPort: 10301 - protocol: TCP - volumeMounts: - - name: aws-credentials - mountPath: /var/run/secrets/aws - readOnly: true - - name: bound-sa-token - mountPath: /var/run/secrets/openshift/serviceaccount - readOnly: true - - name: ca-bundle - mountPath: /etc/ca - readOnly: true - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-provisioner - image: ${PROVISIONER_IMAGE} - args: - - --csi-address=$(ADDRESS) - - --default-fstype=ext4 - - --feature-gates=Topology=true - - --extra-create-metadata=true - - --v=${LOG_LEVEL} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-attacher - image: ${ATTACHER_IMAGE} - args: - - --csi-address=$(ADDRESS) - - --v=${LOG_LEVEL} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-resizer - image: ${RESIZER_IMAGE} - args: - - --csi-address=$(ADDRESS) - - --timeout=300s - - --v=${LOG_LEVEL} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-snapshotter - image: ${SNAPSHOTTER_IMAGE} - args: - - --csi-address=$(ADDRESS) - - --v=${LOG_LEVEL} - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - resources: - requests: - memory: 50Mi - cpu: 10m - - name: csi-liveness-probe - image: ${LIVENESS_PROBE_IMAGE} - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=10301 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - requests: - memory: 50Mi - cpu: 10m - volumes: - - name: aws-credentials - secret: - secretName: ebs-cloud-credentials - # This service account token can be used to provide identity outside the cluster. - # For example, this token can be used with AssumeRoleWithWebIdentity to authenticate with AWS using IAM OIDC provider and STS. - - name: bound-sa-token - projected: - sources: - - serviceAccountToken: - path: token - audience: openshift - - name: ca-bundle - configMap: - name: kube-cloud-config - - name: socket-dir - emptyDir: {} -` - -func TestWithCustomCABundle(t *testing.T) { +func TestReplacementsForCustomCABundle(t *testing.T) { cases := []struct { - name string - cm *corev1.ConfigMap - expected string + name string + cm *corev1.ConfigMap + expectedEnvVar string + expectedOptional string }{ { - name: "no configmap", - expected: controllerWithoutCABundle, + name: "no configmap", + expectedEnvVar: "UNUSED_AWS_CA_BUNDLE", + expectedOptional: "true", }, { name: "no CA bundle in configmap", @@ -370,7 +32,8 @@ func TestWithCustomCABundle(t *testing.T) { "other-key": "other-data", }, }, - expected: controllerWithoutCABundle, + expectedEnvVar: "UNUSED_AWS_CA_BUNDLE", + expectedOptional: "true", }, { name: "custom CA bundle", @@ -383,7 +46,8 @@ func TestWithCustomCABundle(t *testing.T) { "ca-bundle.pem": "a custom bundle", }, }, - expected: controllerWithCABundle, + expectedEnvVar: "AWS_CA_BUNDLE", + expectedOptional: "false", }, } for _, tc := range cases { @@ -393,9 +57,18 @@ func TestWithCustomCABundle(t *testing.T) { resources = append(resources, tc.cm) } kubeClient := fake.NewSimpleClientset(resources...) - actual := string(withCustomCABundle(generated.MustAsset, kubeClient)("controller.yaml")) - if e, a := tc.expected, actual; e != a { - t.Errorf("unexpected controller asset\nexpected:\n%s\ngot:\n%s", e, a) + actualReplaces, err := replacementsForCustomCABundle(kubeClient)() + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if e, a := 2, len(actualReplaces); e != a { + t.Errorf("unexpected number of replaces. expected=%v, got=%v", e, a) + } + if e, a := tc.expectedEnvVar, actualReplaces["AWS_CA_BUNDLE_ENV_VAR"]; e != a { + t.Errorf("unexpected replacement for env var name. expected=%v, got=%v", e, a) + } + if e, a := tc.expectedOptional, actualReplaces["CA_BUNDLE_OPTIONAL"]; e != a { + t.Errorf("unexpected replacement for optional value. expected=%v, got=%v", e, a) } }) } diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile index 7993192b6..f1d7ca000 100644 --- a/vendor/github.com/openshift/api/Makefile +++ b/vendor/github.com/openshift/api/Makefile @@ -30,6 +30,7 @@ $(call add-crd-gen,operatoringress,./operatoringress/v1,./operatoringress/v1,./o $(call add-crd-gen,quota,./quota/v1,./quota/v1,./quota/v1) $(call add-crd-gen,samples,./samples/v1,./samples/v1,./samples/v1) $(call add-crd-gen,security,./security/v1,./security/v1,./security/v1) +$(call add-crd-gen,securityinternal,./securityinternal/v1,./securityinternal/v1,./securityinternal/v1) $(call add-crd-gen,network,./network/v1,./network/v1,./network/v1) $(call add-crd-gen,operatorcontrolplane,./operatorcontrolplane/v1alpha1,./operatorcontrolplane/v1alpha1,./operatorcontrolplane/v1alpha1) diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml index f7767a124..9e79054c6 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml @@ -92,7 +92,9 @@ spec: format: date-time message: description: message provides additional information about the - current condition. This is only to be consumed by humans. + current condition. This is only to be consumed by humans. It + may contain Line Feed characters (U+000A), which should be rendered + as new lines. type: string reason: description: reason is the CamelCase reason for the condition's diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index b5dc54376..1acda61af 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -218,7 +218,9 @@ spec: format: date-time message: description: message provides additional information about the - current condition. This is only to be consumed by humans. + current condition. This is only to be consumed by humans. It + may contain Line Feed characters (U+000A), which should be rendered + as new lines. type: string reason: description: reason is the CamelCase reason for the condition's diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml index 7287300e4..57b7c6e2b 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml @@ -112,6 +112,10 @@ spec: description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt + infrastructure provider. + type: object openstack: description: OpenStack contains settings specific to the OpenStack infrastructure provider. @@ -127,8 +131,8 @@ spec: creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", and "None". Individual components may not - support all platforms, and must handle unrecognized platforms + "VSphere", "oVirt", "KubeVirt" and "None". Individual components + may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. type: string enum: @@ -143,6 +147,7 @@ spec: - VSphere - oVirt - IBMCloud + - KubeVirt vsphere: description: VSphere contains settings specific to the VSphere infrastructure provider. @@ -190,6 +195,7 @@ spec: - VSphere - oVirt - IBMCloud + - KubeVirt platformStatus: description: platformStatus holds status information specific to the underlying infrastructure provider. @@ -307,6 +313,24 @@ spec: description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. type: string + kubevirt: + description: Kubevirt contains settings specific to the kubevirt + infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components inside + the cluster, like kubelets using the infrastructure rather + than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer in + front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target of + a wildcard DNS record used to resolve default route host names. + type: string openstack: description: OpenStack contains settings specific to the OpenStack infrastructure provider. @@ -385,6 +409,7 @@ spec: - VSphere - oVirt - IBMCloud + - KubeVirt vsphere: description: VSphere contains settings specific to the VSphere infrastructure provider. diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index 3681d0ff0..299adb1c9 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -130,7 +130,8 @@ type ClusterOperatorStatusCondition struct { Reason string `json:"reason,omitempty"` // message provides additional information about the current condition. - // This is only to be consumed by humans. + // This is only to be consumed by humans. It may contain Line Feed + // characters (U+000A), which should be rendered as new lines. // +optional Message string `json:"message,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 3c4bd788f..efea0a41a 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -79,7 +79,7 @@ type InfrastructureStatus struct { } // PlatformType is a specific supported infrastructure provider. -// +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud +// +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud;KubeVirt type PlatformType string const ( @@ -112,6 +112,9 @@ const ( // IBMCloudPlatformType represents IBM Cloud infrastructure. IBMCloudPlatformType PlatformType = "IBMCloud" + + // KubevirtPlatformType represents KubeVirt/Openshift Virtualization infrastructure. + KubevirtPlatformType PlatformType = "KubeVirt" ) // IBMCloudProviderType is a specific supported IBM Cloud provider cluster type @@ -134,7 +137,7 @@ type PlatformSpec struct { // balancers, dynamic volume provisioning, machine creation and deletion, and // other integrations are enabled. If None, no infrastructure automation is // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - // "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support + // "OpenStack", "VSphere", "oVirt", "KubeVirt" and "None". Individual components may not support // all platforms, and must handle unrecognized platforms as None if they do // not support that platform. // @@ -172,6 +175,10 @@ type PlatformSpec struct { // IBMCloud contains settings specific to the IBMCloud infrastructure provider. // +optional IBMCloud *IBMCloudPlatformSpec `json:"ibmcloud,omitempty"` + + // Kubevirt contains settings specific to the kubevirt infrastructure provider. + // +optional + Kubevirt *KubevirtPlatformSpec `json:"kubevirt,omitempty"` } // PlatformStatus holds the current status specific to the underlying infrastructure provider @@ -222,6 +229,10 @@ type PlatformStatus struct { // IBMCloud contains settings specific to the IBMCloud infrastructure provider. // +optional IBMCloud *IBMCloudPlatformStatus `json:"ibmcloud,omitempty"` + + // Kubevirt contains settings specific to the kubevirt infrastructure provider. + // +optional + Kubevirt *KubevirtPlatformStatus `json:"kubevirt,omitempty"` } // AWSServiceEndpoint store the configuration of a custom url to @@ -433,6 +444,23 @@ type IBMCloudPlatformStatus struct { ProviderType IBMCloudProviderType `json:"providerType,omitempty"` } +// KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. +// This only includes fields that can be modified in the cluster. +type KubevirtPlatformSpec struct{} + +// KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider. +type KubevirtPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + IngressIP string `json:"ingressIP,omitempty"` +} + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // InfrastructureList is diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 7542490ef..4a41d1b7f 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2259,6 +2259,38 @@ func (in *KubeClientConfig) DeepCopy() *KubeClientConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubevirtPlatformSpec) DeepCopyInto(out *KubevirtPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubevirtPlatformSpec. +func (in *KubevirtPlatformSpec) DeepCopy() *KubevirtPlatformSpec { + if in == nil { + return nil + } + out := new(KubevirtPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubevirtPlatformStatus) DeepCopyInto(out *KubevirtPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubevirtPlatformStatus. +func (in *KubevirtPlatformStatus) DeepCopy() *KubevirtPlatformStatus { + if in == nil { + return nil + } + out := new(KubevirtPlatformStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LDAPAttributeMapping) DeepCopyInto(out *LDAPAttributeMapping) { *out = *in @@ -2949,6 +2981,11 @@ func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { *out = new(IBMCloudPlatformSpec) **out = **in } + if in.Kubevirt != nil { + in, out := &in.Kubevirt, &out.Kubevirt + *out = new(KubevirtPlatformSpec) + **out = **in + } return } @@ -3005,6 +3042,11 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { *out = new(IBMCloudPlatformStatus) **out = **in } + if in.Kubevirt != nil { + in, out := &in.Kubevirt, &out.Kubevirt + *out = new(KubevirtPlatformStatus) + **out = **in + } return } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 72d3bb2cf..118d7bb45 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -443,7 +443,7 @@ var map_ClusterOperatorStatusCondition = map[string]string{ "status": "status of the condition, one of True, False, Unknown.", "lastTransitionTime": "lastTransitionTime is the time of the last update to the current status property.", "reason": "reason is the CamelCase reason for the condition's current