diff --git a/go.mod b/go.mod index dfadc4d82..18965a653 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/ghodss/yaml v1.0.0 github.com/google/go-cmp v0.5.6 github.com/google/uuid v1.2.0 - github.com/openshift/api v0.0.0-20220919112502-5eaf4250c423 + github.com/openshift/api v0.0.0-20221207195358-a671aa80d995 github.com/openshift/client-go v0.0.0-20220915152853-9dfefb19db2e github.com/openshift/library-go v0.0.0-20221012165547-f859132ee700 github.com/operator-framework/api v0.17.1 diff --git a/go.sum b/go.sum index 342a37dfb..82a56d7ae 100644 --- a/go.sum +++ b/go.sum @@ -217,8 +217,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY= github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= -github.com/openshift/api v0.0.0-20220919112502-5eaf4250c423 h1:6fJUUaZPDaTFCFLZ8ZgdaVaclzmerN6lb9ya17O3GGo= -github.com/openshift/api v0.0.0-20220919112502-5eaf4250c423/go.mod h1:HJAEIh4gLXPDdWxgCbvmJjzd9QIxyPZJtPU0u2W4vH4= +github.com/openshift/api v0.0.0-20221207195358-a671aa80d995 h1:pPxxrUWeT7mB/ujSfQ7jkfdjFCgjcnsP/uTRU5FcCpk= +github.com/openshift/api v0.0.0-20221207195358-a671aa80d995/go.mod h1:OW9hi5XDXOQWm/kRqUww6RVxZSf0nqrS4heerSmHBC4= github.com/openshift/client-go v0.0.0-20220915152853-9dfefb19db2e h1:ab+BJg7h50pi2/rbMkDSXfYx8w80HLmr7NBs8H1hEvU= github.com/openshift/client-go v0.0.0-20220915152853-9dfefb19db2e/go.mod h1:e+TTiBDGWB3O3p3iAzl054x3cZDWhrZ5+jxJRCdEFkA= github.com/openshift/library-go v0.0.0-20221012165547-f859132ee700 h1:oMpH9KrXW4taP3OGgofy7tLOHc6I14B5uplnqJ6vr8c= diff --git a/lib/validation/validation.go b/lib/validation/validation.go index 93223a15e..686ed16c9 100644 --- a/lib/validation/validation.go +++ b/lib/validation/validation.go @@ -32,17 +32,20 @@ func ValidateClusterVersion(config *configv1.ClusterVersion) field.ErrorList { } if u := config.Spec.DesiredUpdate; u != nil { switch { - case len(u.Version) == 0 && len(u.Image) == 0: - errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate", "version"), "must specify version or image")) + case len(u.Architecture) == 0 && len(u.Version) == 0 && len(u.Image) == 0: + errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate"), "must specify architecture, version, or image")) case len(u.Version) > 0 && !validSemVer(u.Version): - errs = append(errs, field.Invalid(field.NewPath("spec", "desiredUpdate", "version"), u.Version, "must be a semantic version (1.2.3[-...])")) + errs = append(errs, field.Invalid(field.NewPath("spec", "desiredUpdate", "version"), u.Version, + "must be a semantic version (1.2.3[-...])")) case len(u.Version) > 0 && len(u.Image) == 0: switch countPayloadsForVersion(config, u.Version) { case 0: - errs = append(errs, field.Invalid(field.NewPath("spec", "desiredUpdate", "version"), u.Version, "when image is empty the update must be a previous version or an available update")) + errs = append(errs, field.Invalid(field.NewPath("spec", "desiredUpdate", "version"), u.Version, + "when image is empty the update must be a previous version or an available update")) case 1: default: - errs = append(errs, field.Invalid(field.NewPath("spec", "desiredUpdate", "version"), u.Version, "there are multiple possible payloads for this version, specify the exact image")) + errs = append(errs, field.Invalid(field.NewPath("spec", "desiredUpdate", "version"), u.Version, + "there are multiple possible payloads for this version, specify the exact image")) } } } diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go index 2a8ce8cf2..edb485865 100644 --- a/pkg/autoupdate/autoupdate.go +++ b/pkg/autoupdate/autoupdate.go @@ -176,8 +176,9 @@ func (ctrl *Controller) sync(ctx context.Context, key string) error { } up := nextUpdate(clusterversion.Status.AvailableUpdates) clusterversion.Spec.DesiredUpdate = &v1.Update{ - Version: up.Version, - Image: up.Image, + Architecture: clusterversion.Spec.DesiredUpdate.Architecture, + Version: up.Version, + Image: up.Image, } _, updated, err := resourceapply.ApplyClusterVersionFromCache(ctx, ctrl.cvLister, ctrl.client.ConfigV1(), clusterversion) diff --git a/pkg/cincinnati/cincinnati.go b/pkg/cincinnati/cincinnati.go index 9cdc00e3e..da6af046e 100644 --- a/pkg/cincinnati/cincinnati.go +++ b/pkg/cincinnati/cincinnati.go @@ -57,20 +57,31 @@ func (err *Error) Error() string { } // GetUpdates fetches the current and next-applicable update payloads from the specified -// upstream Cincinnati stack given the current version and channel. The command: +// upstream Cincinnati stack given the current version, desired architecture, and channel. +// The command: // -// 1. Downloads the update graph from the requested URI for the requested arch and channel. +// 1. Downloads the update graph from the requested URI for the requested desired arch and channel. // 2. Finds the current version entry under .nodes. -// 3. Finds recommended next-hop updates by searching .edges for updates from the current +// 3. If a transition from single to multi architecture has been requested, the only valid +// version is the current version so it's returned. +// 4. Finds recommended next-hop updates by searching .edges for updates from the current // version. Returns a slice of target Releases with these unconditional recommendations. -// 4. Finds conditionally recommended next-hop updates by searching .conditionalEdges for +// 5. Finds conditionally recommended next-hop updates by searching .conditionalEdges for // updates from the current version. Returns a slice of ConditionalUpdates with these // conditional recommendations. -func (c Client) GetUpdates(ctx context.Context, uri *url.URL, arch string, channel string, version semver.Version) (configv1.Release, []configv1.Release, []configv1.ConditionalUpdate, error) { +func (c Client) GetUpdates(ctx context.Context, uri *url.URL, desiredArch, currentArch, channel string, + version semver.Version) (configv1.Release, []configv1.Release, []configv1.ConditionalUpdate, error) { + var current configv1.Release + + releaseArch := desiredArch + if desiredArch == string(configv1.ClusterVersionArchitectureMulti) { + releaseArch = "multi" + } + // Prepare parametrized cincinnati query. queryParams := uri.Query() - queryParams.Add("arch", arch) + queryParams.Add("arch", releaseArch) queryParams.Add("channel", channel) queryParams.Add("id", c.id.String()) queryParams.Add("version", version.String()) @@ -138,6 +149,12 @@ func (c Client) GetUpdates(ctx context.Context, uri *url.URL, arch string, chann Message: fmt.Sprintf("invalid current node: %s", err), } } + + // Migrating from single to multi architecture. Only valid update for required heterogeneous graph + // is heterogeneous version of current version. + if desiredArch == string(configv1.ClusterVersionArchitectureMulti) && currentArch != desiredArch { + return current, []configv1.Release{current}, nil, nil + } break } } diff --git a/pkg/cincinnati/cincinnati_test.go b/pkg/cincinnati/cincinnati_test.go index 28b8193cc..55c97b4ae 100644 --- a/pkg/cincinnati/cincinnati_test.go +++ b/pkg/cincinnati/cincinnati_test.go @@ -20,11 +20,12 @@ import ( func TestGetUpdates(t *testing.T) { clientID := uuid.Must(uuid.Parse("01234567-0123-0123-0123-0123456789ab")) - arch := "test-arch" channelName := "test-channel" tests := []struct { - name string - version string + name string + version string + arch string + currentArch string expectedQuery string graph string @@ -171,6 +172,146 @@ func TestGetUpdates(t *testing.T) { URL: "https://example.com/errata/4.1.0-0.okd-0", Channels: []string{"channel-a", "test-channel"}, }, + }, { + name: "single to multi arch, only current version available", + version: "4.1.2", + arch: "Multi", + currentArch: "test-arch", + graph: `{ + "nodes": [ + { + "version": "4.1.0", + "payload": "quay.io/openshift-release-dev/ocp-release:4.1.0", + "metadata": { + "url": "https://example.com/errata/4.1.0", + "io.openshift.upgrades.graph.release.channels": "test-channel" + } + }, + { + "version": "4.1.1", + "payload": "quay.io/openshift-release-dev/ocp-release:4.1.1", + "metadata": { + "url": "https://example.com/errata/4.1.1", + "io.openshift.upgrades.graph.release.channels": "test-channel" + } + }, + { + "version": "4.1.2", + "payload": "quay.io/openshift-release-dev/ocp-release:4.1.2", + "metadata": { + "url": "https://example.com/errata/4.1.2", + "io.openshift.upgrades.graph.release.channels": "test-channel" + } + }, + { + "version": "4.1.3", + "payload": "quay.io/openshift-release-dev/ocp-release:4.1.3", + "metadata": { + "url": "https://example.com/errata/4.1.3", + "io.openshift.upgrades.graph.release.channels": "test-channel" + } + } + ], + "edges": [[0,1]] +}`, + expectedQuery: "arch=multi&channel=test-channel&id=01234567-0123-0123-0123-0123456789ab&version=4.1.2", + current: configv1.Release{ + Version: "4.1.2", + Image: "quay.io/openshift-release-dev/ocp-release:4.1.2", + URL: "https://example.com/errata/4.1.2", + Channels: []string{"test-channel"}, + }, + available: []configv1.Release{ + { + Version: "4.1.2", + Image: "quay.io/openshift-release-dev/ocp-release:4.1.2", + URL: "https://example.com/errata/4.1.2", + Channels: []string{"test-channel"}, + }, + }, + }, { + name: "single to multi arch, current version not found", + version: "4.1.2", + arch: "Multi", + currentArch: "test-arch", + graph: `{ + "nodes": [ + { + "version": "4.1.0", + "payload": "quay.io/openshift-release-dev/ocp-release:4.1.0", + "metadata": { + "url": "https://example.com/errata/4.1.0", + "io.openshift.upgrades.graph.release.channels": "test-channel" + } + }, + { + "version": "4.1.1", + "payload": "quay.io/openshift-release-dev/ocp-release:4.1.1", + "metadata": { + "url": "https://example.com/errata/4.1.1", + "io.openshift.upgrades.graph.release.channels": "test-channel" + } + }, + { + "version": "4.1.3", + "payload": "quay.io/openshift-release-dev/ocp-release:4.1.3", + "metadata": { + "url": "https://example.com/errata/4.1.3", + "io.openshift.upgrades.graph.release.channels": "test-channel" + } + } + ], + "edges": [[0,1]] +}`, + expectedQuery: "arch=multi&channel=test-channel&id=01234567-0123-0123-0123-0123456789ab&version=4.1.2", + current: configv1.Release{ + Version: "4.1.2", + Image: "quay.io/openshift-release-dev/ocp-release:4.1.2", + URL: "https://example.com/errata/4.1.2", + Channels: []string{"test-channel"}, + }, + err: "VersionNotFound: currently reconciling cluster version 4.1.2 not found in the \"test-channel\" channel", + }, { + name: "multi to multi arch, one update available", + version: "4.1.0", + arch: "Multi", + currentArch: "Multi", + graph: `{ + "nodes": [ + { + "version": "4.1.0", + "payload": "quay.io/openshift-release-dev/ocp-release:4.1.0", + "metadata": { + "url": "https://example.com/errata/4.1.0", + "io.openshift.upgrades.graph.release.channels": "test-channel,channel-a" + } + }, + { + "version": "4.1.1", + "payload": "quay.io/openshift-release-dev/ocp-release:4.1.1", + "metadata": { + "url": "https://example.com/errata/4.1.1", + "io.openshift.upgrades.graph.release.channels": "test-channel" + } + } + ], + "edges": [[0,1]] +}`, + expectedQuery: "arch=multi&channel=test-channel&id=01234567-0123-0123-0123-0123456789ab&version=4.1.0", + current: configv1.Release{ + Version: "4.1.0", + Image: "quay.io/openshift-release-dev/ocp-release:4.1.0", + URL: "https://example.com/errata/4.1.0", + Channels: []string{"channel-a", "test-channel"}, + }, + available: []configv1.Release{ + { + Version: "4.1.1", + Image: "quay.io/openshift-release-dev/ocp-release:4.1.1", + URL: "https://example.com/errata/4.1.1", + Channels: []string{"test-channel"}, + }, + }, }, { name: "conditional updates available", version: "4.1.0", @@ -611,7 +752,13 @@ func TestGetUpdates(t *testing.T) { t.Fatal(err) } - current, updates, conditionalUpdates, err := c.GetUpdates(context.Background(), uri, arch, channelName, semver.MustParse(test.version)) + if test.arch == "" { + test.arch = "test-arch" + } + if test.currentArch == "" { + test.currentArch = test.arch + } + current, updates, conditionalUpdates, err := c.GetUpdates(context.Background(), uri, test.arch, test.currentArch, channelName, semver.MustParse(test.version)) if test.err == "" { if err != nil { t.Fatalf("expected nil error, got: %v", err) diff --git a/pkg/cvo/availableupdates.go b/pkg/cvo/availableupdates.go index 8c24a79a2..54f50e491 100644 --- a/pkg/cvo/availableupdates.go +++ b/pkg/cvo/availableupdates.go @@ -37,7 +37,12 @@ func (optr *Operator) syncAvailableUpdates(ctx context.Context, config *configv1 } channel := config.Spec.Channel - arch := optr.getArchitecture() + desiredArch := optr.getDesiredArchitecture(config.Spec.DesiredUpdate) + currentArch := optr.getArchitecture() + + if desiredArch == "" { + desiredArch = currentArch + } // updates are only checked at most once per minimumUpdateCheckInterval or if the generation changes u := optr.getAvailableUpdates() @@ -47,9 +52,9 @@ func (optr *Operator) syncAvailableUpdates(ctx context.Context, config *configv1 klog.V(2).Infof("Retrieving available updates again, because more than %s has elapsed since %s", optr.minimumUpdateCheckInterval, u.LastAttempt) } else if channel != u.Channel { klog.V(2).Infof("Retrieving available updates again, because the channel has changed from %q to %q", u.Channel, channel) - } else if arch != u.Architecture { + } else if desiredArch != u.Architecture { klog.V(2).Infof("Retrieving available updates again, because the architecture has changed from %q to %q", - u.Architecture, arch) + u.Architecture, desiredArch) } else if upstream == u.Upstream || (upstream == optr.defaultUpstreamServer && u.Upstream == "") { klog.V(2).Infof("Available updates were recently retrieved, with less than %s elapsed since %s, will try later.", optr.minimumUpdateCheckInterval, u.LastAttempt) return nil @@ -62,7 +67,8 @@ func (optr *Operator) syncAvailableUpdates(ctx context.Context, config *configv1 return err } - current, updates, conditionalUpdates, condition := calculateAvailableUpdatesStatus(ctx, string(config.Spec.ClusterID), transport, upstream, arch, channel, optr.release.Version) + current, updates, conditionalUpdates, condition := calculateAvailableUpdatesStatus(ctx, string(config.Spec.ClusterID), + transport, upstream, desiredArch, currentArch, channel, optr.release.Version) if usedDefaultUpstream { upstream = "" @@ -71,7 +77,7 @@ func (optr *Operator) syncAvailableUpdates(ctx context.Context, config *configv1 au := &availableUpdates{ Upstream: upstream, Channel: config.Spec.Channel, - Architecture: arch, + Architecture: desiredArch, Current: current, Updates: updates, ConditionalUpdates: conditionalUpdates, @@ -198,7 +204,17 @@ func (optr *Operator) SetArchitecture(architecture string) { optr.architecture = architecture } -func calculateAvailableUpdatesStatus(ctx context.Context, clusterID string, transport *http.Transport, upstream, arch, channel, version string) (configv1.Release, []configv1.Release, []configv1.ConditionalUpdate, configv1.ClusterOperatorStatusCondition) { +func (optr *Operator) getDesiredArchitecture(update *configv1.Update) string { + if update != nil { + return string(update.Architecture) + } + return "" +} + +func calculateAvailableUpdatesStatus(ctx context.Context, clusterID string, transport *http.Transport, upstream, desiredArch, + currentArch, channel, version string) (configv1.Release, []configv1.Release, []configv1.ConditionalUpdate, + configv1.ClusterOperatorStatusCondition) { + var cvoCurrent configv1.Release if len(upstream) == 0 { return cvoCurrent, nil, nil, configv1.ClusterOperatorStatusCondition{ @@ -223,10 +239,10 @@ func calculateAvailableUpdatesStatus(ctx context.Context, clusterID string, tran } } - if len(arch) == 0 { + if len(desiredArch) == 0 { return cvoCurrent, nil, nil, configv1.ClusterOperatorStatusCondition{ Type: configv1.RetrievedUpdates, Status: configv1.ConditionFalse, Reason: noArchitecture, - Message: "The set of architectures has not been configured.", + Message: "Architecture has not been configured.", } } @@ -253,7 +269,9 @@ func calculateAvailableUpdatesStatus(ctx context.Context, clusterID string, tran } } - current, updates, conditionalUpdates, err := cincinnati.NewClient(uuid, transport).GetUpdates(ctx, upstreamURI, arch, channel, currentVersion) + current, updates, conditionalUpdates, err := cincinnati.NewClient(uuid, transport).GetUpdates(ctx, upstreamURI, desiredArch, + currentArch, channel, currentVersion) + if err != nil { klog.V(2).Infof("Upstream server %s could not return available updates: %v", upstream, err) if updateError, ok := err.