status.", - "message": "message provides additional information about the current condition. This is only to be consumed by humans.", + "message": "message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", } func (ClusterOperatorStatusCondition) SwaggerDoc() map[string]string { @@ -857,6 +857,24 @@ func (InfrastructureStatus) SwaggerDoc() map[string]string { return map_InfrastructureStatus } +var map_KubevirtPlatformSpec = map[string]string{ + "": "KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (KubevirtPlatformSpec) SwaggerDoc() map[string]string { + return map_KubevirtPlatformSpec +} + +var map_KubevirtPlatformStatus = map[string]string{ + "": "KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", +} + +func (KubevirtPlatformStatus) SwaggerDoc() map[string]string { + return map_KubevirtPlatformStatus +} + var map_OpenStackPlatformSpec = map[string]string{ "": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", } @@ -898,7 +916,7 @@ func (OvirtPlatformStatus) SwaggerDoc() map[string]string { var map_PlatformSpec = map[string]string{ "": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", - "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", "azure": "Azure contains settings specific to the Azure infrastructure provider.", "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", @@ -907,6 +925,7 @@ var map_PlatformSpec = map[string]string{ "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "kubevirt": "Kubevirt contains settings specific to the kubevirt infrastructure provider.", } func (PlatformSpec) SwaggerDoc() map[string]string { @@ -924,6 +943,7 @@ var map_PlatformStatus = map[string]string{ "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "kubevirt": "Kubevirt contains settings specific to the kubevirt infrastructure provider.", } func (PlatformStatus) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/go.mod b/vendor/github.com/openshift/api/go.mod index 24b746a76..cc20c653d 100644 --- a/vendor/github.com/openshift/api/go.mod +++ b/vendor/github.com/openshift/api/go.mod @@ -1,14 +1,14 @@ module github.com/openshift/api -go 1.13 +go 1.15 require ( github.com/gogo/protobuf v1.3.1 - github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 + github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab github.com/spf13/pflag v1.0.5 golang.org/x/tools v0.0.0-20200616133436-c1934b75d054 - k8s.io/api v0.19.0 - k8s.io/apimachinery v0.19.0 - k8s.io/code-generator v0.19.0 + k8s.io/api v0.19.2 + k8s.io/apimachinery v0.19.2 + k8s.io/code-generator v0.19.2 k8s.io/klog/v2 v2.2.0 ) diff --git a/vendor/github.com/openshift/api/go.sum b/vendor/github.com/openshift/api/go.sum index c4f904ce5..f6055166a 100644 --- a/vendor/github.com/openshift/api/go.sum +++ b/vendor/github.com/openshift/api/go.sum @@ -104,8 +104,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 h1:mOq7Mg1Q9d7nIDxe1SJ6pluMBQsbVxa6olyAGmfYWTg= -github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= +github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab h1:lBrojddP6C9C2p67EMs2vcdpC8eF+H0DDom+fgI2IF0= +github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -214,12 +214,12 @@ gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.19.0 h1:XyrFIJqTYZJ2DU7FBE/bSPz7b1HvbVBuBf07oeo6eTc= -k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw= -k8s.io/apimachinery v0.19.0 h1:gjKnAda/HZp5k4xQYjL0K/Yb66IvNqjthCb03QlKpaQ= -k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= -k8s.io/code-generator v0.19.0 h1:r0BxYnttP/r8uyKd4+Njg0B57kKi8wLvwEzaaVy3iZ8= -k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= +k8s.io/api v0.19.2 h1:q+/krnHWKsL7OBZg/rxnycsl9569Pud76UJ77MvKXms= +k8s.io/api v0.19.2/go.mod h1:IQpK0zFQ1xc5iNIQPqzgoOwuFugaYHK4iCknlAQP9nI= +k8s.io/apimachinery v0.19.2 h1:5Gy9vQpAGTKHPVOh5c4plE274X8D/6cuEiTO2zve7tc= +k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= +k8s.io/code-generator v0.19.2 h1:7uaWJll6fyCPj2j3sfNN1AiY2gZU1VFN2dFR2uoxGWI= +k8s.io/code-generator v0.19.2/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14 h1:t4L10Qfx/p7ASH3gXCdIUtPbbIuegCoUJf3TMSFekjw= k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= diff --git a/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml index d67d798fe..8f7d5c5ce 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml +++ b/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml @@ -36,7 +36,6 @@ spec: description: ImageRegistrySpec defines the specs for the running registry. type: object required: - - logging - managementState - replicas properties: @@ -652,6 +651,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll logging: description: logging is deprecated, use logLevel instead. type: integer @@ -675,11 +680,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll proxy: description: proxy defines the proxy to be used when calling master api, upstream registries, etc. diff --git a/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml index a1f7cce99..8f1ac6077 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml +++ b/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml @@ -656,6 +656,18 @@ spec: pruning. Defaults to 60m (60 minutes). type: string format: duration + logLevel: + description: "logLevel sets the level of log output for the pruner + job. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". + Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll nodeSelector: description: nodeSelector defines the node selection constraints for the image pruner pod. diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types.go b/vendor/github.com/openshift/api/imageregistry/v1/types.go index 69be006a2..debb34c09 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types.go @@ -81,7 +81,8 @@ type ImageRegistrySpec struct { // replicas determines the number of registry instances to run. Replicas int32 `json:"replicas"` // logging is deprecated, use logLevel instead. - Logging int64 `json:"logging"` + // +optional + Logging int64 `json:"logging,omitempty"` // resources defines the resource requests+limits for the registry pod. // +optional Resources *corev1.ResourceRequirements `json:"resources,omitempty"` diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go b/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go index 0ed892e00..08948924d 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go @@ -80,6 +80,13 @@ type ImagePrunerSpec struct { // errors while parsing image references. // +optional IgnoreInvalidImageReferences bool `json:"ignoreInvalidImageReferences,omitempty"` + // logLevel sets the level of log output for the pruner job. + // + // Valid values are: "Normal", "Debug", "Trace", "TraceAll". + // Defaults to "Normal". + // +optional + // +kubebuilder:default=Normal + LogLevel operatorv1.LogLevel `json:"logLevel,omitempty"` } // ImagePrunerStatus reports image pruner operational status. diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go index 0084cc366..5149a2d22 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go @@ -232,6 +232,7 @@ var map_ImagePrunerSpec = map[string]string{ "successfulJobsHistoryLimit": "successfulJobsHistoryLimit specifies how many successful image pruner jobs to retain. Defaults to 3 if not set.", "failedJobsHistoryLimit": "failedJobsHistoryLimit specifies how many failed image pruner jobs to retain. Defaults to 3 if not set.", "ignoreInvalidImageReferences": "ignoreInvalidImageReferences indicates whether the pruner can ignore errors while parsing image references.", + "logLevel": "logLevel sets the level of log output for the pruner job.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", } func (ImagePrunerSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml b/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml index b064daade..16bc8b5f2 100644 --- a/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml +++ b/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml @@ -1,7 +1,6 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - creationTimestamp: null name: clusternetworks.network.openshift.io spec: group: network.openshift.io @@ -11,103 +10,6 @@ spec: plural: clusternetworks singular: clusternetwork scope: Cluster - validation: - # As compared to ValidateClusterNetwork, this does not validate that: - # - the hostSubnetLengths are valid for their CIDRs - # - the cluster/service networks do not overlap - # - .network and .hostsubnetlength are set if name == 'default' - # - .network and .hostsubnetlength are either unset, or equal to - # .clusterNetworks[0].CIDR and .clusterNetworks[0].hostSubnetLength - openAPIV3Schema: - description: ClusterNetwork describes the cluster network. There is normally - only one object of this type, named "default", which is created by the SDN - network plugin based on the master configuration when the cluster is brought - up for the first time. - type: object - required: - - clusterNetworks - - serviceNetwork - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - clusterNetworks: - description: ClusterNetworks is a list of ClusterNetwork objects that defines - the global overlay network's L3 space by specifying a set of CIDR and - netmasks that the SDN can allocate addresses from. - type: array - items: - description: ClusterNetworkEntry defines an individual cluster network. - The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved - for external ips, CIDRs reserved for service networks, and CIDRs reserved - for ingress ips. - type: object - required: - - CIDR - - hostSubnetLength - properties: - CIDR: - description: CIDR defines the total range of a cluster networks address - space. - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - hostSubnetLength: - description: HostSubnetLength is the number of bits of the accompanying - CIDR address to allocate to each node. eg, 8 would mean that each - node would have a /24 slice of the overlay network for its pods. - type: integer - format: int32 - maximum: 30 - minimum: 2 - hostsubnetlength: - description: HostSubnetLength is the number of bits of network to allocate - to each node. eg, 8 would mean that each node would have a /24 slice of - the overlay network for its pods - type: integer - format: int32 - maximum: 30 - minimum: 2 - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - mtu: - description: MTU is the MTU for the overlay network. This should be 50 less - than the MTU of the network connecting the nodes. It is normally autodetected - by the cluster network operator. - type: integer - format: int32 - maximum: 65536 - minimum: 576 - network: - description: Network is a CIDR string specifying the global overlay network's - L3 space - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - pluginName: - description: PluginName is the name of the network plugin being used - type: string - serviceNetwork: - description: ServiceNetwork is the CIDR range that Service IP addresses - are allocated from - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - vxlanPort: - description: VXLANPort sets the VXLAN destination port used by the cluster. - It is set by the master configuration file on startup and cannot be edited - manually. Valid values for VXLANPort are integers 1-65535 inclusive and - if unset defaults to 4789. Changing VXLANPort allows users to resolve - issues between openshift SDN and other software trying to use the same - VXLAN destination port. - type: integer - format: int32 - maximum: 65535 - minimum: 1 additionalPrinterColumns: - name: Cluster Network type: string @@ -126,6 +28,97 @@ spec: - name: v1 served: true storage: true + "schema": + "openAPIV3Schema": + description: ClusterNetwork describes the cluster network. There is normally + only one object of this type, named "default", which is created by the SDN + network plugin based on the master configuration when the cluster is brought + up for the first time. + type: object + required: + - clusterNetworks + - serviceNetwork + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + clusterNetworks: + description: ClusterNetworks is a list of ClusterNetwork objects that + defines the global overlay network's L3 space by specifying a set of + CIDR and netmasks that the SDN can allocate addresses from. + type: array + items: + description: ClusterNetworkEntry defines an individual cluster network. + The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved + for external ips, CIDRs reserved for service networks, and CIDRs reserved + for ingress ips. + type: object + required: + - CIDR + - hostSubnetLength + properties: + CIDR: + description: CIDR defines the total range of a cluster networks + address space. + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + hostSubnetLength: + description: HostSubnetLength is the number of bits of the accompanying + CIDR address to allocate to each node. eg, 8 would mean that each + node would have a /24 slice of the overlay network for its pods. + type: integer + format: int32 + maximum: 30 + minimum: 2 + hostsubnetlength: + description: HostSubnetLength is the number of bits of network to allocate + to each node. eg, 8 would mean that each node would have a /24 slice + of the overlay network for its pods + type: integer + format: int32 + maximum: 30 + minimum: 2 + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + mtu: + description: MTU is the MTU for the overlay network. This should be 50 + less than the MTU of the network connecting the nodes. It is normally + autodetected by the cluster network operator. + type: integer + format: int32 + maximum: 65536 + minimum: 576 + network: + description: Network is a CIDR string specifying the global overlay network's + L3 space + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + pluginName: + description: PluginName is the name of the network plugin being used + type: string + serviceNetwork: + description: ServiceNetwork is the CIDR range that Service IP addresses + are allocated from + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + vxlanPort: + description: VXLANPort sets the VXLAN destination port used by the cluster. + It is set by the master configuration file on startup and cannot be + edited manually. Valid values for VXLANPort are integers 1-65535 inclusive + and if unset defaults to 4789. Changing VXLANPort allows users to resolve + issues between openshift SDN and other software trying to use the same + VXLAN destination port. + type: integer + format: int32 + maximum: 65535 + minimum: 1 status: acceptedNames: kind: "" diff --git a/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml b/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml index 9b8af4914..1cc4ebd5f 100644 --- a/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml +++ b/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml @@ -1,7 +1,6 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - creationTimestamp: null name: hostsubnets.network.openshift.io spec: group: network.openshift.io @@ -11,70 +10,6 @@ spec: plural: hostsubnets singular: hostsubnet scope: Cluster - validation: - # As compared to ValidateHostSubnet, this does not validate that: - # - .host == .name - # - either .subnet is set or the assign-subnet annotation is present - # As compared to ValidateHostSubnetUpdate, this does not validate that: - # - .subnet is not changed on an existing object - openAPIV3Schema: - description: HostSubnet describes the container subnet network on a node. The - HostSubnet object must have the same name as the Node object it corresponds - to. - type: object - required: - - host - - hostIP - - subnet - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - egressCIDRs: - description: EgressCIDRs is the list of CIDR ranges available for automatically - assigning egress IPs to this node from. If this field is set then EgressIPs - should be treated as read-only. - type: array - items: - description: HostSubnetEgressCIDR represents one egress CIDR from which - to assign IP addresses for this node represented by the HostSubnet - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - egressIPs: - description: EgressIPs is the list of automatic egress IP addresses currently - hosted by this node. If EgressCIDRs is empty, this can be set by hand; - if EgressCIDRs is set then the master will overwrite the value here with - its own allocation of egress IPs. - type: array - items: - description: HostSubnetEgressIP represents one egress IP address currently - hosted on the node represented by HostSubnet - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ - host: - description: Host is the name of the node. (This is the same as the object's - name, but both fields must be set.) - type: string - pattern: ^[a-z0-9.-]+$ - hostIP: - description: HostIP is the IP address to be used as a VTEP by other nodes - in the overlay network - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - subnet: - description: Subnet is the CIDR range of the overlay network assigned to - the node for its pods - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ additionalPrinterColumns: - name: Host type: string @@ -103,6 +38,65 @@ spec: - name: v1 served: true storage: true + "schema": + "openAPIV3Schema": + description: HostSubnet describes the container subnet network on a node. + The HostSubnet object must have the same name as the Node object it corresponds + to. + type: object + required: + - host + - hostIP + - subnet + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + egressCIDRs: + description: EgressCIDRs is the list of CIDR ranges available for automatically + assigning egress IPs to this node from. If this field is set then EgressIPs + should be treated as read-only. + type: array + items: + description: HostSubnetEgressCIDR represents one egress CIDR from which + to assign IP addresses for this node represented by the HostSubnet + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + egressIPs: + description: EgressIPs is the list of automatic egress IP addresses currently + hosted by this node. If EgressCIDRs is empty, this can be set by hand; + if EgressCIDRs is set then the master will overwrite the value here + with its own allocation of egress IPs. + type: array + items: + description: HostSubnetEgressIP represents one egress IP address currently + hosted on the node represented by HostSubnet + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ + host: + description: Host is the name of the node. (This is the same as the object's + name, but both fields must be set.) + type: string + pattern: ^[a-z0-9.-]+$ + hostIP: + description: HostIP is the IP address to be used as a VTEP by other nodes + in the overlay network + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + subnet: + description: Subnet is the CIDR range of the overlay network assigned + to the node for its pods + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ status: acceptedNames: kind: "" diff --git a/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml b/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml index 80fa3b05f..efe4ebec5 100644 --- a/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml +++ b/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml @@ -1,7 +1,6 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - creationTimestamp: null name: netnamespaces.network.openshift.io spec: group: network.openshift.io @@ -11,56 +10,6 @@ spec: plural: netnamespaces singular: netnamespace scope: Cluster - validation: - # As compared to ValidateNetNamespace, this does not validate that: - # - .netname == .name - # - .netid is not 1-9 - openAPIV3Schema: - description: NetNamespace describes a single isolated network. When using the - redhat/openshift-ovs-multitenant plugin, every Namespace will have a corresponding - NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, - NetNamespaces are not used.) - type: object - required: - - netid - - netname - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - egressIPs: - description: EgressIPs is a list of reserved IPs that will be used as the - source for external traffic coming from pods in this namespace. (If empty, - external traffic will be masqueraded to Node IPs.) - type: array - items: - description: NetNamespaceEgressIP is a single egress IP out of a list - of reserved IPs used as source of external traffic coming from pods - in this namespace - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - netid: - description: NetID is the network identifier of the network namespace assigned - to each overlay network packet. This can be manipulated with the "oc adm - pod-network" commands. - type: integer - format: int32 - maximum: 16777215 - minimum: 0 - netname: - description: NetName is the name of the network namespace. (This is the - same as the object's name, but both fields must be set.) - type: string - pattern: ^[a-z0-9.-]+$ additionalPrinterColumns: - name: NetID type: integer @@ -75,6 +24,53 @@ spec: - name: v1 served: true storage: true + "schema": + "openAPIV3Schema": + description: NetNamespace describes a single isolated network. When using + the redhat/openshift-ovs-multitenant plugin, every Namespace will have a + corresponding NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, + NetNamespaces are not used.) + type: object + required: + - netid + - netname + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + egressIPs: + description: EgressIPs is a list of reserved IPs that will be used as + the source for external traffic coming from pods in this namespace. + (If empty, external traffic will be masqueraded to Node IPs.) + type: array + items: + description: NetNamespaceEgressIP is a single egress IP out of a list + of reserved IPs used as source of external traffic coming from pods + in this namespace + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + netid: + description: NetID is the network identifier of the network namespace + assigned to each overlay network packet. This can be manipulated with + the "oc adm pod-network" commands. + type: integer + format: int32 + maximum: 16777215 + minimum: 0 + netname: + description: NetName is the name of the network namespace. (This is the + same as the object's name, but both fields must be set.) + type: string + pattern: ^[a-z0-9.-]+$ status: acceptedNames: kind: "" diff --git a/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml b/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml index 16e84c104..766073948 100644 --- a/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml +++ b/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml @@ -1,7 +1,6 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - creationTimestamp: null name: egressnetworkpolicies.network.openshift.io spec: group: network.openshift.io @@ -11,75 +10,75 @@ spec: plural: egressnetworkpolicies singular: egressnetworkpolicy scope: Namespaced - validation: - # This should be mostly equivalent to ValidateEgressNetworkPolicy - openAPIV3Schema: - description: EgressNetworkPolicy describes the current egress network policy - for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network - plugin, traffic from a pod to an IP address outside the cluster will be checked - against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, - in order. If no rule matches (or no EgressNetworkPolicy is present) then the - traffic will be allowed by default. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the current egress network policy - type: object - required: - - egress - properties: - egress: - description: egress contains the list of egress policy rules - type: array - items: - description: EgressNetworkPolicyRule contains a single egress network - policy rule - type: object - required: - - to - - type - properties: - to: - description: to is the target that traffic is allowed/denied to - type: object - properties: - cidrSelector: - description: CIDRSelector is the CIDR range to allow/deny - traffic to. If this is set, dnsName must be unset Ideally - we would have liked to use the cidr openapi format for this - property. But openshift-sdn only supports v4 while specifying - the cidr format allows both v4 and v6 cidrs We are therefore - using a regex pattern to validate instead. - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - dnsName: - description: DNSName is the domain name to allow/deny traffic - to. If this is set, cidrSelector must be unset - type: string - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: - description: type marks this as an "Allow" or "Deny" rule - type: string - pattern: ^Allow|Deny$ version: v1 versions: - name: v1 served: true storage: true + "schema": + "openAPIV3Schema": + description: EgressNetworkPolicy describes the current egress network policy + for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network + plugin, traffic from a pod to an IP address outside the cluster will be + checked against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, + in order. If no rule matches (or no EgressNetworkPolicy is present) then + the traffic will be allowed by default. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the current egress network policy + type: object + required: + - egress + properties: + egress: + description: egress contains the list of egress policy rules + type: array + items: + description: EgressNetworkPolicyRule contains a single egress network + policy rule + type: object + required: + - to + - type + properties: + to: + description: to is the target that traffic is allowed/denied + to + type: object + properties: + cidrSelector: + description: CIDRSelector is the CIDR range to allow/deny + traffic to. If this is set, dnsName must be unset Ideally + we would have liked to use the cidr openapi format for + this property. But openshift-sdn only supports v4 while + specifying the cidr format allows both v4 and v6 cidrs + We are therefore using a regex pattern to validate instead. + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + dnsName: + description: DNSName is the domain name to allow/deny traffic + to. If this is set, cidrSelector must be unset + type: string + pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ + type: + description: type marks this as an "Allow" or "Deny" rule + type: string + pattern: ^Allow|Deny$ status: acceptedNames: kind: "" diff --git a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml index 6beaeb259..5fe799ffe 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml @@ -51,6 +51,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -64,11 +70,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml similarity index 92% rename from vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml rename to vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml index 14f6aeb57..150a87266 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml @@ -63,6 +63,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -76,11 +82,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll succeededRevisionLimit: description: succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml index b695ce838..58a1d3bc1 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml @@ -54,6 +54,12 @@ spec: to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string managementState: description: managementState indicates whether and how the operator @@ -68,10 +74,18 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string succeededRevisionLimit: description: succeededRevisionLimit is the number of successful static diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml index 6f08cec5d..efd88b3c9 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml @@ -56,6 +56,12 @@ spec: to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string managementState: description: managementState indicates whether and how the operator @@ -70,10 +76,18 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string succeededRevisionLimit: description: succeededRevisionLimit is the number of successful static diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml index faf3f0448..3cb62b80b 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml @@ -56,6 +56,12 @@ spec: to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string managementState: description: managementState indicates whether and how the operator @@ -70,10 +76,18 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string succeededRevisionLimit: description: succeededRevisionLimit is the number of successful static diff --git a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml index b6bba3cc6..269edb4d8 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml @@ -52,6 +52,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -65,11 +71,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml index 098de4470..829cf05b3 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml @@ -62,6 +62,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -75,11 +81,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml index 9adbb29e6..d0133c88a 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml @@ -49,6 +49,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -62,11 +68,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml index 20cac90b4..ceb754a52 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml @@ -48,6 +48,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -61,11 +67,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml index 0d9403cd3..ce10a1576 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml @@ -50,6 +50,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -63,11 +69,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml index a05f40888..0ae3d9568 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml @@ -49,6 +49,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -62,11 +68,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index 7c14492ab..75d757d99 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -11,7 +11,7 @@ spec: listKind: IngressControllerList plural: ingresscontrollers singular: ingresscontroller - scope: Cluster + scope: Namespaced versions: - name: v1 schema: @@ -1031,4 +1031,8 @@ spec: served: true storage: true subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.availableReplicas status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml index 3f9f7b10a..b33eff67f 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml @@ -7,6 +7,11 @@ metadata: spec: scope: Cluster group: operator.openshift.io + names: + kind: ServiceCA + listKind: ServiceCAList + plural: servicecas + singular: serviceca versions: - name: v1 served: true @@ -38,11 +43,19 @@ spec: type: object properties: logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret - for their operands. + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -56,11 +69,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml index 0f1686695..0e3960596 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml @@ -353,7 +353,10 @@ spec: description: The address to "bind" on Defaults to 0.0.0.0 type: string iptablesSyncPeriod: - description: 'The period that iptables rules are refreshed. Default: + description: 'An internal kube-proxy parameter. In older releases + of OCP, this sometimes needed to be adjusted in large clusters + for performance reasons, but this is no longer necessary, and + there is no reason to change this from the default value. Default: 30s' type: string proxyArguments: @@ -367,11 +370,20 @@ spec: items: type: string logLevel: - description: logLevel allows configuring the logging level of the + description: "logLevel allows configuring the logging level of the components deployed by the operator. Currently only Kuryr SDN is affected by this setting. Please note that turning on extensive - logging may affect performance. The default value is "Normal". + logging may affect performance. The default value is \"Normal\". + \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". + Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll serviceNetwork: description: serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml index f23db5fef..ae39ae716 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml @@ -95,6 +95,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -108,11 +114,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll providers: description: providers contains configuration for using specific service providers. diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml index 16e04f4c7..709eff4fe 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml @@ -49,6 +49,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -62,11 +68,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml index 4b44f35bd..8404b1a0f 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml @@ -35,6 +35,7 @@ spec: name: enum: - ebs.csi.aws.com + - cinder.csi.openstack.org - manila.csi.openstack.org - csi.ovirt.org type: string @@ -49,6 +50,12 @@ spec: to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string managementState: description: managementState indicates whether and how the operator @@ -63,10 +70,18 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch index 22f3a1294..7f1945a9c 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch @@ -5,5 +5,6 @@ type: string enum: - ebs.csi.aws.com + - cinder.csi.openstack.org - manila.csi.openstack.org - csi.ovirt.org diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index ed11b3219..c4cd34505 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -56,12 +56,16 @@ type OperatorSpec struct { // Defaults to "Normal". // +optional // +kubebuilder:default=Normal - LogLevel LogLevel `json:"logLevel"` + LogLevel LogLevel `json:"logLevel,omitempty"` // operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a // simple way to manage coarse grained logging choices that operators have to interpret for themselves. + // + // Valid values are: "Normal", "Debug", "Trace", "TraceAll". + // Defaults to "Normal". // +optional - OperatorLogLevel LogLevel `json:"operatorLogLevel"` + // +kubebuilder:default=Normal + OperatorLogLevel LogLevel `json:"operatorLogLevel,omitempty"` // unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override // it will end up overlaying in the following order: @@ -81,6 +85,7 @@ type OperatorSpec struct { ObservedConfig runtime.RawExtension `json:"observedConfig"` } +// +kubebuilder:validation:Enum="";Normal;Debug;Trace;TraceAll type LogLevel string var ( diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index e6217ab8c..3e897b9f3 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -41,6 +41,7 @@ type CSIDriverName string // and 0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch file is also updated with new driver name. const ( AWSEBSCSIDriver CSIDriverName = "ebs.csi.aws.com" + CinderCSIDriver CSIDriverName = "cinder.csi.openstack.org" ManilaCSIDriver CSIDriverName = "manila.csi.openstack.org" OvirtCSIDriver CSIDriverName = "csi.ovirt.org" ) diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 7e678d11a..71cf5a35e 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -74,8 +74,12 @@ type NetworkSpec struct { // by the operator. Currently only Kuryr SDN is affected by this setting. // Please note that turning on extensive logging may affect performance. // The default value is "Normal". + // + // Valid values are: "Normal", "Debug", "Trace", "TraceAll". + // Defaults to "Normal". // +optional - LogLevel LogLevel `json:"logLevel"` + // +kubebuilder:default=Normal + LogLevel LogLevel `json:"logLevel,omitempty"` } // ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size @@ -337,7 +341,9 @@ type ProxyArgumentList []string // ProxyConfig defines the configuration knobs for kubeproxy // All of these are optional and have sensible defaults type ProxyConfig struct { - // The period that iptables rules are refreshed. + // An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + // in large clusters for performance reasons, but this is no longer necessary, and there is no reason + // to change this from the default value. // Default: 30s IptablesSyncPeriod string `json:"iptablesSyncPeriod,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index f4cef5edd..cb241c784 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -58,7 +58,7 @@ var map_OperatorSpec = map[string]string{ "": "OperatorSpec contains common fields operators need. It is intended to be anonymous included inside of the Spec struct for your particular operator.", "managementState": "managementState indicates whether and how the operator should manage the component", "logLevel": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "operatorLogLevel": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.", + "operatorLogLevel": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "unsupportedConfigOverrides": "unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides", "observedConfig": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", } @@ -794,7 +794,7 @@ var map_NetworkSpec = map[string]string{ "disableMultiNetwork": "disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.", "deployKubeProxy": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when OpenShift SDN and ovn-kubernetes are used and true otherwise.", "kubeProxyConfig": "kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn.", - "logLevel": "logLevel allows configuring the logging level of the components deployed by the operator. Currently only Kuryr SDN is affected by this setting. Please note that turning on extensive logging may affect performance. The default value is \"Normal\".", + "logLevel": "logLevel allows configuring the logging level of the components deployed by the operator. Currently only Kuryr SDN is affected by this setting. Please note that turning on extensive logging may affect performance. The default value is \"Normal\".