(*cincinnati.Error); ok { diff --git a/pkg/cvo/cvo.go b/pkg/cvo/cvo.go index 82538be81..a8a7b7d37 100644 --- a/pkg/cvo/cvo.go +++ b/pkg/cvo/cvo.go @@ -591,7 +591,7 @@ func (optr *Operator) sync(ctx context.Context, key string) error { config := validation.ClearInvalidFields(original, errs) // identify the desired next version - desired, ok := findUpdateFromConfig(config) + desired, ok := findUpdateFromConfig(config, optr.getArchitecture()) if ok { klog.V(2).Infof("Desired version from spec is %#v", desired) } else { diff --git a/pkg/cvo/cvo_test.go b/pkg/cvo/cvo_test.go index ea8030410..3c6045de5 100644 --- a/pkg/cvo/cvo_test.go +++ b/pkg/cvo/cvo_test.go @@ -2397,7 +2397,7 @@ func TestOperator_availableUpdatesSync(t *testing.T) { Type: configv1.RetrievedUpdates, Status: configv1.ConditionFalse, Reason: noArchitecture, - Message: "The set of architectures has not been configured.", + Message: "Architecture has not been configured.", }, }, }, diff --git a/pkg/cvo/testdata/payloadtestarch/manifests/.gitkeep b/pkg/cvo/testdata/payloadtestarch/manifests/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/pkg/cvo/testdata/payloadtestarch/release-manifests/0000_10_a_file.json b/pkg/cvo/testdata/payloadtestarch/release-manifests/0000_10_a_file.json new file mode 100644 index 000000000..ef893be00 --- /dev/null +++ b/pkg/cvo/testdata/payloadtestarch/release-manifests/0000_10_a_file.json @@ -0,0 +1,10 @@ +{ + "kind": "Test", + "apiVersion": "v1", + "metadata": { + "name": "file", + "annotations": { + "include.release.openshift.io/self-managed-high-availability": "true" + } + } +} \ No newline at end of file diff --git a/pkg/cvo/testdata/payloadtestarch/release-manifests/image-references b/pkg/cvo/testdata/payloadtestarch/release-manifests/image-references new file mode 100644 index 000000000..781a25f19 --- /dev/null +++ b/pkg/cvo/testdata/payloadtestarch/release-manifests/image-references @@ -0,0 +1,4 @@ +kind: ImageStream +apiVersion: image.openshift.io/v1 +metadata: + name: 1.0.0-abc \ No newline at end of file diff --git a/pkg/cvo/testdata/payloadtestarch/release-manifests/release-metadata b/pkg/cvo/testdata/payloadtestarch/release-manifests/release-metadata new file mode 100644 index 000000000..a646016d0 --- /dev/null +++ b/pkg/cvo/testdata/payloadtestarch/release-manifests/release-metadata @@ -0,0 +1,13 @@ +{ + "kind": "cincinnati-metadata-v0", + "version": "1.0.0-abc", + "previous": [ + "1.1.1", + "1.2.2" + ], + "metadata": { + "url": "https://example.com/v1.0.0-abc", + "io.openshift.upgrades.graph.release.channels": "channel-c,channel-a,channel-b", + "release.openshift.io/architecture": "multi" + } +} diff --git a/pkg/cvo/updatepayload.go b/pkg/cvo/updatepayload.go index 7b2d1c79a..186585665 100644 --- a/pkg/cvo/updatepayload.go +++ b/pkg/cvo/updatepayload.go @@ -314,15 +314,25 @@ func (r *payloadRetriever) pruneJobs(ctx context.Context, retain int) error { return nil } -// findUpdateFromConfig identifies a desired update from user input or returns false. It will -// resolve payload if the user specifies a version and a matching available update. -func findUpdateFromConfig(config *configv1.ClusterVersion) (configv1.Update, bool) { +// findUpdateFromConfig identifies a desired update from user input or returns false. If +// image is specified it simply returns the desired update since image will be used. If +// the desired architecture is changed to multi it resolves the payload using the current +// version since that's the only valid available update. Otherwise it attempts to resolve +// the payload using the specified desired version. +func findUpdateFromConfig(config *configv1.ClusterVersion, currentArch string) (configv1.Update, bool) { update := config.Spec.DesiredUpdate if update == nil { return configv1.Update{}, false } if len(update.Image) == 0 { - return findUpdateFromConfigVersion(config, update.Version, update.Force) + version := update.Version + + // Architecture changed to multi so only valid update is the multi arch version of current version + if update.Architecture == configv1.ClusterVersionArchitectureMulti && + currentArch != string(configv1.ClusterVersionArchitectureMulti) { + version = config.Status.Desired.Version + } + return findUpdateFromConfigVersion(config, version, update.Force) } return *update, true } diff --git a/pkg/payload/payload.go b/pkg/payload/payload.go index 51b1bd023..8068cb3bb 100644 --- a/pkg/payload/payload.go +++ b/pkg/payload/payload.go @@ -69,8 +69,8 @@ const ( // error conditions. PrecreatingPayload - // heterogeneousArchitectureID identifies a payload architecture as heterogeneous. - heterogeneousArchitectureID = "multi" + // releaseMultiArchID identifies a multi architecture release. + releaseMultiArchID = "multi" ) // Initializing is true if the state is InitializingPayload. @@ -388,13 +388,13 @@ func loadReleaseFromMetadata(releaseDir string) (configv1.Release, string, error var arch string if archInterface, ok := metadata.Metadata["release.openshift.io/architecture"]; ok { if archString, ok := archInterface.(string); ok { - if archString == heterogeneousArchitectureID { - arch = archString + if archString == releaseMultiArchID { + arch = string(configv1.ClusterVersionArchitectureMulti) } else { return release, "", fmt.Errorf("Architecture from %s (%s) contains invalid value: %q. Valid value is %q.", - cincinnatiJSONFile, release.Version, archString, heterogeneousArchitectureID) + cincinnatiJSONFile, release.Version, archString, releaseMultiArchID) } - klog.V(2).Infof("Architecture from %s (%s) is heterogeneous: %q", cincinnatiJSONFile, release.Version, arch) + klog.V(2).Infof("Architecture from %s (%s) is multi: %q", cincinnatiJSONFile, release.Version, archString) } else { return release, "", fmt.Errorf("Architecture from %s (%s) is not a string: %v", cincinnatiJSONFile, release.Version, archInterface) diff --git a/pkg/payload/payload_test.go b/pkg/payload/payload_test.go index 77bd7ef1b..29d4bf399 100644 --- a/pkg/payload/payload_test.go +++ b/pkg/payload/payload_test.go @@ -144,6 +144,81 @@ func TestLoadUpdate(t *testing.T) { } } +func TestLoadUpdateArchitecture(t *testing.T) { + type args struct { + dir string + releaseImage string + } + tests := []struct { + name string + args args + want *Update + wantErr bool + }{ + { + name: "set Multi architecture from payload metadata", + args: args{ + dir: filepath.Join("..", "cvo", "testdata", "payloadtestarch"), + releaseImage: "image:1", + }, + want: &Update{ + Release: configv1.Release{ + Version: "1.0.0-abc", + Image: "image:1", + URL: configv1.URL("https://example.com/v1.0.0-abc"), + Channels: []string{"channel-a", "channel-b", "channel-c"}, + }, + ImageRef: &imagev1.ImageStream{ + TypeMeta: metav1.TypeMeta{ + Kind: "ImageStream", + APIVersion: "image.openshift.io/v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "1.0.0-abc", + }, + }, + Architecture: "Multi", + ManifestHash: "fvnVhLw92pE=", + Manifests: []manifest.Manifest{ + { + OriginalFilename: "0000_10_a_file.json", + Raw: mustRead(filepath.Join("..", "cvo", "testdata", "payloadtestarch", "release-manifests", "0000_10_a_file.json")), + GVK: schema.GroupVersionKind{ + Kind: "Test", + Version: "v1", + }, + Obj: &unstructured.Unstructured{ + Object: map[string]interface{}{ + "kind": "Test", + "apiVersion": "v1", + "metadata": map[string]interface{}{ + "name": "file", + "annotations": map[string]interface{}{"include.release.openshift.io/self-managed-high-availability": "true"}, + }, + }, + }, + }, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := LoadUpdate(tt.args.dir, tt.args.releaseImage, "exclude-test", "", DefaultClusterProfile, nil) + if (err != nil) != tt.wantErr { + t.Errorf("loadUpdatePayload() error = %v, wantErr %v", err, tt.wantErr) + return + } + // Manifest holds an unexported type of 'resourceID' with a field name of 'id' + // DeepEqual fails, so here we use cmp.Diff to ignore just that field to avoid false positives + stringDiff := cmp.Diff(tt.want, got, cmpopts.IgnoreFields(manifest.Manifest{}, "id")) + if !reflect.DeepEqual(got, tt.want) && stringDiff != "" { + t.Errorf("loadUpdatePayload() = %s", stringDiff) + } + }) + } +} + func TestGetImplicitlyEnabledCapabilities(t *testing.T) { const testsPath = "../cvo/testdata/payloadcapabilitytest/" diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml index 3baf5a456..f2e2cc365 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml @@ -13,155 +13,125 @@ spec: listKind: ClusterOperatorList plural: clusteroperators shortNames: - - co + - co singular: clusteroperator scope: Cluster versions: - - additionalPrinterColumns: - - description: The version the operator is at. - jsonPath: .status.versions[?(@.name=="operator")].version - name: Version - type: string - - description: Whether the operator is running and stable. - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - description: Whether the operator is processing changes. - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - description: Whether the operator is degraded. - jsonPath: .status.conditions[?(@.type=="Degraded")].status - name: Degraded - type: string - - description: The time the operator's Available status last changed. - jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime - name: Since - type: date - name: v1 - schema: - openAPIV3Schema: - description: "ClusterOperator is the Custom Resource object which holds the - current state of an operator. This object is used by operators to convey - their state to the rest of the cluster. \n Compatibility level 1: Stable - within a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds configuration that could apply to any operator. - type: object - status: - description: status holds the information about the state of an operator. It - is consistent with status information across the Kubernetes ecosystem. - properties: - conditions: - description: conditions describes the state of the operator's managed - and monitored components. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type + - additionalPrinterColumns: + - description: The version the operator is at. + jsonPath: .status.versions[?(@.name=="operator")].version + name: Version + type: string + - description: Whether the operator is running and stable. + jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - description: Whether the operator is processing changes. + jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - description: Whether the operator is degraded. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: The time the operator's Available status last changed. + jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime + name: Since + type: date + name: v1 + schema: + openAPIV3Schema: + description: "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds configuration that could apply to any operator. + type: object + status: + description: status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem. + type: object + properties: + conditions: + description: conditions describes the state of the operator's managed and monitored components. + type: array + items: + description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update to the current status property. + type: string + format: date-time + message: + description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + extension: + description: extension contains any additional status information specific to the operator which owns this status object. type: object - type: array - extension: - description: extension contains any additional status information - specific to the operator which owns this status object. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - relatedObjects: - description: 'relatedObjects is a list of objects that are "interesting" - or related to this operator. Common uses are: 1. the detailed resource - driving the operator 2. operator namespaces 3. operand namespaces' - items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - required: - - group - - name - - resource - type: object - type: array - versions: - description: versions is a slice of operator and operand version tuples. Operators - which manage multiple operands will have multiple operand entries - in the array. Available operators must report the version of the - operator itself with the name "operator". An operator reports a - new "operator" version when it has rolled out the new version to - all of its operands. - items: - properties: - name: - description: name is the name of the particular operand this - version is for. It usually matches container images, not - operators. - type: string - version: - description: version indicates which version of a particular - operand is currently being managed. It must always match - the Available operand. If 1.0.0 is Available, then this must - indicate 1.0.0 even if the operator is trying to rollout 1.1.0 - type: string - required: - - name - - version - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + nullable: true + x-kubernetes-preserve-unknown-fields: true + relatedObjects: + description: 'relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces' + type: array + items: + description: ObjectReference contains enough information to let you inspect or modify the referred object. + type: object + required: + - group + - name + - resource + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + versions: + description: versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name "operator". An operator reports a new "operator" version when it has rolled out the new version to all of its operands. + type: array + items: + type: object + required: + - name + - version + properties: + name: + description: name is the name of the particular operand this version is for. It usually matches container images, not operators. + type: string + version: + description: version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0 + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index 41f372d53..de04ec4d9 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -14,617 +14,418 @@ spec: singular: clusterversion scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .status.history[?(@.state=="Completed")].version - name: Version - type: string - - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - name: Since - type: date - - jsonPath: .status.conditions[?(@.type=="Progressing")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: "ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - properties: - capabilities: - description: capabilities configures the installation of optional, - core cluster components. A null value here is identical to an empty - object; see the child properties for default semantics. - properties: - additionalEnabledCapabilities: - description: additionalEnabledCapabilities extends the set of - managed capabilities beyond the baseline defined in baselineCapabilitySet. The - default is an empty set. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - type: string - type: array - x-kubernetes-list-type: atomic - baselineCapabilitySet: - description: baselineCapabilitySet selects an initial set of optional - capabilities to enable, which can be extended via additionalEnabledCapabilities. If - unset, the cluster will choose a default, and the default may - change over time. The current default is vCurrent. - enum: - - None - - v4.11 - - v4.12 - - vCurrent - type: string - type: object - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for - production clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. You may specify the version field without setting - image if an update exists with that version in the availableUpdates - or history. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - properties: - force: - description: force allows an administrator to update to an image - that has failed verification or upgradeable checks. This option - should only be used when the authenticity of the provided image - has been verified out of band because the provided image will - run with full administrative access to the cluster. Do not use - this flag with images that comes from unknown or potentially - malicious sources. - type: boolean - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - version: - description: version is a semantic versioning identifying the - update version. When this field is part of spec, version is - optional if image is specified. - type: string - type: object - overrides: - description: overrides is list of overides for components that are - managed by cluster version operator. Marking a component unmanaged - will prevent the operator from creating or updating the object. - items: - description: ComponentOverride allows overriding cluster version - operator's behavior for a component. - properties: - group: - description: group identifies the API group that the kind is - in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the - resource is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator - should stop managing the resources in this cluster. Default: - false' - type: boolean - required: - - group - - kind - - name - - namespace - - unmanaged + - additionalPrinterColumns: + - jsonPath: .status.history[?(@.state=="Completed")].version + name: Version + type: string + - jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime + name: Since + type: date + - jsonPath: .status.conditions[?(@.type=="Progressing")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster. + type: object + required: + - clusterID + properties: + capabilities: + description: capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics. type: object - type: array - upstream: - description: upstream may be used to specify the preferred update - server. By default it will use the appropriate update server for - the cluster and region. - type: string - required: - - clusterID - type: object - status: - description: status contains information about the available updates and - any in-progress updates. - properties: - availableUpdates: - description: availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in availableUpdates - may expose this cluster to known issues. This list may be empty - if no updates are recommended, if the update service is unavailable, - or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and associated - metadata. properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. + additionalEnabledCapabilities: + description: additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set. + type: array items: + description: ClusterVersionCapability enumerates optional, core cluster components. type: string - type: array - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or - the metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set - for test or nightly releases. + enum: + - openshift-samples + - baremetal + - marketplace + - Console + - Insights + - Storage + - CSISnapshot + x-kubernetes-list-type: atomic + baselineCapabilitySet: + description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent. type: string - version: - description: version is a semantic versioning identifying the - update version. When this field is part of spec, version is - optional if image is specified. - type: string - type: object - nullable: true - type: array - capabilities: - description: capabilities describes the state of optional, core cluster - components. - properties: - enabledCapabilities: - description: enabledCapabilities lists all the capabilities that - are currently managed. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot + - None + - v4.11 + - v4.12 + - vCurrent + channel: + description: channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters. + type: string + clusterID: + description: clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field. + type: string + desiredUpdate: + description: "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. \n Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. \n If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed." + type: object + properties: + architecture: + description: architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty. type: string - type: array - x-kubernetes-list-type: atomic - knownCapabilities: - description: knownCapabilities lists all the capabilities known - to the current cluster. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot + - Multi + - "" + force: + description: force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. + type: boolean + image: + description: image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified. type: string - type: array - x-kubernetes-list-type: atomic - type: object - conditionalUpdates: - description: conditionalUpdates contains the list of updates that - may be recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use availableUpdates. - This list may be empty if no updates are recommended, if the update - service is unavailable, or if an empty or invalid channel has been - specified. - items: - description: ConditionalUpdate represents an update which is recommended - to some clusters on the version the current cluster is reconciling, - but which may not be recommended for the current cluster. + version: + description: version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified. + type: string + x-kubernetes-validations: + - rule: 'has(self.architecture) && has(self.image) ? (self.architecture == '''' || self.image == '''') : true' + message: cannot set both Architecture and Image + - rule: 'has(self.architecture) && self.architecture != '''' ? self.version != '''' : true' + message: Version must be set if Architecture is set + overrides: + description: overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object. + type: array + items: + description: ComponentOverride allows overriding cluster version operator's behavior for a component. + type: object + required: + - group + - kind + - name + - namespace + - unmanaged + properties: + group: + description: group identifies the API group that the kind is in. + type: string + kind: + description: kind indentifies which object to override. + type: string + name: + description: name is the component's name. + type: string + namespace: + description: namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty. + type: string + unmanaged: + description: 'unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false' + type: boolean + upstream: + description: upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region. + type: string + status: + description: status contains information about the available updates and any in-progress updates. + type: object + required: + - availableUpdates + - desired + - observedGeneration + - versionHash + properties: + availableUpdates: + description: availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified. + type: array + items: + description: Release represents an OpenShift release image and associated metadata. + type: object + properties: + channels: + description: channels is the set of Cincinnati channels to which the release currently belongs. + type: array + items: + type: string + image: + description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. + type: string + url: + description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases. + type: string + version: + description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified. + type: string + nullable: true + capabilities: + description: capabilities describes the state of optional, core cluster components. + type: object properties: - conditions: - description: 'conditions represents the observations of the - conditional update''s current status. Known types are: * Evaluating, - for whether the cluster-version operator will attempt to evaluate - any risks[].matchingRules. * Recommended, for whether the - update is recommended for the current cluster.' + enabledCapabilities: + description: enabledCapabilities lists all the capabilities that are currently managed. + type: array items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object + description: ClusterVersionCapability enumerates optional, core cluster components. + type: string + enum: + - openshift-samples + - baremetal + - marketplace + - Console + - Insights + - Storage + - CSISnapshot + x-kubernetes-list-type: atomic + knownCapabilities: + description: knownCapabilities lists all the capabilities known to the current cluster. type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: channels is the set of Cincinnati channels - to which the release currently belongs. - items: - type: string - type: array - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is - optional if version is specified and the availableUpdates - field contains a matching version. - type: string - url: - description: url contains information about this release. - This URL is set by the 'url' metadata property on a release - or the metadata returned by the update API and should - be displayed as a link in user interfaces. The URL field - may not be set for test or nightly releases. - type: string - version: - description: version is a semantic versioning identifying - the update version. When this field is part of spec, version - is optional if image is specified. - type: string - type: object - risks: - description: risks represents the range of issues associated - with updating to the target release. The cluster-version operator - will evaluate all entries, and only recommend the update if - there is at least one entry and all entries recommend the - update. items: - description: ConditionalUpdateRisk represents a reason and - cluster-state for not recommending a conditional update. + description: ClusterVersionCapability enumerates optional, core cluster components. + type: string + enum: + - openshift-samples + - baremetal + - marketplace + - Console + - Insights + - Storage + - CSISnapshot + x-kubernetes-list-type: atomic + conditionalUpdates: + description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified. + type: array + items: + description: ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster. + type: object + required: + - release + - risks + properties: + conditions: + description: 'conditions represents the observations of the conditional update''s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.' + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + release: + description: release is the target of the update. + type: object properties: - matchingRules: - description: matchingRules is a slice of conditions for - deciding which clusters match the risk and which do - not. The slice is ordered by decreasing precedence. - The cluster-version operator will walk the slice in - order, and stop after the first it can successfully - evaluate. If no condition can be successfully evaluated, - the update will not be recommended. - items: - description: ClusterCondition is a union of typed cluster - conditions. The 'type' property determines which - of the type-specific properties are relevant. When - evaluated on a cluster, the condition may match, not - match, or fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: PromQL is a PromQL query classifying - clusters. This query query should return a - 1 in the match case and a 0 in the does-not-match - case. Queries which return no time series, - or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: type represents the cluster-condition - type. This defines the members and semantics of - any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 + channels: + description: channels is the set of Cincinnati channels to which the release currently belongs. type: array - x-kubernetes-list-type: atomic - message: - description: message provides additional information about - the risk of updating, in the event that matchingRules - match the cluster state. This is only to be consumed - by humans. It may contain Line Feed characters (U+000A), - which should be rendered as new lines. - minLength: 1 - type: string - name: - description: name is the CamelCase reason for not recommending - a conditional update, in the event that matchingRules - match the cluster state. - minLength: 1 + items: + type: string + image: + description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. type: string url: - description: url contains information about this risk. - format: uri - minLength: 1 + description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases. type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an - update is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type + version: + description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified. + type: string + risks: + description: risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update. + type: array + minItems: 1 + items: + description: ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update. + type: object + required: + - matchingRules + - message + - name + - url + properties: + matchingRules: + description: matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended. + type: array + minItems: 1 + items: + description: ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate. + type: object + required: + - type + properties: + promql: + description: promQL represents a cluster condition based on PromQL. + type: object + required: + - promql + properties: + promql: + description: PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures. + type: string + type: + description: type represents the cluster-condition type. This defines the members and semantics of any additional properties. + type: string + enum: + - Always + - PromQL + x-kubernetes-list-type: atomic + message: + description: message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. + type: string + minLength: 1 + name: + description: name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state. + type: string + minLength: 1 + url: + description: url contains information about this risk. + type: string + format: uri + minLength: 1 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-list-type: atomic + conditions: + description: conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation. + type: array + items: + description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update to the current status property. + type: string + format: date-time + message: + description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + desired: + description: desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag. type: object - type: array - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or - a tag. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or the - metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set for - test or nightly releases. - type: string - version: - description: version is a semantic versioning identifying the - update version. When this field is part of spec, version is - optional if image is specified. - type: string - type: object - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, - and then will be updated when a new update is being applied. The - newest update is first in the list and it is ordered by recency. - Updates in the history have state Completed if the rollout completed - - if an update was failing or halfway applied the state will be - Partial. Only a limited amount of update history is preserved. - items: - description: UpdateHistory is a single attempted update to the cluster. properties: - acceptedRisks: - description: acceptedRisks records risks which were accepted - to initiate the update. For example, it may menition an Upgradeable=False - or missing signature that was overriden via desiredUpdate.force, - or an update that was initiated despite not being in the availableUpdates - set of recommended update targets. - type: string - completionTime: - description: completionTime, if set, is when the update was - fully applied. The update that is currently being applied - will have a null completion time. Completion time will always - be set for entries that are not the current update (usually - to the started time of the next update). - format: date-time - nullable: true - type: string + channels: + description: channels is the set of Cincinnati channels to which the release currently belongs. + type: array + items: + type: string image: - description: image is a container image location that contains - the update. This value is always populated. + description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. type: string - startedTime: - description: startedTime is the time at which the update was - started. - format: date-time - type: string - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). + url: + description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases. type: string - verified: - description: verified indicates whether the provided update - was properly verified before it was installed. If this is - false the cluster may not be trusted. Verified does not cover - upgradeable checks that depend on the cluster state at the - time when the update target was accepted. - type: boolean version: - description: version is a semantic versioning identifying the - update version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. + description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified. type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - observedGeneration: - description: observedGeneration reports which version of the spec - is being synced. If this value is not equal to metadata.generation, - then the desired and conditions fields may represent a previous - version. - format: int64 - type: integer - versionHash: - description: versionHash is a fingerprint of the content that the - cluster will be updated with. It is used by the operator to avoid - unnecessary work and is for internal use only. - type: string - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + history: + description: history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved. + type: array + items: + description: UpdateHistory is a single attempted update to the cluster. + type: object + required: + - completionTime + - image + - startedTime + - state + - verified + properties: + acceptedRisks: + description: acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets. + type: string + completionTime: + description: completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update). + type: string + format: date-time + nullable: true + image: + description: image is a container image location that contains the update. This value is always populated. + type: string + startedTime: + description: startedTime is the time at which the update was started. + type: string + format: date-time + state: + description: state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied). + type: string + verified: + description: verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted. + type: boolean + version: + description: version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty. + type: string + observedGeneration: + description: observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version. + type: integer + format: int64 + versionHash: + description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml index b9cf439c5..3f58cbf69 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml @@ -16,91 +16,63 @@ spec: singular: proxy scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Proxy holds cluster-wide information on how to configure default - proxies for the cluster. The canonical name is `cluster` \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the proxy configuration - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. Empty - means unset and will not result in an env var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs and/or IPs for which the proxy should not be used. Empty means - unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used to verify - readiness of the proxy. - items: + - name: v1 + schema: + openAPIV3Schema: + description: "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds user-settable values for the proxy configuration + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. type: string - type: array - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing a - CA certificate bundle. The trustedCA field should only be consumed - by a proxy validator. The validator is responsible for reading the - certificate bundle from the required key \"ca-bundle.crt\", merging - it with the system default trust bundle, and writing the merged - trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections must use - the trusted-ca-bundle for all HTTPS requests to the proxy, and may - use the trusted-ca-bundle for non-proxy HTTPS requests as well. - \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". - Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate - bundle. -----END CERTIFICATE-----" - properties: - name: - description: name is the metadata.name of the referenced config - map + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var. + type: string + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + type: array + items: type: string - required: - - name - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml index cc42ea290..6e82955fa 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml @@ -17,93 +17,68 @@ spec: singular: operatorhub scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OperatorHub is the Schema for the operatorhubs API. It can be - used to change the state of the default hub sources for OperatorHub on the - cluster from enabled to disabled and vice versa. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorHubSpec defines the desired state of OperatorHub - properties: - disableAllDefaultSources: - description: disableAllDefaultSources allows you to disable all the - default hub sources. If this is true, a specific entry in sources - can be used to enable a default source. If this is false, a specific - entry in sources can be used to disable or enable a default source. - type: boolean - sources: - description: sources is the list of default hub sources and their - configuration. If the list is empty, it implies that the default - hub sources are enabled on the cluster unless disableAllDefaultSources - is true. If disableAllDefaultSources is true and sources is not - empty, the configuration present in sources will take precedence. - The list of default hub sources and their current state will always - be reflected in the status block. - items: - description: HubSource is used to specify the hub source and its - configuration - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - name: - description: name is the name of one of the default hub sources - maxLength: 253 - minLength: 1 - type: string - type: object - type: array - type: object - status: - description: OperatorHubStatus defines the observed state of OperatorHub. - The current state of the default hub sources will always be reflected - here. - properties: - sources: - description: sources encapsulates the result of applying the configuration - for each hub source - items: - description: HubSourceStatus is used to reflect the current state - of applying the configuration to a default source - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - message: - description: message provides more information regarding failures - type: string - name: - description: name is the name of one of the default hub sources - maxLength: 253 - minLength: 1 - type: string - status: - description: status indicates success or failure in applying - the configuration - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OperatorHubSpec defines the desired state of OperatorHub + type: object + properties: + disableAllDefaultSources: + description: disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source. + type: boolean + sources: + description: sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block. + type: array + items: + description: HubSource is used to specify the hub source and its configuration + type: object + properties: + disabled: + description: disabled is used to disable a default hub source on cluster + type: boolean + name: + description: name is the name of one of the default hub sources + type: string + maxLength: 253 + minLength: 1 + status: + description: OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here. + type: object + properties: + sources: + description: sources encapsulates the result of applying the configuration for each hub source + type: array + items: + description: HubSourceStatus is used to reflect the current state of applying the configuration to a default source + type: object + properties: + disabled: + description: disabled is used to disable a default hub source on cluster + type: boolean + message: + description: message provides more information regarding failures + type: string + name: + description: name is the name of one of the default hub sources + type: string + maxLength: 253 + minLength: 1 + status: + description: status indicates success or failure in applying the configuration + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml index 2f8e3141d..3e53b28b9 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml @@ -16,295 +16,162 @@ spec: singular: apiserver scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "APIServer holds configuration (like serving certificates, client - CA and CORS domains) shared by all API servers in the system, among them - especially kube-apiserver and openshift-apiserver. The canonical name of - an instance is 'cluster'. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - additionalCORSAllowedOrigins: - description: additionalCORSAllowedOrigins lists additional, user-defined - regular expressions describing hosts for which the API server allows - access using the CORS headers. This may be needed to access the - API and the integrated OAuth server from JavaScript applications. - The values are regular expressions that correspond to the Golang - regular expression language. - items: - type: string - type: array - audit: - default: - profile: Default - description: audit specifies the settings for audit configuration - to be applied to all OpenShift-provided API servers in the cluster. - properties: - customRules: - description: customRules specify profiles per group. These profile - take precedence over the top-level profile field if they apply. - They are evaluation from top to bottom and the first one that - matches, applies. - items: - description: AuditCustomRule describes a custom rule for an - audit profile that takes precedence over the top-level profile. - properties: - group: - description: group is a name of group a request user must - be member of in order to this profile to apply. - minLength: 1 - type: string - profile: - description: "profile specifies the name of the desired - audit policy configuration to be deployed to all OpenShift-provided - API servers in the cluster. \n The following profiles - are provided: - Default: the existing default policy. - - WriteRequestBodies: like 'Default', but logs request - and response HTTP payloads for write requests (create, - update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read - requests (get, list). - None: no requests are logged at - all, not even oauthaccesstokens and oauthauthorizetokens. - \n If unset, the 'Default' profile is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - required: - - group - - profile - type: object - type: array - x-kubernetes-list-map-keys: - - group - x-kubernetes-list-type: map - profile: - default: Default - description: "profile specifies the name of the desired top-level - audit profile to be applied to all requests sent to any of the - OpenShift-provided API servers in the cluster (kube-apiserver, - openshift-apiserver and oauth-apiserver), with the exception - of those requests that match one or more of the customRules. - \n The following profiles are provided: - Default: default policy - which means MetaData level logging with the exception of events - (not logged at all), oauthaccesstokens and oauthauthorizetokens - (both logged at RequestBody level). - WriteRequestBodies: like - 'Default', but logs request and response HTTP payloads for write - requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read requests - (get, list). - None: no requests are logged at all, not even - oauthaccesstokens and oauthauthorizetokens. \n Warning: It is - not recommended to disable audit logging by using the `None` - profile unless you are fully aware of the risks of not logging - data that can be beneficial when troubleshooting issues. If - you disable audit logging and a support situation arises, you - might need to enable audit logging and reproduce the issue in - order to troubleshoot properly. \n If unset, the 'Default' profile - is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None + - name: v1 + schema: + openAPIV3Schema: + description: "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + additionalCORSAllowedOrigins: + description: additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language. + type: array + items: type: string - type: object - clientCA: - description: 'clientCA references a ConfigMap containing a certificate - bundle for the signers that will be recognized for incoming client - certificates in addition to the operator managed signers. If this - is empty, then only operator managed signers are valid. You usually - only have to set this if you have your own PKI you wish to honor - client certificates from. The ConfigMap must exist in the openshift-config - namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - - CA bundle.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - encryption: - description: encryption allows the configuration of encryption of - resources at the datastore layer. - properties: - type: - description: "type defines what encryption type should be used - to encrypt resources at the datastore layer. When this field - is unset (i.e. when it is set to the empty string), identity - is implied. The behavior of unset can and will change over time. - \ Even if encryption is enabled by default, the meaning of unset - may change to a different encryption type based on changes in - best practices. \n When encryption is enabled, all sensitive - resources shipped with the platform are encrypted. This list - of sensitive resources can and will change over time. The current - authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io - 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" - enum: - - "" - - identity - - aescbc - type: string - type: object - servingCerts: - description: servingCert is the TLS cert info for serving secure traffic. - If not specified, operator managed certificates will be used for - serving secure traffic. - properties: - namedCertificates: - description: namedCertificates references secrets containing the - TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates - match the server name as understood by a client, the defaultServingCertificate - will be used. - items: - description: APIServerNamedServingCert maps a server DNS name, - as understood by a client, to a certificate. - properties: - names: - description: names is a optional list of explicit DNS names - (leading wildcards allowed) that should use this certificate - to serve secure traffic. If no names are provided, the - implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names - defined here trump over extracted implicit names. - items: + audit: + description: audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster. + type: object + default: + profile: Default + properties: + customRules: + description: customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies. + type: array + items: + description: AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile. + type: object + required: + - group + - profile + properties: + group: + description: group is a name of group a request user must be member of in order to this profile to apply. type: string - type: array - servingCertificate: - description: 'servingCertificate references a kubernetes.io/tls - type secret containing the TLS cert info for serving secure - traffic. The secret must exist in the openshift-config - namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - - TLS certificate.' - properties: - name: - description: name is the metadata.name of the referenced - secret + minLength: 1 + profile: + description: "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. \n The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n If unset, the 'Default' profile is used as the default." + type: string + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + x-kubernetes-list-map-keys: + - group + x-kubernetes-list-type: map + profile: + description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default." + type: string + default: Default + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + clientCA: + description: 'clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + encryption: + description: encryption allows the configuration of encryption of resources at the datastore layer. + type: object + properties: + type: + description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" + type: string + enum: + - "" + - identity + - aescbc + servingCerts: + description: servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic. + type: object + properties: + namedCertificates: + description: namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used. + type: array + items: + description: APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate. + type: object + properties: + names: + description: names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. + type: array + items: type: string - required: - - name - type: object + servingCertificate: + description: 'servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsSecurityProfile: + description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12." + type: object + properties: + custom: + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" type: object - type: array - type: object - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for externally exposed servers. \n If unset, a default (which may - change between releases) is chosen. Note that only Old, Intermediate - and Custom profiles are currently supported, and the maximum available - MinTLSVersions is VersionTLS12." - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - minTLSVersion: TLSv1.1" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: + properties: + ciphers: + description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + type: array + items: + type: string + minTLSVersion: + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently - the highest minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: - TLSv1.3 \n NOTE: Currently unsupported." - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + nullable: true + intermediate: + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + type: object + nullable: true + modern: + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + type: object + nullable: true + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + type: object + nullable: true + type: + description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries." + type: string + enum: + - Old + - Intermediate + - Modern + - Custom + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml index d81573a33..facf7c6b0 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml @@ -16,148 +16,86 @@ spec: singular: authentication scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will result in the invalidation of - all bound tokens with the previous issuer value. Unless the holder - of a bound token has explicit support for a change in issuer, they - will not request a new bound token until pod restart or until their - existing token exceeds 80% of its duration.