\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", } func (NetworkSpec) SwaggerDoc() map[string]string { @@ -835,7 +835,7 @@ func (OpenShiftSDNConfig) SwaggerDoc() map[string]string { var map_ProxyConfig = map[string]string{ "": "ProxyConfig defines the configuration knobs for kubeproxy All of these are optional and have sensible defaults", - "iptablesSyncPeriod": "The period that iptables rules are refreshed. Default: 30s", + "iptablesSyncPeriod": "An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s", "bindAddress": "The address to \"bind\" on Defaults to 0.0.0.0", "proxyArguments": "Any additional arguments to pass to the kubeproxy process", } diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml index 5cc8e56f9..a11af8884 100644 --- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml +++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml @@ -1,9 +1,8 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: include.release.openshift.io/self-managed-high-availability: "true" - creationTimestamp: null name: podnetworkconnectivitychecks.controlplane.operator.openshift.io spec: group: controlplane.operator.openshift.io @@ -12,255 +11,248 @@ spec: listKind: PodNetworkConnectivityCheckList plural: podnetworkconnectivitychecks singular: podnetworkconnectivitycheck - scope: "" - subresources: - status: {} - validation: - openAPIV3Schema: - description: PodNetworkConnectivityCheck - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the source and target of the connectivity check - type: object - required: - - sourcePod - - targetEndpoint - properties: - sourcePod: - description: SourcePod names the pod from which the condition will be - checked - type: string - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - targetEndpoint: - description: EndpointAddress to check. A TCP address of the form host:port. - Note that if host is a DNS name, then the check would fail if the - DNS name cannot be resolved. Specify an IP address for host to bypass - DNS name lookup. - type: string - pattern: ^\S+:\d*$ - tlsClientCert: - description: TLSClientCert, if specified, references a kubernetes.io/tls - type secret with 'tls.crt' and 'tls.key' entries containing an optional - TLS client certificate and key to be used when checking endpoints - that require a client certificate in order to gracefully preform the - scan without causing excessive logging in the endpoint process. The - secret must exist in the same namespace as this resource. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - status: - description: Status contains the observed status of the connectivity check - type: object - properties: - conditions: - description: Conditions summarize the status of the check - type: array - items: - description: PodNetworkConnectivityCheckCondition represents the overall - status of the pod network connectivity. - type: object - required: - - lastTransitionTime - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - format: date-time - nullable: true - message: - description: Message indicating details about last transition - in a human readable format. - type: string - reason: - description: Reason for the condition's last status transition - in a machine readable format. - type: string - status: - description: Status of the condition - type: string - type: - description: Type of the condition - type: string - failures: - description: Failures contains logs of unsuccessful check actions - type: array - items: - description: LogEntry records events - type: object - required: - - success - - time - properties: - latency: - description: Latency records how long the action mentioned in - the entry took. - type: string - nullable: true - message: - description: Message explaining status in a human readable format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates a success - or failure. - type: boolean - time: - description: Start time of check action. - type: string - format: date-time - nullable: true - outages: - description: Outages contains logs of time periods of outages - type: array - items: - description: OutageEntry records time period of an outage - type: object - required: - - start - properties: - end: - description: End of outage detected - type: string - format: date-time - nullable: true - endLogs: - description: EndLogs contains log entries related to the end of - this outage. Should contain the success entry that resolved - the outage and possibly a few of the failure log entries that - preceded it. - type: array - items: - description: LogEntry records events - type: object - required: - - success - - time - properties: - latency: - description: Latency records how long the action mentioned - in the entry took. - type: string - nullable: true - message: - description: Message explaining status in a human readable - format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates - a success or failure. - type: boolean - time: - description: Start time of check action. - type: string - format: date-time - nullable: true - message: - description: Message summarizes outage details in a human readable - format. - type: string - start: - description: Start of outage detected - type: string - format: date-time - nullable: true - startLogs: - description: StartLogs contains log entries related to the start - of this outage. Should contain the original failure, any entries - where the failure mode changed. - type: array - items: - description: LogEntry records events - type: object - required: - - success - - time - properties: - latency: - description: Latency records how long the action mentioned - in the entry took. - type: string - nullable: true - message: - description: Message explaining status in a human readable - format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates - a success or failure. - type: boolean - time: - description: Start time of check action. - type: string - format: date-time - nullable: true - successes: - description: Successes contains logs successful check actions - type: array - items: - description: LogEntry records events - type: object - required: - - success - - time - properties: - latency: - description: Latency records how long the action mentioned in - the entry took. - type: string - nullable: true - message: - description: Message explaining status in a human readable format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates a success - or failure. - type: boolean - time: - description: Start time of check action. - type: string - format: date-time - nullable: true - version: v1alpha1 + scope: Namespaced versions: - name: v1alpha1 served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + subresources: + status: {} + schema: + openAPIV3Schema: + description: PodNetworkConnectivityCheck + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the source and target of the connectivity check + type: object + required: + - sourcePod + - targetEndpoint + properties: + sourcePod: + description: SourcePod names the pod from which the condition will + be checked + type: string + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + targetEndpoint: + description: EndpointAddress to check. A TCP address of the form host:port. + Note that if host is a DNS name, then the check would fail if the + DNS name cannot be resolved. Specify an IP address for host to bypass + DNS name lookup. + type: string + pattern: ^\S+:\d*$ + tlsClientCert: + description: TLSClientCert, if specified, references a kubernetes.io/tls + type secret with 'tls.crt' and 'tls.key' entries containing an optional + TLS client certificate and key to be used when checking endpoints + that require a client certificate in order to gracefully preform + the scan without causing excessive logging in the endpoint process. + The secret must exist in the same namespace as this resource. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + status: + description: Status contains the observed status of the connectivity check + type: object + properties: + conditions: + description: Conditions summarize the status of the check + type: array + items: + description: PodNetworkConnectivityCheckCondition represents the + overall status of the pod network connectivity. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + format: date-time + nullable: true + message: + description: Message indicating details about last transition + in a human readable format. + type: string + reason: + description: Reason for the condition's last status transition + in a machine readable format. + type: string + status: + description: Status of the condition + type: string + type: + description: Type of the condition + type: string + failures: + description: Failures contains logs of unsuccessful check actions + type: array + items: + description: LogEntry records events + type: object + required: + - success + - time + properties: + latency: + description: Latency records how long the action mentioned in + the entry took. + type: string + nullable: true + message: + description: Message explaining status in a human readable format. + type: string + reason: + description: Reason for status in a machine readable format. + type: string + success: + description: Success indicates if the log entry indicates a + success or failure. + type: boolean + time: + description: Start time of check action. + type: string + format: date-time + nullable: true + outages: + description: Outages contains logs of time periods of outages + type: array + items: + description: OutageEntry records time period of an outage + type: object + required: + - start + properties: + end: + description: End of outage detected + type: string + format: date-time + nullable: true + endLogs: + description: EndLogs contains log entries related to the end + of this outage. Should contain the success entry that resolved + the outage and possibly a few of the failure log entries that + preceded it. + type: array + items: + description: LogEntry records events + type: object + required: + - success + - time + properties: + latency: + description: Latency records how long the action mentioned + in the entry took. + type: string + nullable: true + message: + description: Message explaining status in a human readable + format. + type: string + reason: + description: Reason for status in a machine readable format. + type: string + success: + description: Success indicates if the log entry indicates + a success or failure. + type: boolean + time: + description: Start time of check action. + type: string + format: date-time + nullable: true + message: + description: Message summarizes outage details in a human readable + format. + type: string + start: + description: Start of outage detected + type: string + format: date-time + nullable: true + startLogs: + description: StartLogs contains log entries related to the start + of this outage. Should contain the original failure, any entries + where the failure mode changed. + type: array + items: + description: LogEntry records events + type: object + required: + - success + - time + properties: + latency: + description: Latency records how long the action mentioned + in the entry took. + type: string + nullable: true + message: + description: Message explaining status in a human readable + format. + type: string + reason: + description: Reason for status in a machine readable format. + type: string + success: + description: Success indicates if the log entry indicates + a success or failure. + type: boolean + time: + description: Start time of check action. + type: string + format: date-time + nullable: true + successes: + description: Successes contains logs successful check actions + type: array + items: + description: LogEntry records events + type: object + required: + - success + - time + properties: + latency: + description: Latency records how long the action mentioned in + the entry took. + type: string + nullable: true + message: + description: Message explaining status in a human readable format. + type: string + reason: + description: Reason for status in a machine readable format. + type: string + success: + description: Success indicates if the log entry indicates a + success or failure. + type: boolean + time: + description: Start time of check action. + type: string + format: date-time + nullable: true diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index c4bc446e3..abf11f4c4 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -212,6 +212,10 @@ message RouterShard { // TLSConfig defines config used to secure a route and provide termination message TLSConfig { // termination indicates termination type. + // + // * edge - TLS termination is done by the router and http is used to communicate with the backend (default) + // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination + // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend optional string termination = 1; // certificate provides certificate contents diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index 9e59c6978..e36e192d8 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -212,6 +212,10 @@ type RouterShard struct { // TLSConfig defines config used to secure a route and provide termination type TLSConfig struct { // termination indicates termination type. + // + // * edge - TLS termination is done by the router and http is used to communicate with the backend (default) + // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination + // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend Termination TLSTerminationType `json:"termination" protobuf:"bytes,1,opt,name=termination,casttype=TLSTerminationType"` // certificate provides certificate contents diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go index 9974795f6..83b92816b 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go @@ -113,7 +113,7 @@ func (RouterShard) SwaggerDoc() map[string]string { var map_TLSConfig = map[string]string{ "": "TLSConfig defines config used to secure a route and provide termination", - "termination": "termination indicates termination type.", + "termination": "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend", "certificate": "certificate provides certificate contents", "key": "key provides key file contents", "caCertificate": "caCertificate provides the cert authority certificate contents", diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk index 3a24a57e1..25f92fe9a 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk @@ -51,7 +51,7 @@ update-codegen-crds: update-codegen-crds-$(1) verify-codegen-crds-$(1): VERIFY_CODEGEN_CRD_TMP_DIR:=$$(shell mktemp -d) verify-codegen-crds-$(1): ensure-controller-gen ensure-yq ensure-yaml-patch $(call run-crd-gen,$(2),$(3),$$(VERIFY_CODEGEN_CRD_TMP_DIR)) - $$(foreach p,$$(wildcard $(3)/*crd.yaml),$$(call diff-file,$$(p),$$(subst $(3),$$(VERIFY_CODEGEN_CRD_TMP_DIR),$$(p)))) + $$(foreach p,$$(wildcard $(4)/*crd.yaml),$$(call diff-file,$$(p),$$(subst $(4),$$(VERIFY_CODEGEN_CRD_TMP_DIR),$$(p)))) .PHONY: verify-codegen-crds-$(1) verify-codegen-crds: verify-codegen-crds-$(1) diff --git a/vendor/github.com/openshift/library-go/pkg/config/client/client_config.go b/vendor/github.com/openshift/library-go/pkg/config/client/client_config.go index a24731105..e2b90ca53 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/client/client_config.go +++ b/vendor/github.com/openshift/library-go/pkg/config/client/client_config.go @@ -2,14 +2,12 @@ package client import ( "io/ioutil" - "net" - "net/http" - "time" - "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" + "net/http" configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/library-go/pkg/network" ) // GetKubeConfigOrInClusterConfig loads in-cluster config if kubeConfigFile is empty or the file if not, @@ -101,10 +99,7 @@ func (c ClientTransportOverrides) DefaultClientTransport(rt http.RoundTripper) h return rt } - transport.DialContext = (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).DialContext + transport.DialContext = network.DefaultClientDialContext() // Hold open more internal idle connections transport.MaxIdleConnsPerHost = 100 diff --git a/vendor/github.com/openshift/library-go/pkg/network/dialer.go b/vendor/github.com/openshift/library-go/pkg/network/dialer.go new file mode 100644 index 000000000..f19be44a3 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/network/dialer.go @@ -0,0 +1,13 @@ +package network + +import ( + "context" + "net" +) + +type DialContext func(ctx context.Context, network, address string) (net.Conn, error) + +// DefaultDialContext returns a DialContext function from a network dialer with default options sets. +func DefaultClientDialContext() DialContext { + return dialerWithDefaultOptions() +} diff --git a/vendor/github.com/openshift/library-go/pkg/network/dialer_linux.go b/vendor/github.com/openshift/library-go/pkg/network/dialer_linux.go new file mode 100644 index 000000000..b8ff8db85 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/network/dialer_linux.go @@ -0,0 +1,93 @@ +// +build linux + +package network + +import ( + "net" + "os" + "syscall" + "time" + + "golang.org/x/sys/unix" + + utilerrors "k8s.io/apimachinery/pkg/util/errors" +) + +func dialerWithDefaultOptions() DialContext { + nd := &net.Dialer{ + // TCP_USER_TIMEOUT does affect the behaviour of connect() which is controlled by this field so we set it to the same value + Timeout: 25 * time.Second, + // KeepAlive must to be set to a negative value to stop std library from applying the default values + // by doing so we ensure that the options we are interested in won't be overwritten + KeepAlive: time.Duration(-1), + Control: func(network, address string, con syscall.RawConn) error { + var errs []error + err := con.Control(func(fd uintptr) { + optionsErr := setDefaultSocketOptions(int(fd)) + if optionsErr != nil { + errs = append(errs, optionsErr) + } + }) + if err != nil { + errs = append(errs, err) + } + return utilerrors.NewAggregate(errs) + }, + } + return nd.DialContext +} + +// setDefaultSocketOptions sets custom socket options so that we can detect connections to an unhealthy (dead) peer quickly. +// In particular we set TCP_USER_TIMEOUT that specifies the maximum amount of time that transmitted data may remain +// unacknowledged before TCP will forcibly close the connection. +// +// Note +// TCP_USER_TIMEOUT can't be too low because a single dropped packet might drop the entire connection. +// Ideally it should be set to: TCP_KEEPIDLE + TCP_KEEPINTVL * TCP_KEEPCNT +func setDefaultSocketOptions(fd int) error { + // specifies the maximum amount of time in milliseconds that transmitted data may remain + // unacknowledged before TCP will forcibly close the corresponding connection and return ETIMEDOUT to the application + tcpUserTimeoutInMilliSeconds := int(25 * time.Second / time.Millisecond) + + // specifies the interval at which probes are sent in seconds + tcpKeepIntvl := int(roundDuration(5*time.Second, time.Second)) + + // specifies the threshold for sending the first KEEP ALIVE probe in seconds + tcpKeepIdle := int(roundDuration(2*time.Second, time.Second)) + + // enable keep-alive probes + if err := syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_KEEPALIVE, 1); err != nil { + return wrapSyscallError("setsockopt", err) + } + + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, unix.TCP_USER_TIMEOUT, tcpUserTimeoutInMilliSeconds); err != nil { + return wrapSyscallError("setsockopt", err) + } + + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_KEEPINTVL, tcpKeepIntvl); err != nil { + return wrapSyscallError("setsockopt", err) + } + + if err := syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_KEEPIDLE, tcpKeepIdle); err != nil { + return wrapSyscallError("setsockopt", err) + } + return nil +} + +// roundDurationUp rounds d to the next multiple of to. +// +// note that it was copied from the std library +func roundDuration(d time.Duration, to time.Duration) time.Duration { + return (d + to - 1) / to +} + +// wrapSyscallError takes an error and a syscall name. If the error is +// a syscall.Errno, it wraps it in a os.SyscallError using the syscall name. +// +// note that it was copied from the std library +func wrapSyscallError(name string, err error) error { + if _, ok := err.(syscall.Errno); ok { + err = os.NewSyscallError(name, err) + } + return err +} diff --git a/vendor/github.com/openshift/library-go/pkg/network/dialer_others.go b/vendor/github.com/openshift/library-go/pkg/network/dialer_others.go new file mode 100644 index 000000000..6519b0986 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/network/dialer_others.go @@ -0,0 +1,19 @@ +// +build !linux + +package network + +import ( + "net" + "time" + + "k8s.io/klog/v2" +) + +func dialerWithDefaultOptions() DialContext { + klog.V(2).Info("Creating the default network Dialer (unsupported platform). It may take up to 15 minutes to detect broken connections and establish a new one") + nd := &net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + } + return nd.DialContext +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/csi/csicontrollerset/csi_controller_set.go b/vendor/github.com/openshift/library-go/pkg/operator/csi/csicontrollerset/csi_controller_set.go index fa300075e..7c1e2655e 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/csi/csicontrollerset/csi_controller_set.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/csi/csicontrollerset/csi_controller_set.go @@ -116,6 +116,26 @@ func (c *CSIControllerSet) WithCSIDriverControllerService( kubeClient kubernetes.Interface, namespacedInformerFactory informers.SharedInformerFactory, optionalConfigInformer configinformers.SharedInformerFactory, +) *CSIControllerSet { + return c.WithCSIDriverControllerServiceWithExtraReplaces( + name, + assetFunc, + file, + kubeClient, + namespacedInformerFactory, + optionalConfigInformer, + nil, + ) +} + +func (c *CSIControllerSet) WithCSIDriverControllerServiceWithExtraReplaces( + name string, + assetFunc func(string) []byte, + file string, + kubeClient kubernetes.Interface, + namespacedInformerFactory informers.SharedInformerFactory, + optionalConfigInformer configinformers.SharedInformerFactory, + extraReplaces func() (map[string]string, error), ) *CSIControllerSet { manifestFile := assetFunc(file) c.csiDriverControllerServiceController = csidrivercontrollerservicecontroller.NewCSIDriverControllerServiceController( @@ -125,6 +145,7 @@ func (c *CSIControllerSet) WithCSIDriverControllerService( kubeClient, namespacedInformerFactory.Apps().V1().Deployments(), optionalConfigInformer, + extraReplaces, c.eventRecorder, ) return c diff --git a/vendor/github.com/openshift/library-go/pkg/operator/csi/csidrivercontrollerservicecontroller/csi_driver_controller_service_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/csi/csidrivercontrollerservicecontroller/csi_driver_controller_service_controller.go index 8851e9e77..320f1b149 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/csi/csidrivercontrollerservicecontroller/csi_driver_controller_service_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/csi/csidrivercontrollerservicecontroller/csi_driver_controller_service_controller.go @@ -2,6 +2,7 @@ package csidrivercontrollerservicecontroller import ( "context" + "fmt" "os" "strconv" "strings" @@ -79,6 +80,8 @@ type CSIDriverControllerServiceController struct { deployInformer appsinformersv1.DeploymentInformer // Optional, used by CSI drivers to tag volumes and snapshots optionalConfigInformer configinformers.SharedInformerFactory + // Optional, used to make custom replaces where the value may change at runtime + extraReplaces func() (map[string]string, error) } func NewCSIDriverControllerServiceController( @@ -88,6 +91,7 @@ func NewCSIDriverControllerServiceController( kubeClient kubernetes.Interface, deployInformer appsinformersv1.DeploymentInformer, optionalConfigInformer configinformers.SharedInformerFactory, + extraReplaces func() (map[string]string, error), recorder events.Recorder, ) factory.Controller { c := &CSIDriverControllerServiceController{ @@ -97,6 +101,7 @@ func NewCSIDriverControllerServiceController( kubeClient: kubeClient, deployInformer: deployInformer, optionalConfigInformer: optionalConfigInformer, + extraReplaces: extraReplaces, } informers := []factory.Informer{ @@ -147,7 +152,15 @@ func (c *CSIDriverControllerServiceController) sync(ctx context.Context, syncCon clusterID = infra.Status.InfrastructureName } - manifest := replacePlaceholders(c.manifest, opSpec, clusterID) + var extras map[string]string + if c.extraReplaces != nil { + e, err := c.extraReplaces() + if err != nil { + return err + } + extras = e + } + manifest := replacePlaceholders(c.manifest, opSpec, clusterID, extras) required := resourceread.ReadDeploymentV1OrDie(manifest) deployment, _, err := resourceapply.ApplyDeployment( @@ -219,7 +232,7 @@ func isProgressing(status *opv1.OperatorStatus, deployment *appsv1.Deployment) ( return false, "" } -func replacePlaceholders(manifest []byte, spec *opv1.OperatorSpec, clusterID string) []byte { +func replacePlaceholders(manifest []byte, spec *opv1.OperatorSpec, clusterID string, extras map[string]string) []byte { pairs := []string{} // Replace container images by env vars if they are set @@ -260,6 +273,10 @@ func replacePlaceholders(manifest []byte, spec *opv1.OperatorSpec, clusterID str logLevel := loglevel.LogLevelToVerbosity(spec.LogLevel) pairs = append(pairs, []string{"${LOG_LEVEL}", strconv.Itoa(logLevel)}...) + for k, v := range extras { + pairs = append(pairs, fmt.Sprintf("${%s}", k), v) + } + replaced := strings.NewReplacer(pairs...).Replace(string(manifest)) return []byte(replaced) } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/loglevel/logging_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/loglevel/logging_controller.go index 8e4cbd4f4..db4ed1734 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/loglevel/logging_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/loglevel/logging_controller.go @@ -29,7 +29,7 @@ func NewClusterOperatorLoggingController(operatorClient operatorv1helpers.Operat func NewClusterOperatorLoggingControllerWithLogLevel(operatorClient operatorv1helpers.OperatorClient, defaultLogLevel operatorv1.LogLevel, recorder events.Recorder) factory.Controller { c := &LogLevelController{ operatorClient: operatorClient, - setLogLevelFn: SetLogLEvel, + setLogLevelFn: SetLogLevel, getLogLevelFn: GetLogLevel, defaultLogLevel: defaultLogLevel, } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/loglevel/util.go b/vendor/github.com/openshift/library-go/pkg/operator/loglevel/util.go index 63e65aa9b..dc997370b 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/loglevel/util.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/loglevel/util.go @@ -60,9 +60,9 @@ func GetLogLevel() (operatorv1.LogLevel, bool) { } } -// SetLogLEvel is a nasty hack and attempt to manipulate the global flags as klog does not expose +// SetLogLevel is a nasty hack and attempt to manipulate the global flags as klog does not expose // a way to dynamically change the loglevel in runtime. -func SetLogLEvel(targetLevel operatorv1.LogLevel) error { +func SetLogLevel(targetLevel operatorv1.LogLevel) error { var level *klog.Level // Convert operator loglevel to klog numeric string diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go new file mode 100644 index 000000000..75d9d82a9 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go @@ -0,0 +1,140 @@ +package resourceapply + +import ( + "context" + "fmt" + + "github.com/openshift/library-go/pkg/operator/events" + "github.com/openshift/library-go/pkg/operator/resource/resourcemerge" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + admissionregistrationclientv1 "k8s.io/client-go/kubernetes/typed/admissionregistration/v1" + "k8s.io/klog/v2" + + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// ApplyMutatingWebhookConfiguration ensures the form of the specified +// mutatingwebhookconfiguration is present in the API. If it does not exist, +// it will be created. If it does exist, the metadata of the required +// mutatingwebhookconfiguration will be merged with the existing mutatingwebhookconfiguration +// and an update performed if the mutatingwebhookconfiguration spec and metadata differ from +// the previously required spec and metadata based on generation change. +func ApplyMutatingWebhookConfiguration(client admissionregistrationclientv1.MutatingWebhookConfigurationsGetter, recorder events.Recorder, + requiredOriginal *admissionregistrationv1.MutatingWebhookConfiguration, expectedGeneration int64) (*admissionregistrationv1.MutatingWebhookConfiguration, bool, error) { + + if requiredOriginal == nil { + return nil, false, fmt.Errorf("Unexpected nil instead of an object") + } + required := requiredOriginal.DeepCopy() + + existing, err := client.MutatingWebhookConfigurations().Get(context.TODO(), required.GetName(), metav1.GetOptions{}) + if apierrors.IsNotFound(err) { + actual, err := client.MutatingWebhookConfigurations().Create(context.TODO(), required, metav1.CreateOptions{}) + reportCreateEvent(recorder, required, err) + if err != nil { + return nil, false, err + } + return actual, true, nil + } else if err != nil { + return nil, false, err + } + + modified := resourcemerge.BoolPtr(false) + existingCopy := existing.DeepCopy() + + resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + if !*modified && existingCopy.GetGeneration() == expectedGeneration { + return existingCopy, false, nil + } + // at this point we know that we're going to perform a write. We're just trying to get the object correct + toWrite := existingCopy // shallow copy so the code reads easier + copyMutatingWebhookCABundle(existing, required) + toWrite.Webhooks = required.Webhooks + + klog.V(4).Infof("MutatingWebhookConfiguration %q changes: %v", required.GetNamespace()+"/"+required.GetName(), JSONPatchNoError(existing, toWrite)) + + actual, err := client.MutatingWebhookConfigurations().Update(context.TODO(), toWrite, metav1.UpdateOptions{}) + reportUpdateEvent(recorder, required, err) + if err != nil { + return nil, false, err + } + return actual, *modified || actual.GetGeneration() > existingCopy.GetGeneration(), nil +} + +// copyMutatingWebhookCABundle populates webhooks[].clientConfig.caBundle fields from existing resource if it was set before +// and is not set in present. This provides upgrade compatibility with service-ca-bundle operator. +func copyMutatingWebhookCABundle(from, to *admissionregistrationv1.MutatingWebhookConfiguration) { + fromMap := make(map[string]admissionregistrationv1.MutatingWebhook, len(from.Webhooks)) + for _, webhook := range from.Webhooks { + fromMap[webhook.Name] = webhook + } + + for i, wh := range to.Webhooks { + if existing, ok := fromMap[wh.Name]; ok && wh.ClientConfig.CABundle == nil { + to.Webhooks[i].ClientConfig.CABundle = existing.ClientConfig.CABundle + } + } +} + +// ApplyValidatingWebhookConfiguration ensures the form of the specified +// validatingwebhookconfiguration is present in the API. If it does not exist, +// it will be created. If it does exist, the metadata of the required +// validatingwebhookconfiguration will be merged with the existing validatingwebhookconfiguration +// and an update performed if the validatingwebhookconfiguration spec and metadata differ from +// the previously required spec and metadata based on generation change. +func ApplyValidatingWebhookConfiguration(client admissionregistrationclientv1.ValidatingWebhookConfigurationsGetter, recorder events.Recorder, + requiredOriginal *admissionregistrationv1.ValidatingWebhookConfiguration, expectedGeneration int64) (*admissionregistrationv1.ValidatingWebhookConfiguration, bool, error) { + if requiredOriginal == nil { + return nil, false, fmt.Errorf("Unexpected nil instead of an object") + } + required := requiredOriginal.DeepCopy() + + existing, err := client.ValidatingWebhookConfigurations().Get(context.TODO(), required.GetName(), metav1.GetOptions{}) + if apierrors.IsNotFound(err) { + actual, err := client.ValidatingWebhookConfigurations().Create(context.TODO(), required, metav1.CreateOptions{}) + reportCreateEvent(recorder, required, err) + if err != nil { + return nil, false, err + } + return actual, true, nil + } else if err != nil { + return nil, false, err + } + + modified := resourcemerge.BoolPtr(false) + existingCopy := existing.DeepCopy() + + resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + if !*modified && existingCopy.GetGeneration() == expectedGeneration { + return existingCopy, false, nil + } + // at this point we know that we're going to perform a write. We're just trying to get the object correct + toWrite := existingCopy // shallow copy so the code reads easier + copyValidatingWebhookCABundle(existing, required) + toWrite.Webhooks = required.Webhooks + + klog.V(4).Infof("ValidatingWebhookConfiguration %q changes: %v", required.GetNamespace()+"/"+required.GetName(), JSONPatchNoError(existing, toWrite)) + + actual, err := client.ValidatingWebhookConfigurations().Update(context.TODO(), toWrite, metav1.UpdateOptions{}) + reportUpdateEvent(recorder, required, err) + if err != nil { + return nil, false, err + } + return actual, *modified || actual.GetGeneration() > existingCopy.GetGeneration(), nil +} + +// copyValidatingWebhookCABundle populates webhooks[].clientConfig.caBundle fields from existing resource if it was set before +// and is not set in present. This provides upgrade compatibility with service-ca-bundle operator. +func copyValidatingWebhookCABundle(from, to *admissionregistrationv1.ValidatingWebhookConfiguration) { + fromMap := make(map[string]admissionregistrationv1.ValidatingWebhook, len(from.Webhooks)) + for _, webhook := range from.Webhooks { + fromMap[webhook.Name] = webhook + } + + for i, wh := range to.Webhooks { + if existing, ok := fromMap[wh.Name]; ok && wh.ClientConfig.CABundle == nil { + to.Webhooks[i].ClientConfig.CABundle = existing.ClientConfig.CABundle + } + } +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissions.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissions.go deleted file mode 100644 index 0edc44349..000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissions.go +++ /dev/null @@ -1,77 +0,0 @@ -package resourceapply - -import ( - "context" - - admissionv1 "k8s.io/api/admissionregistration/v1" - "k8s.io/apimachinery/pkg/api/equality" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - admissionclientv1 "k8s.io/client-go/kubernetes/typed/admissionregistration/v1" - "k8s.io/klog/v2" - - "github.com/openshift/library-go/pkg/operator/events" - "github.com/openshift/library-go/pkg/operator/resource/resourcemerge" -) - -// ApplyValidatingWebhookConfiguration merges objectmeta, update webhooks. -func ApplyValidatingWebhookConfiguration(client admissionclientv1.ValidatingWebhookConfigurationsGetter, recorder events.Recorder, required *admissionv1.ValidatingWebhookConfiguration) (*admissionv1.ValidatingWebhookConfiguration, bool, error) { - existing, err := client.ValidatingWebhookConfigurations().Get(context.TODO(), required.Name, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - actual, err := client.ValidatingWebhookConfigurations(). - Create(context.TODO(), required, metav1.CreateOptions{}) - reportCreateEvent(recorder, required, err) - return actual, true, err - } - if err != nil { - return nil, false, err - } - - modified := resourcemerge.BoolPtr(false) - existingCopy := existing.DeepCopy() - - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) - contentSame := equality.Semantic.DeepEqual(existingCopy.Webhooks, required.Webhooks) - if contentSame && !*modified { - return existingCopy, false, nil - } - - if klog.V(4).Enabled() { - klog.Infof("ValidatingWebhookConfiguration %q changes: %v", required.Name, JSONPatchNoError(existing, required)) - } - - actual, err := client.ValidatingWebhookConfigurations().Update(context.TODO(), required, metav1.UpdateOptions{}) - reportUpdateEvent(recorder, required, err) - return actual, true, err -} - -// ApplyMutatingWebhookConfiguration merges objectmeta, update webhooks. -func ApplyMutatingWebhookConfiguration(client admissionclientv1.MutatingWebhookConfigurationsGetter, recorder events.Recorder, required *admissionv1.MutatingWebhookConfiguration) (*admissionv1.MutatingWebhookConfiguration, bool, error) { - existing, err := client.MutatingWebhookConfigurations().Get(context.TODO(), required.Name, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - actual, err := client.MutatingWebhookConfigurations(). - Create(context.TODO(), required, metav1.CreateOptions{}) - reportCreateEvent(recorder, required, err) - return actual, true, err - } - if err != nil { - return nil, false, err - } - - modified := resourcemerge.BoolPtr(false) - existingCopy := existing.DeepCopy() - - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) - contentSame := equality.Semantic.DeepEqual(existingCopy.Webhooks, required.Webhooks) - if contentSame && !