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - type: string - webhookTokenAuthenticator: - description: webhookTokenAuthenticator configures a remote token reviewer. - These remote authentication webhooks can be used to verify bearer - tokens via the tokenreviews.authentication.k8s.io REST API. This - is required to honor bearer tokens that are provisioned by an external - authentication service. - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: + - name: v1 + schema: + openAPIV3Schema: + description: "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + oauthMetadata: + description: 'oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.' + type: object + required: - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + serviceAccountIssuer: + description: 'serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.' + type: string + type: + description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth. + type: string + webhookTokenAuthenticator: + description: webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. + type: object + required: + - kubeConfig properties: kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' + description: "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication \n The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored." + type: object + required: + - name properties: name: - description: name is the metadata.name of the referenced - secret + description: name is the metadata.name of the referenced secret type: string - required: - - name - type: object + webhookTokenAuthenticators: + description: webhookTokenAuthenticators is DEPRECATED, setting it has no effect. + type: array + items: + description: deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. + type: object + properties: + kubeConfig: + description: 'kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + integratedOAuthMetadata: + description: 'integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.' type: object - type: array - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml index 47d4ff7ca..89bc65581 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml @@ -17,391 +17,259 @@ spec: preserveUnknownFields: false scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Build configures the behavior of OpenShift builds for the entire - cluster. This includes default settings that can be overridden in BuildConfig - objects, and overrides which are applied to all builds. \n The canonical - name is \"cluster\" \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the build controller - configuration - properties: - additionalTrustedCA: - description: "AdditionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted for image pushes and pulls - during builds. The namespace for this config map is openshift-config. - \n DEPRECATED: Additional CAs for image pull and push should be - set on image.config.openshift.io/cluster instead." - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - buildDefaults: - description: BuildDefaults controls the default information for Builds - properties: - defaultProxy: - description: "DefaultProxy contains the default proxy settings - for all build operations, including image pull/push and source - download. \n Values can be overrode by setting the `HTTP_PROXY`, - `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build - config's strategy." - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs and/or IPs for which the proxy should not be - used. Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only - be consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key - \"ca-bundle.crt\", merging it with the system default trust - bundle, and writing the merged trust bundle to a ConfigMap - named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections - must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy - HTTPS requests as well. \n The namespace for the ConfigMap - referenced by trustedCA is \"openshift-config\". Here is - an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom - CA certificate bundle. -----END CERTIFICATE-----" - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - type: object - env: - description: Env is a set of default environment variables that - will be applied to the build if the specified variables do not - exist on the build - items: - description: EnvVar represents an environment variable present - in a Container. + - name: v1 + schema: + openAPIV3Schema: + description: "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. \n The canonical name is \"cluster\" \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds user-settable values for the build controller configuration + type: object + properties: + additionalTrustedCA: + description: "AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config. \n DEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead." + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + buildDefaults: + description: BuildDefaults controls the default information for Builds + type: object + properties: + defaultProxy: + description: "DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download. \n Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy." + type: object properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - gitProxy: - description: "GitProxy contains the proxy settings for git operations - only. If set, this will override any Proxy settings for all - git commands, such as git clone. \n Values that are not set - here will be inherited from DefaultProxy." - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs and/or IPs for which the proxy should not be - used. Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var. type: string - type: array - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only - be consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key - \"ca-bundle.crt\", merging it with the system default trust - bundle, and writing the merged trust bundle to a ConfigMap - named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections - must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy - HTTPS requests as well. \n The namespace for the ConfigMap - referenced by trustedCA is \"openshift-config\". Here is - an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom - CA certificate bundle. -----END CERTIFICATE-----" + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + env: + description: Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name properties: name: - description: name is the metadata.name of the referenced - config map + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string - required: - - name - type: object - type: object - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. User can override a default label by - providing a label with the same name in their Build/BuildConfig. - items: - properties: - name: - description: Name defines the name of the label. It must - have non-zero length. - type: string - value: - description: Value defines the literal value of the label. - type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + gitProxy: + description: "GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone. \n Values that are not set here will be inherited from DefaultProxy." type: object - type: array - resources: - description: Resources defines resource requirements to execute - the build. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - type: object - buildOverrides: - description: BuildOverrides controls override settings for builds - properties: - forcePull: - description: ForcePull overrides, if set, the equivalent value - in the builds, i.e. false disables force pull for all builds, - true enables force pull for all builds, independently of what - each build specifies itself - type: boolean - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. If user provided a label in their Build/BuildConfig - with the same name as one in this list, the user's label will - be overwritten. - items: properties: - name: - description: Name defines the name of the label. It must - have non-zero length. + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. type: string - value: - description: Value defines the literal value of the label. + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var. type: string + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + imageLabels: + description: ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig. + type: array + items: + type: object + properties: + name: + description: Name defines the name of the label. It must have non-zero length. + type: string + value: + description: Value defines the literal value of the label. + type: string + resources: + description: Resources defines resource requirements to execute the build. type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is a selector which must be true for - the build pod to fit on a node - type: object - tolerations: - description: Tolerations is a list of Tolerations that will override - any existing tolerations set on a build pod. - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + buildOverrides: + description: BuildOverrides controls override settings for builds + type: object + properties: + forcePull: + description: ForcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself + type: boolean + imageLabels: + description: ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten. + type: array + items: + type: object + properties: + name: + description: Name defines the name of the label. It must have non-zero length. + type: string + value: + description: Value defines the literal value of the label. + type: string + nodeSelector: + description: NodeSelector is a selector which must be true for the build pod to fit on a node type: object - type: array - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + additionalProperties: + type: string + tolerations: + description: Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod. + type: array + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml index ce7f789da..188b45e01 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml @@ -16,60 +16,42 @@ spec: singular: console scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Console holds cluster-wide configuration for the web console, - including the logout URL, and reports the public URL of the console. The - canonical name is `cluster`. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - authentication: - description: ConsoleAuthentication defines a list of optional configuration - for console authentication. - properties: - logoutRedirect: - description: 'An optional, absolute URL to redirect web browsers - to after logging out of the console. If not specified, it will - redirect to the default login page. This is required when using - an identity provider that supports single sign-on (SSO) such - as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, - SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console - will destroy the user''s token. The logoutRedirect provides - the user the option to perform single logout (SLO) through the - identity provider to destroy their single sign-on session.' - pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - consoleURL: - description: The URL for the console. This will be derived from the - host for the route that is created for the console. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + authentication: + description: ConsoleAuthentication defines a list of optional configuration for console authentication. + type: object + properties: + logoutRedirect: + description: 'An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user''s token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.' + type: string + pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + consoleURL: + description: The URL for the console. This will be derived from the host for the route that is created for the console. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml index dd3cd6e8a..e4fa56eee 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml @@ -16,90 +16,57 @@ spec: singular: dns scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "DNS holds cluster-wide information about DNS. The canonical - name is `cluster` \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. All managed - DNS records will be sub-domains of this base. \n For example, given - the base domain `openshift.example.com`, an API server DNS record - may be created for `cluster-api.openshift.example.com`. \n Once - set, this field cannot be changed." - type: string - privateZone: - description: "privateZone is the location where all the DNS records - that are only available internally to the cluster exist. \n If this - field is nil, no private records should be created. \n Once set, - this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: + - name: v1 + schema: + openAPIV3Schema: + description: "DNS holds cluster-wide information about DNS. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + baseDomain: + description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed." + type: string + privateZone: + description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - publicZone: - description: "publicZone is the location where all the DNS records - that are publicly accessible to the internet exist. \n If this field - is nil, no public records should be created. \n Once set, this field - cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + publicZone: + description: "publicZone is the location where all the DNS records that are publicly accessible to the internet exist. \n If this field is nil, no public records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml index d52ba393c..5254d0ce2 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml @@ -16,66 +16,48 @@ spec: singular: featuregate scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Feature holds cluster-wide information about feature gates. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - customNoUpgrade: - description: customNoUpgrade allows the enabling or disabling of any - feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE - UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting - cannot be validated. If you have any typos or accidentally apply - invalid combinations your cluster may fail in an unrecoverable way. featureSet - must equal "CustomNoUpgrade" must be set to use this field. - nullable: true - properties: - disabled: - description: disabled is a list of all feature gates that you - want to force off - items: - type: string - type: array - enabled: - description: enabled is a list of all feature gates that you want - to force on - items: - type: string - type: array - type: object - featureSet: - description: featureSet changes the list of features in the cluster. The - default is empty. Be very careful adjusting this setting. Turning - on or off features may cause irreversible changes in your cluster - which cannot be undone. - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: "Feature holds cluster-wide information about feature gates. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + customNoUpgrade: + description: customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field. + type: object + properties: + disabled: + description: disabled is a list of all feature gates that you want to force off + type: array + items: + type: string + enabled: + description: enabled is a list of all feature gates that you want to force on + type: array + items: + type: string + nullable: true + featureSet: + description: featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone. + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml index bdd38dc99..a160fef40 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml @@ -16,149 +16,93 @@ spec: singular: image scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Image governs policies related to imagestream imports and runtime - configuration for external registries. It allows cluster admins to configure - which registries OpenShift is allowed to import images from, extra CA trust - bundles for external registries, and policies to block or allow registry - hostnames. When exposing OpenShift's image registry to the public, this - also lets cluster admins specify the external hostname. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - additionalTrustedCA: - description: additionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted during imagestream import, - pod image pull, build image pull, and imageregistry pullthrough. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - allowedRegistriesForImport: - description: allowedRegistriesForImport limits the container image - registries that normal users may import images from. Set this list - to the registries that you trust to contain valid Docker images - and that you want applications to be able to import from. Users - with permission to create Images or ImageStreamMappings via the - API are not affected by this policy - typically only administrators - or system integrations will have those permissions. - items: - description: RegistryLocation contains a location of the registry - specified by the registry domain name. The domain name might include - wildcards, like '*' or '??'. + - name: v1 + schema: + openAPIV3Schema: + description: "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + additionalTrustedCA: + description: additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config. + type: object + required: + - name properties: - domainName: - description: domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the - port should be included in the domain name as well. + name: + description: name is the metadata.name of the referenced config map type: string - insecure: - description: insecure indicates whether the registry is secure - (https) or insecure (http) By default (if not specified) the - registry is assumed as secure. - type: boolean + allowedRegistriesForImport: + description: allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions. + type: array + items: + description: RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'. + type: object + properties: + domainName: + description: domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well. + type: string + insecure: + description: insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure. + type: boolean + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format. + type: array + items: + type: string + registrySources: + description: registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry. type: object - type: array - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for - the default external image registry. The external hostname should - be set only when the image registry is exposed externally. The first - value is used in 'publicDockerImageRepository' field in ImageStreams. - The value must be in "hostname[:port]" format. - items: - type: string - type: array - registrySources: - description: registrySources contains configuration that determines - how the container runtime should treat individual registries when - accessing images for builds+pods. (e.g. whether or not to allow - insecure access). It does not contain configuration for the internal - cluster registry. - properties: - allowedRegistries: - description: "allowedRegistries are the only registries permitted - for image pull and push actions. All other registries are denied. - \n Only one of BlockedRegistries or AllowedRegistries may be - set." - items: - type: string - type: array - blockedRegistries: - description: "blockedRegistries cannot be used for image pull - and push actions. All other registries are permitted. \n Only - one of BlockedRegistries or AllowedRegistries may be set." - items: - type: string - type: array - containerRuntimeSearchRegistries: - description: 'containerRuntimeSearchRegistries are registries - that will be searched when pulling images that do not have fully - qualified domains in their pull specs. Registries will be searched - in the order provided in the list. Note: this search list only - works with the container runtime, i.e CRI-O. Will NOT work with - builds or imagestream imports.' - format: hostname - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - insecureRegistries: - description: insecureRegistries are registries which do not have - a valid TLS certificates or only support HTTP connections. - items: - type: string - type: array - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for - the default external image registry. The external hostname should - be set only when the image registry is exposed externally. The first - value is used in 'publicDockerImageRepository' field in ImageStreams. - The value must be in "hostname[:port]" format. - items: + properties: + allowedRegistries: + description: "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. \n Only one of BlockedRegistries or AllowedRegistries may be set." + type: array + items: + type: string + blockedRegistries: + description: "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. \n Only one of BlockedRegistries or AllowedRegistries may be set." + type: array + items: + type: string + containerRuntimeSearchRegistries: + description: 'containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.' + type: array + format: hostname + minItems: 1 + items: + type: string + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. + type: array + items: + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format. + type: array + items: + type: string + internalRegistryHostname: + description: internalRegistryHostname sets the hostname for the default internal image registry. The value must be in "hostname[:port]" format. This value is set by the image registry operator which controls the internal registry hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this setting overrides the environment variable. type: string - type: array - internalRegistryHostname: - description: internalRegistryHostname sets the hostname for the default - internal image registry. The value must be in "hostname[:port]" - format. This value is set by the image registry operator which controls - the internal registry hostname. For backward compatibility, users - can still use OPENSHIFT_DEFAULT_REGISTRY environment variable but - this setting overrides the environment variable. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml index 2e30bc552..147c73c44 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml @@ -16,97 +16,53 @@ spec: singular: imagecontentpolicy scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ImageContentPolicy holds cluster-wide information about how - to handle registry mirror rules. When multiple policies are defined, the - outcome of the behavior is defined on each field. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - repositoryDigestMirrors: - description: "repositoryDigestMirrors allows images referenced by - image digests in pods to be pulled from alternative mirrored repository - locations. The image pull specification provided to the pod will - be compared to the source locations described in RepositoryDigestMirrors - and the image may be pulled down from any of the mirrors in the - list instead of the specified repository allowing administrators - to choose a potentially faster mirror. To pull image from mirrors - by tags, should set the \"allowMirrorByTags\". \n Each “source” - repository is treated independently; configurations for different - “source” repositories don’t interact. \n If the \"mirrors\" is not - specified, the image will continue to be pulled from the specified - repository in the pull spec. \n When multiple policies are defined - for the same “source” repository, the sets of defined mirrors will - be merged together, preserving the relative order of the mirrors, - if possible. For example, if policy A has mirrors `a, b, c` and - policy B has mirrors `c, d, e`, the mirrors will be used in the - order `a, b, c, d, e`. If the orders of mirror entries conflict - (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the - resulting order is unspecified." - items: - description: RepositoryDigestMirrors holds cluster-wide information - about how to handle mirrors in the registries config. - properties: - allowMirrorByTags: - description: allowMirrorByTags if true, the mirrors can be used - to pull the images that are referenced by their tags. Default - is false, the mirrors only work when pulling the images that - are referenced by their digests. Pulling images by tag can - potentially yield different images, depending on which endpoint - we pull from. Forcing digest-pulls for mirrors avoids that - issue. - type: boolean - mirrors: - description: mirrors is zero or more repositories that may also - contain the same images. If the "mirrors" is not specified, - the image will continue to be pulled from the specified repository - in the pull spec. No mirror will be configured. The order - of mirrors in this list is treated as the user's desired priority, - while source is by default considered lower priority than - all mirrors. Other cluster configuration, including (but not - limited to) other repositoryDigestMirrors objects, may impact - the exact order mirrors are contacted in, or some mirrors - may be contacted in parallel, so this should be considered - a preference rather than a guarantee of ordering. - items: - pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ + - name: v1 + schema: + openAPIV3Schema: + description: "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + repositoryDigestMirrors: + description: "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\". \n Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified." + type: array + items: + description: RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. + type: object + required: + - source + properties: + allowMirrorByTags: + description: allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue. + type: boolean + mirrors: + description: mirrors is zero or more repositories that may also contain the same images. If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. + type: array + items: + type: string + pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ + x-kubernetes-list-type: set + source: + description: source is the repository that users refer to, e.g. in image pull specifications. type: string - type: array - x-kubernetes-list-type: set - source: - description: source is the repository that users refer to, e.g. - in image pull specifications. - pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ - type: string - required: - - source - type: object - type: array - x-kubernetes-list-map-keys: - - source - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ + x-kubernetes-list-map-keys: + - source + x-kubernetes-list-type: map + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml new file mode 100644 index 000000000..693a554e7 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml @@ -0,0 +1,74 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1126 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: imagedigestmirrorsets.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ImageDigestMirrorSet + listKind: ImageDigestMirrorSetList + plural: imagedigestmirrorsets + shortNames: + - idms + singular: imagedigestmirrorset + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + imageDigestMirrors: + description: "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD. \n If the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order." + type: array + items: + description: ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. + type: object + required: + - source + properties: + mirrorSourcePolicy: + description: mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + type: string + enum: + - NeverContactSource + - AllowContactingSource + mirrors: + description: 'mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user''s desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + type: array + items: + type: string + pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + x-kubernetes-list-type: set + source: + description: 'source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + type: string + pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + x-kubernetes-list-type: atomic + status: + description: status contains the observed state of the resource. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml new file mode 100644 index 000000000..17a2d045b --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml @@ -0,0 +1,74 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1126 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: imagetagmirrorsets.config.openshift.io +spec: + group: config.openshift.io + names: + kind: ImageTagMirrorSet + listKind: ImageTagMirrorSetList + plural: imagetagmirrorsets + shortNames: + - itms + singular: imagetagmirrorset + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + imageTagMirrors: + description: "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD. \n If the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order." + type: array + items: + description: ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config. + type: object + required: + - source + properties: + mirrorSourcePolicy: + description: mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + type: string + enum: + - NeverContactSource + - AllowContactingSource + mirrors: + description: 'mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user''s desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + type: array + items: + type: string + pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + x-kubernetes-list-type: set + source: + description: 'source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' + type: string + pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ + x-kubernetes-list-type: atomic + status: + description: status contains the observed state of the resource. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml new file mode 100644 index 000000000..28773b7df --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -0,0 +1,609 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: Default + name: infrastructures.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. \n cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only." + type: object + properties: + key: + description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. + type: string + name: + type: string + platformSpec: + description: platformSpec holds desired information specific to the underlying infrastructure provider. + type: object + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + type: object + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + type: object + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + type: object + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + type: object + required: + - prismCentral + - prismElements + properties: + prismCentral: + description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + type: object + required: + - address + - port + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + type: string + maxLength: 256 + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + type: integer + format: int32 + maximum: 65535 + minimum: 1 + prismElements: + description: prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central. + type: array + items: + description: NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster) + type: object + required: + - endpoint + - name + properties: + endpoint: + description: endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + type: object + required: + - address + - port + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + type: string + maxLength: 256 + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + type: integer + format: int32 + maximum: 65535 + minimum: 1 + name: + description: name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc). + type: string + maxLength: 256 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + type: object + powervs: + description: PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider. + type: object + properties: + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + type: array + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + type: object + required: + - name + - url + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + format: uri + pattern: ^https:// + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: + description: type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + type: object + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API. + type: string + controlPlaneTopology: + description: controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + type: string + default: HighlyAvailable + enum: + - HighlyAvailable + - SingleReplica + - External + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters. + type: string + infrastructureTopology: + description: 'infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is ''HighlyAvailable'', which represents the behavior operators have in a "normal" cluster. The ''SingleReplica'' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.' + type: string + default: HighlyAvailable + enum: + - HighlyAvailable + - SingleReplica + platform: + description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + platformStatus: + description: platformStatus holds status information specific to the underlying infrastructure provider. + type: object + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + type: object + required: + - region + properties: + region: + description: region specifies the region for Alibaba Cloud resources created for the cluster. + type: string + pattern: ^[0-9A-Za-z-]+$ + resourceGroupID: + description: resourceGroupID is the ID of the resource group for the cluster. + type: string + pattern: ^(rg-[0-9A-Za-z]+)?