*modified { - return existingCopy, false, nil - } - - if klog.V(4).Enabled() { - klog.Infof("ValidatingWebhookConfiguration %q changes: %v", required.Name, JSONPatchNoError(existing, required)) - } - - actual, err := client.MutatingWebhookConfigurations().Update(context.TODO(), required, metav1.UpdateOptions{}) - reportUpdateEvent(recorder, required, err) - return actual, true, err -} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go index 43a4ce30f..7f62f87ab 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go @@ -9,7 +9,6 @@ import ( "github.com/openshift/api" "github.com/openshift/library-go/pkg/operator/events" - admissionv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" storagev1 "k8s.io/api/storage/v1" @@ -166,16 +165,6 @@ func ApplyDirectly(clients *ClientHolder, recorder events.Recorder, manifests As result.Error = fmt.Errorf("missing kubeClient") } result.Result, result.Changed, result.Error = ApplyCSIDriver(clients.kubeClient.StorageV1(), recorder, t) - case *admissionv1.ValidatingWebhookConfiguration: - if clients.kubeClient == nil { - result.Error = fmt.Errorf("missing kubeClient") - } - result.Result, result.Changed, result.Error = ApplyValidatingWebhookConfiguration(clients.kubeClient.AdmissionregistrationV1(), recorder, t) - case *admissionv1.MutatingWebhookConfiguration: - if clients.kubeClient == nil { - result.Error = fmt.Errorf("missing kubeClient") - } - result.Result, result.Changed, result.Error = ApplyMutatingWebhookConfiguration(clients.kubeClient.AdmissionregistrationV1(), recorder, t) default: result.Error = fmt.Errorf("unhandled type %T", requiredObj) } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go index 6525ca5eb..5b297eb7f 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go @@ -76,6 +76,9 @@ func ApplyServiceMonitor(client dynamic.Interface, recorder events.Recorder, ser recorder.Eventf("ServiceMonitorCreated", "Created ServiceMonitor.monitoring.coreos.com/v1 because it was missing") return true, nil } + if err != nil { + return false, err + } existingCopy := existing.DeepCopy() diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/admissionregistration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/admissionregistration.go new file mode 100644 index 000000000..2fcfd1394 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/admissionregistration.go @@ -0,0 +1,51 @@ +package resourcemerge + +import ( + operatorsv1 "github.com/openshift/api/operator/v1" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// ExpectedMutatingWebhooksConfiguration returns last applied generation for MutatingWebhookConfiguration resource registered in operator +func ExpectedMutatingWebhooksConfiguration(name string, previousGenerations []operatorsv1.GenerationStatus) int64 { + generation := GenerationFor(previousGenerations, schema.GroupResource{Group: admissionregistrationv1.SchemeGroupVersion.Group, Resource: "mutatingwebhookconfigurations"}, "", name) + if generation != nil { + return generation.LastGeneration + } + return -1 +} + +// SetMutatingWebhooksConfigurationGeneration updates operator generation status list with last applied generation for provided MutatingWebhookConfiguration resource +func SetMutatingWebhooksConfigurationGeneration(generations *[]operatorsv1.GenerationStatus, actual *admissionregistrationv1.MutatingWebhookConfiguration) { + if actual == nil { + return + } + SetGeneration(generations, operatorsv1.GenerationStatus{ + Group: admissionregistrationv1.SchemeGroupVersion.Group, + Resource: "mutatingwebhookconfigurations", + Name: actual.Name, + LastGeneration: actual.ObjectMeta.Generation, + }) +} + +// ExpectedValidatingWebhooksConfiguration returns last applied generation for ValidatingWebhookConfiguration resource registered in operator +func ExpectedValidatingWebhooksConfiguration(name string, previousGenerations []operatorsv1.GenerationStatus) int64 { + generation := GenerationFor(previousGenerations, schema.GroupResource{Group: admissionregistrationv1.SchemeGroupVersion.Group, Resource: "validatingwebhookconfigurations"}, "", name) + if generation != nil { + return generation.LastGeneration + } + return -1 +} + +// SetValidatingWebhooksConfigurationGeneration updates operator generation status list with last applied generation for provided ValidatingWebhookConfiguration resource +func SetValidatingWebhooksConfigurationGeneration(generations *[]operatorsv1.GenerationStatus, actual *admissionregistrationv1.ValidatingWebhookConfiguration) { + if actual == nil { + return + } + SetGeneration(generations, operatorsv1.GenerationStatus{ + Group: admissionregistrationv1.SchemeGroupVersion.Group, + Resource: "validatingwebhookconfigurations", + Name: actual.Name, + LastGeneration: actual.ObjectMeta.Generation, + }) +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/core.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/core.go index ac2b47758..daa27c7b5 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/core.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/core.go @@ -58,11 +58,19 @@ func ReadServiceV1OrDie(objBytes []byte) *corev1.Service { } func ReadPodV1OrDie(objBytes []byte) *corev1.Pod { - requiredObj, err := runtime.Decode(coreCodecs.UniversalDecoder(corev1.SchemeGroupVersion), objBytes) + requiredObj, err := ReadPodV1(objBytes) if err != nil { panic(err) } - return requiredObj.(*corev1.Pod) + return requiredObj +} + +func ReadPodV1(objBytes []byte) (*corev1.Pod, error) { + requiredObj, err := runtime.Decode(coreCodecs.UniversalDecoder(corev1.SchemeGroupVersion), objBytes) + if err != nil { + return nil, err + } + return requiredObj.(*corev1.Pod), nil } func WritePodV1OrDie(obj *corev1.Pod) string { diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go b/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go index ab767695f..1246ae863 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go @@ -117,10 +117,37 @@ func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime. } } - if !groupsSpecified && username != user.Anonymous { - // When impersonating a non-anonymous user, if no groups were specified - // include the system:authenticated group in the impersonated user info - groups = append(groups, user.AllAuthenticated) + if username != user.Anonymous { + // When impersonating a non-anonymous user, include the 'system:authenticated' group + // in the impersonated user info: + // - if no groups were specified + // - if a group has been specified other than 'system:authenticated' + // + // If 'system:unauthenticated' group has been specified we should not include + // the 'system:authenticated' group. + addAuthenticated := true + for _, group := range groups { + if group == user.AllAuthenticated || group == user.AllUnauthenticated { + addAuthenticated = false + break + } + } + + if addAuthenticated { + groups = append(groups, user.AllAuthenticated) + } + } else { + addUnauthenticated := true + for _, group := range groups { + if group == user.AllUnauthenticated { + addUnauthenticated = false + break + } + } + + if addUnauthenticated { + groups = append(groups, user.AllUnauthenticated) + } } newUser := &user.DefaultInfo{ diff --git a/vendor/k8s.io/client-go/tools/cache/controller.go b/vendor/k8s.io/client-go/tools/cache/controller.go index 916ca9cc1..3ad9b53bb 100644 --- a/vendor/k8s.io/client-go/tools/cache/controller.go +++ b/vendor/k8s.io/client-go/tools/cache/controller.go @@ -144,11 +144,11 @@ func (c *controller) Run(stopCh <-chan struct{}) { c.reflectorMutex.Unlock() var wg wait.Group - defer wg.Wait() wg.StartWithChannel(stopCh, r.Run) wait.Until(c.processLoop, time.Second, stopCh) + wg.Wait() } // Returns true once this controller has completed an initial resource listing diff --git a/vendor/k8s.io/client-go/tools/cache/reflector.go b/vendor/k8s.io/client-go/tools/cache/reflector.go index a92b36f2c..e995abe25 100644 --- a/vendor/k8s.io/client-go/tools/cache/reflector.go +++ b/vendor/k8s.io/client-go/tools/cache/reflector.go @@ -570,5 +570,26 @@ func isExpiredError(err error) bool { } func isTooLargeResourceVersionError(err error) bool { - return apierrors.HasStatusCause(err, metav1.CauseTypeResourceVersionTooLarge) + if apierrors.HasStatusCause(err, metav1.CauseTypeResourceVersionTooLarge) { + return true + } + // In Kubernetes 1.17.0-1.18.5, the api server doesn't set the error status cause to + // metav1.CauseTypeResourceVersionTooLarge to indicate that the requested minimum resource + // version is larger than the largest currently available resource version. To ensure backward + // compatibility with these server versions we also need to detect the error based on the content + // of the error message field. + if !apierrors.IsTimeout(err) { + return false + } + apierr, ok := err.(apierrors.APIStatus) + if !ok || apierr == nil || apierr.Status().Details == nil { + return false + } + for _, cause := range apierr.Status().Details.Causes { + // Matches the message returned by api server 1.17.0-1.18.5 for this error condition + if cause.Message == "Too large resource version" { + return true + } + } + return false } diff --git a/vendor/k8s.io/component-base/logs/registry.go b/vendor/k8s.io/component-base/logs/registry.go index 515bba280..c71899db6 100644 --- a/vendor/k8s.io/component-base/logs/registry.go +++ b/vendor/k8s.io/component-base/logs/registry.go @@ -18,6 +18,7 @@ package logs import ( "fmt" + "sort" "github.com/go-logr/logr" json "k8s.io/component-base/logs/json" @@ -84,12 +85,13 @@ func (lfr *LogFormatRegistry) Delete(name string) error { return nil } -// List names of registered log formats +// List names of registered log formats (sorted) func (lfr *LogFormatRegistry) List() []string { formats := make([]string, 0, len(lfr.registry)) for f := range lfr.registry { formats = append(formats, f) } + sort.Strings(formats) return formats } diff --git a/vendor/modules.txt b/vendor/modules.txt index d26b4fc25..c5eb7b928 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -96,7 +96,7 @@ github.com/modern-go/concurrent github.com/modern-go/reflect2 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 github.com/munnerz/goautoneg -# github.com/openshift/api v0.0.0-20200827090112-c05698d102cf +# github.com/openshift/api v0.0.0-20201019163320-c6a5ec25f267 ## explicit github.com/openshift/api github.com/openshift/api/apps @@ -148,7 +148,7 @@ github.com/openshift/api/template github.com/openshift/api/template/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 +# github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab ## explicit github.com/openshift/build-machinery-go github.com/openshift/build-machinery-go/make @@ -158,7 +158,7 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5 +# github.com/openshift/client-go v0.0.0-20201020074620-f8fd44879f7c ## explicit github.com/openshift/client-go/config/clientset/versioned github.com/openshift/client-go/config/clientset/versioned/scheme @@ -168,7 +168,7 @@ github.com/openshift/client-go/config/informers/externalversions/config github.com/openshift/client-go/config/informers/externalversions/config/v1 github.com/openshift/client-go/config/informers/externalversions/internalinterfaces github.com/openshift/client-go/config/listers/config/v1 -# github.com/openshift/library-go v0.0.0-20201006115306-ed636feadb9c +# github.com/openshift/library-go v0.0.0-20201006115306-ed636feadb9c => github.com/staebler/library-go v0.0.0-20201207154726-5bb9578833aa ## explicit github.com/openshift/library-go/pkg/config/client github.com/openshift/library-go/pkg/config/configdefaults @@ -179,6 +179,7 @@ github.com/openshift/library-go/pkg/controller/factory github.com/openshift/library-go/pkg/controller/fileobserver github.com/openshift/library-go/pkg/controller/metrics github.com/openshift/library-go/pkg/crypto +github.com/openshift/library-go/pkg/network github.com/openshift/library-go/pkg/operator/condition github.com/openshift/library-go/pkg/operator/csi/credentialsrequestcontroller github.com/openshift/library-go/pkg/operator/csi/csicontrollerset @@ -383,7 +384,7 @@ gopkg.in/inf.v0 gopkg.in/natefinch/lumberjack.v2 # gopkg.in/yaml.v2 v2.3.0 gopkg.in/yaml.v2 -# k8s.io/api v0.19.0 +# k8s.io/api v0.19.2 ## explicit k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -429,7 +430,7 @@ k8s.io/api/settings/v1alpha1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.19.0 +# k8s.io/apiextensions-apiserver v0.19.2 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1 @@ -437,7 +438,7 @@ k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1 -# k8s.io/apimachinery v0.19.0 +# k8s.io/apimachinery v0.19.2 ## explicit k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -491,7 +492,7 @@ k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.19.0 +# k8s.io/apiserver v0.19.2 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration k8s.io/apiserver/pkg/admission/initializer @@ -612,7 +613,7 @@ k8s.io/apiserver/plugin/pkg/audit/truncate k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/client-go v0.19.0 +# k8s.io/client-go v0.19.2 ## explicit k8s.io/client-go/discovery k8s.io/client-go/discovery/fake @@ -829,7 +830,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.19.0 +# k8s.io/component-base v0.19.2 ## explicit k8s.io/component-base/cli/flag k8s.io/component-base/featuregate @@ -842,7 +843,7 @@ k8s.io/component-base/version # k8s.io/klog/v2 v2.3.0 ## explicit k8s.io/klog/v2 -# k8s.io/kube-aggregator v0.19.0 +# k8s.io/kube-aggregator v0.19.2 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1 @@ -873,3 +874,4 @@ sigs.k8s.io/structured-merge-diff/v4/typed sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.2.0 sigs.k8s.io/yaml +# github.com/openshift/library-go => github.com/staebler/library-go v0.0.0-20201207154726-5bb9578833aa