$ + resourceTags: + description: resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster. + type: array + maxItems: 20 + items: + description: AlibabaCloudResourceTag is the set of tags to add to apply to resources. + type: object + required: + - key + - value + properties: + key: + description: key is the key of the tag. + type: string + maxLength: 128 + minLength: 1 + value: + description: value is the value of the tag. + type: string + maxLength: 128 + minLength: 1 + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + type: object + properties: + region: + description: region holds the default AWS region for new AWS resources created by the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user. + type: array + maxItems: 25 + items: + description: AWSResourceTag is a tag to apply to AWS resources created for the cluster. + type: object + required: + - key + - value + properties: + key: + description: key is the key of the tag + type: string + maxLength: 128 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + value: + description: value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. + type: string + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + type: object + properties: + armEndpoint: + description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. + type: string + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureStackCloud + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. + type: string + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + type: object + properties: + projectID: + description: resourceGroupName is the Project ID for new GCP resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources created for the cluster. + type: string + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + type: object + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. + type: string + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + cloudName: + description: cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.' + type: string + powervs: + description: PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider. + type: object + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + region: + description: region holds the default Power VS region for new Power VS resources created by the cluster. + type: string + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + type: array + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + type: object + required: + - name + - url + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + format: uri + pattern: ^https:// + zone: + description: 'zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported' + type: string + type: + description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. \n This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + type: array + format: ip + maxItems: 2 + items: + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..b1dc45140 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,761 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: infrastructures.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. \n cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only." + properties: + key: + description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. + type: string + name: + type: string + type: object + platformSpec: + description: platformSpec holds desired information specific to the underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + type: object + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + pattern: ^https:// + type: string + type: object + type: array + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + type: object + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + properties: + prismCentral: + description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + prismElements: + description: prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central. + items: + description: NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster) + properties: + endpoint: + description: endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + name: + description: name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc). + maxLength: 256 + type: string + required: + - endpoint + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - prismCentral + - prismElements + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + type: object + powervs: + description: PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + description: type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + type: string + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + properties: + failureDomains: + description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. + items: + description: VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain. + properties: + name: + description: name defines the arbitrary but unique name of a failure domain. + maxLength: 256 + minLength: 1 + type: string + region: + description: region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region. + maxLength: 80 + minLength: 1 + type: string + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name or the IP address of the vCenter server. --- + maxLength: 255 + minLength: 1 + type: string + topology: + description: Topology describes a given failure domain using vSphere constructs + properties: + computeCluster: + description: computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*? + type: string + datacenter: + description: datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters. + maxLength: 80 + type: string + datastore: + description: datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/datastore/.*? + type: string + folder: + description: folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/vm/.*? + type: string + networks: + description: networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form //network/. + items: + type: string + maxItems: 1 + minItems: 1 + type: array + resourcePool: + description: resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*?/Resources.* + type: string + required: + - computeCluster + - datacenter + - datastore + - networks + type: object + zone: + description: zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone. + maxLength: 80 + minLength: 1 + type: string + required: + - name + - region + - server + - topology + - zone + type: object + type: array + nodeNetworking: + description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. + properties: + external: + description: external represents the network configuration of the node that is externally routable. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + network: + description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. --- + items: + format: cidr + type: string + type: array + type: object + internal: + description: internal represents the network configuration of the node that is routable only within the cluster. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + network: + description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. --- + items: + format: cidr + type: string + type: array + type: object + type: object + vcenters: + description: vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. --- + items: + description: VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM. + properties: + datacenters: + description: The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology. + items: + type: string + minItems: 1 + type: array + port: + description: port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time. + format: int32 + maximum: 32767 + minimum: 1 + type: integer + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name or the IP address of the vCenter server. --- + maxLength: 255 + type: string + required: + - datacenters + - server + type: object + maxItems: 1 + minItems: 0 + type: array + type: object + type: object + type: object + status: + description: status holds observed values from the cluster. They may not be overridden. + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API. + type: string + controlPlaneTopology: + default: HighlyAvailable + description: controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + enum: + - HighlyAvailable + - SingleReplica + - External + type: string + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters. + type: string + infrastructureTopology: + default: HighlyAvailable + description: 'infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is ''HighlyAvailable'', which represents the behavior operators have in a "normal" cluster. The ''SingleReplica'' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.' + enum: + - HighlyAvailable + - SingleReplica + type: string + platform: + description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + type: string + platformStatus: + description: platformStatus holds status information specific to the underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + properties: + region: + description: region specifies the region for Alibaba Cloud resources created for the cluster. + pattern: ^[0-9A-Za-z-]+$ + type: string + resourceGroupID: + description: resourceGroupID is the ID of the resource group for the cluster. + pattern: ^(rg-[0-9A-Za-z]+)?$ + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster. + items: + description: AlibabaCloudResourceTag is the set of tags to add to apply to resources. + properties: + key: + description: key is the key of the tag. + maxLength: 128 + minLength: 1 + type: string + value: + description: value is the value of the tag. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + required: + - region + type: object + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + properties: + region: + description: region holds the default AWS region for new AWS resources created by the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user. + items: + description: AWSResourceTag is a tag to apply to AWS resources created for the cluster. + properties: + key: + description: key is the key of the tag + maxLength: 128 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + value: + description: value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 25 + type: array + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + pattern: ^https:// + type: string + type: object + type: array + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + properties: + armEndpoint: + description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureStackCloud + type: string + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. + type: string + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + type: object + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + properties: + projectID: + description: resourceGroupName is the Project ID for new GCP resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources created for the cluster. + type: string + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. + type: string + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + cloudName: + description: cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.' + type: string + type: object + powervs: + description: PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + region: + description: region holds the default Power VS region for new Power VS resources created by the cluster. + type: string + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + zone: + description: 'zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported' + type: string + type: object + type: + description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. \n This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + type: string + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch new file mode 100644 index 000000000..d127130ad --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch @@ -0,0 +1,24 @@ +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf + value: + - format: ipv4 + - format: ipv6 + - format: hostname +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf + value: + - format: ipv4 + - format: ipv6 + - format: hostname +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format + value: cidr +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format + value: cidr +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format + value: cidr +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format + value: cidr diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml deleted file mode 100644 index eb3eebce7..000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ /dev/null @@ -1,933 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: infrastructures.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Infrastructure - listKind: InfrastructureList - plural: infrastructures - singular: infrastructure - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Infrastructure holds cluster-wide information about Infrastructure. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration file is - used to configure the Kubernetes cloud provider integration when - using the built-in cloud provider integration or the external cloud - controller manager. The namespace for this config map is openshift-config. - \n cloudConfig should only be consumed by the kube_cloud_config - controller. The controller is responsible for using the user configuration - in the spec for various platforms and combining that with the user - provided ConfigMap in this field to create a stitched kube cloud - config. The controller generates a ConfigMap `kube-cloud-config` - in `openshift-config-managed` namespace with the kube cloud config - is stored in `cloud.conf` key. All the clients are expected to use - the generated ConfigMap only." - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - type: object - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - prismCentral: - description: prismCentral holds the endpoint address and port - to access the Nutanix Prism Central. When a cluster-wide - proxy is installed, by default, this endpoint will be accessed - via the proxy. Should you wish for communication with this - endpoint not to be proxied, please add the endpoint to the - proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS name - or IP address) of the Nutanix Prism Central or Element - (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the Nutanix - Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint address - and port data to access the Nutanix Prism Elements (clusters) - of the Nutanix Prism Central. Currently we only support - one Prism Element (cluster) for an OpenShift cluster, where - all the Nutanix resources (VMs, subnets, volumes, etc.) - used in the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread over - multiple Prism Elements (clusters) of the Prism Central. - items: - description: NutanixPrismElementEndpoint holds the name - and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address and - port data of the Prism Element (cluster). When a cluster-wide - proxy is installed, by default, this endpoint will - be accessed via the proxy. Should you wish for communication - with this endpoint not to be proxied, please add the - endpoint to the proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the - Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element (cluster). - This value will correspond with the cluster field - configured on other resources (eg Machines, PVCs, - etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - powervs: - description: PowerVS contains settings specific to the IBM Power - Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not support - all platforms, and must handle unrecognized platforms as None - if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - type: object - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the Kubernetes - API server using the infrastructure provider rather than Kubernetes - networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', address - and optionally a port (defaulting to 443). apiServerURL can be - used by components like the web console to tell users where to find - the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations for operands - that normally run on control nodes. The default is 'HighlyAvailable', - which represents the behavior operators have in a "normal" cluster. - The 'SingleReplica' mode will be used in single-node deployments - and the operators should not configure the operand for highly-available - operation The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components are not - visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the - SRV records for discovering etcd servers and clients. For more info: - https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with - a human friendly name. Once set it should not be changed. Must be - of max length 27 and must have only alphanumeric or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations for - infrastructure services that do not run on control plane nodes, - usually indicated by a node selector for a `role` value other than - `master`. The default is ''HighlyAvailable'', which represents the - behavior operators have in a "normal" cluster. The ''SingleReplica'' - mode will be used in single-node deployments and the operators should - not configure the operand for highly-available operation NOTE: External - topology mode is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - type: string - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba Cloud - resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource group - for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Alibaba Cloud resources created for the cluster. - items: - description: AlibabaCloudResourceTag is the set of tags - to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports a - maximum of 50 tags per resource. OpenShift reserves 25 tags - for its use, leaving 25 tags available for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. Some AWS - service do not support empty values. Since tags are - added to resources in many services, the length of - the tag value must meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - serviceEndpoints: - description: ServiceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for resource - management in non-soverign clouds such as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - which can be used to configure the Azure SDK with the appropriate - Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for BareMetal deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - properties: - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for OpenStack deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is no longer - set or honored. It will be removed in a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the Power Systems - Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - region: - description: region holds the default Power VS region for - new Power VS resources created by the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - zone: - description: 'zone holds the default zone for the new Power - VS resources created by the cluster. Note: Currently only - single-zone OCP clusters are supported' - type: string - type: object - type: - description: "type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", - \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components - may not support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. \n This - value will be synced with to the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for vSphere deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml index 2a4c9ec3c..427f0b1c1 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml @@ -16,537 +16,318 @@ spec: singular: ingress scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Ingress holds cluster-wide information about ingress, including - the default ingress domain used for routes. The canonical name is `cluster`. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - appsDomain: - description: appsDomain is an optional domain to use instead of the - one specified in the domain field when a Route is created without - specifying an explicit host. If appsDomain is nonempty, this value - is used to generate default host values for Route. Unlike domain, - appsDomain may be modified after installation. This assumes a new - ingresscontroller has been setup with a wildcard certificate. - type: string - componentRoutes: - description: "componentRoutes is an optional list of routes that are - managed by OpenShift components that a cluster-admin is able to - configure the hostname and serving certificate for. The namespace - and name of each route in this list should match an existing entry - in the status.componentRoutes list. \n To determine the set of configurable - Routes, look at namespace and name of entries in the .status.componentRoutes - list, where participating operators write the status of configurable - routes." - items: - description: ComponentRouteSpec allows for configuration of a route's - hostname and serving certificate. - properties: - hostname: - description: hostname is the hostname that should be used by - the route. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: "name is the logical name of the route to customize. - \n The namespace and name of this componentRoute must match - a corresponding entry in the list of status.componentRoutes - if the route is to be customized." - maxLength: 256 - minLength: 1 - type: string - namespace: - description: "namespace is the namespace of the route to customize. - \n The namespace and name of this componentRoute must match - a corresponding entry in the list of status.componentRoutes - if the route is to be customized." - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - servingCertKeyPairSecret: - description: servingCertKeyPairSecret is a reference to a secret - of type `kubernetes.io/tls` in the openshift-config namespace. - The serving cert/key pair must match and will be used by the - operator to fulfill the intent of serving with this name. - If the custom hostname uses the default routing suffix of - the cluster, the Secret specification for a serving certificate - will not be needed. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: + - name: v1 + schema: + openAPIV3Schema: + description: "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + appsDomain: + description: appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate. + type: string + componentRoutes: + description: "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list. \n To determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes." + type: array + items: + description: ComponentRouteSpec allows for configuration of a route's hostname and serving certificate. + type: object + required: + - hostname - name - type: object - required: - - hostname - - name - - namespace - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - domain: - description: "domain is used to generate a default host name for a - route when the route's host name is empty. The generated host name - will follow this pattern: \"..\". - \n It is also used as the default wildcard domain suffix for ingress. - The default ingresscontroller domain will follow this pattern: \"*.\". - \n Once set, changing domain is not currently supported." - type: string - loadbalancer: - description: loadBalancer contains the load balancer details in general - which are not only specific to the underlying infrastructure provider - of the current cluster and are required for Ingress Controller to - work on OpenShift. - properties: - platform: - description: platform holds configuration specific to the underlying - infrastructure provider for the ingress load balancers. When - omitted, this means the user has no opinion and the platform - is left to choose reasonable defaults. These defaults are subject - to change over time. + - namespace properties: - aws: - description: aws contains settings specific to the Amazon - Web Services infrastructure provider. + hostname: + description: hostname is the hostname that should be used by the route. + type: string + pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ + name: + description: "name is the logical name of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized." + type: string + maxLength: 256 + minLength: 1 + namespace: + description: "namespace is the namespace of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized." + type: string + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + servingCertKeyPairSecret: + description: servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. + type: object + required: + - name properties: - type: - description: "type allows user to set a load balancer - type. When this field is set the default ingresscontroller - will get created using the specified LBType. If this - field is not set then the default ingress controller - of LBType Classic will be created. Valid values are: - \n * \"Classic\": A Classic Load Balancer that makes - routing decisions at either the transport layer (TCP/SSL) - or the application layer (HTTP/HTTPS). See the following - for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes routing - decisions at the transport layer (TCP/SSL). See the - following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" - enum: - - NLB - - Classic + name: + description: name is the metadata.name of the referenced secret type: string - required: - - type - type: object - type: - description: type is the underlying infrastructure provider - for the cluster. Allowed values are "AWS", "Azure", "BareMetal", - "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", - "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and - "None". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they do - not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - type: string - type: object - type: object - requiredHSTSPolicies: - description: "requiredHSTSPolicies specifies HSTS policies that are - required to be set on newly created or updated routes matching - the domainPattern/s and namespaceSelector/s that are specified in - the policy. Each requiredHSTSPolicy must have at least a domainPattern - and a maxAge to validate a route HSTS Policy route annotation, and - affect route admission. \n A candidate route is checked for HSTS - Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" - E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains - \n - For each candidate route, if it matches a requiredHSTSPolicy - domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, - and includeSubdomainsPolicy must be valid to be admitted. Otherwise, - the route is rejected. - The first match, by domainPattern and optional - namespaceSelector, in the ordering of the RequiredHSTSPolicies determines - the route's admission status. - If the candidate route doesn't match - any requiredHSTSPolicy domainPattern and optional namespaceSelector, - then it may use any HSTS Policy annotation. \n The HSTS policy configuration - may be changed after routes have already been created. An update - to a previously admitted route may then fail if the updated route - does not conform to the updated HSTS policy configuration. However, - changing the HSTS policy configuration will not cause a route that - is already admitted to stop working. \n Note that if there are no - RequiredHSTSPolicies, any HSTS Policy annotation on the route is - valid." - items: + x-kubernetes-list-map-keys: + - namespace + - name + x-kubernetes-list-type: map + domain: + description: "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\". \n It is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\". \n Once set, changing domain is not currently supported." + type: string + loadBalancer: + description: loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift. + type: object properties: - domainPatterns: - description: "domainPatterns is a list of domains for which - the desired HSTS annotations are required. If domainPatterns - is specified and a route is created with a spec.host matching - one of the domains, the route must specify the HSTS Policy - components described in the matching RequiredHSTSPolicy. \n - The use of wildcards is allowed like this: *.foo.com matches - everything under foo.com. foo.com only matches foo.com, so - to cover foo.com and everything under it, you must specify - *both*." - items: - type: string - minItems: 1 - type: array - includeSubDomainsPolicy: - description: 'includeSubDomainsPolicy means the HSTS Policy - should apply to any subdomains of the host''s domain name. Thus, - for the host bar.foo.com, if includeSubDomainsPolicy was set - to RequireIncludeSubDomains: - the host app.bar.foo.com would - inherit the HSTS Policy of bar.foo.com - the host bar.foo.com - would inherit the HSTS Policy of bar.foo.com - the host foo.com - would NOT inherit the HSTS Policy of bar.foo.com - the host - def.foo.com would NOT inherit the HSTS Policy of bar.foo.com' - enum: - - RequireIncludeSubDomains - - RequireNoIncludeSubDomains - - NoOpinion - type: string - maxAge: - description: maxAge is the delta time range in seconds during - which hosts are regarded as HSTS hosts. If set to 0, it negates - the effect, and hosts are removed as HSTS hosts. If set to - 0 and includeSubdomains is specified, all subdomains of the - host are also removed as HSTS hosts. maxAge is a time-to-live - value, and if this policy is not refreshed on a client, the - HSTS policy will eventually expire on that client. - properties: - largestMaxAge: - description: The largest allowed value (in seconds) of the - RequiredHSTSPolicy max-age This value can be left unspecified, - in which case no upper limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - smallestMaxAge: - description: The smallest allowed value (in seconds) of - the RequiredHSTSPolicy max-age Setting max-age=0 allows - the deletion of an existing HSTS header from a host. This - is a necessary tool for administrators to quickly correct - mistakes. This value can be left unspecified, in which - case no lower limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer + platform: + description: platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. type: object - namespaceSelector: - description: namespaceSelector specifies a label selector such - that the policy applies only to those routes that are in namespaces - with labels that match the selector, and are in one of the - DomainPatterns. Defaults to the empty LabelSelector, which - matches everything. properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + aws: + description: aws contains settings specific to the Amazon Web Services infrastructure provider. type: object - type: object - x-kubernetes-map-type: atomic - preloadPolicy: - description: preloadPolicy directs the client to include hosts - in its host preload list so that it never needs to do an initial - load to get the HSTS header (note that this is not defined - in RFC 6797 and is therefore client implementation-dependent). - enum: - - RequirePreload - - RequireNoPreload - - NoOpinion - type: string - required: - - domainPatterns - type: object - type: array - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - componentRoutes: - description: componentRoutes is where participating operators place - the current route status for routes whose hostnames and serving - certificates can be customized by the cluster-admin. - items: - description: ComponentRouteStatus contains information allowing - configuration of a route's hostname and serving certificate. - properties: - conditions: - description: "conditions are used to communicate the state of - the componentRoutes entry. \n Supported conditions include - Available, Degraded and Progressing. \n If available is true, - the content served by the route can be accessed by users. - This includes cases where a default may continue to serve - content while the customized route specified by the cluster-admin - is being configured. \n If Degraded is true, that means something - has gone wrong trying to handle the componentRoutes entry. - The currentHostnames field may or may not be in effect. \n - If Progressing is true, that means the component is taking - some action related to the componentRoutes entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" + required: + - type + properties: + type: + description: "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are: \n * \"Classic\": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb \n * \"NLB\": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + type: string + enum: + - NLB + - Classic + type: + description: type is the underlying infrastructure provider for the cluster. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + requiredHSTSPolicies: + description: "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission. \n A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains \n - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation. \n The HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. \n Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid." + type: array + items: + type: object + required: + - domainPatterns + properties: + domainPatterns: + description: "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. \n The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*." + type: array + minItems: 1 + items: + type: string + includeSubDomainsPolicy: + description: 'includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host''s domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com' + type: string + enum: + - RequireIncludeSubDomains + - RequireNoIncludeSubDomains + - NoOpinion + maxAge: + description: maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client. + type: object properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 + largestMaxAge: + description: The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced. + type: integer + format: int32 + maximum: 2147483647 minimum: 0 + smallestMaxAge: + description: The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced. type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type + format: int32 + maximum: 2147483647 + minimum: 0 + namespaceSelector: + description: namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything. type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: consumingUsers is a slice of ServiceAccounts that - need to have read permission on the servingCertKeyPairSecret - secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + preloadPolicy: + description: preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent). + type: string + enum: + - RequirePreload + - RequireNoPreload + - NoOpinion + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + componentRoutes: + description: componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin. + type: array + items: + description: ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate. + type: object + required: + - defaultHostname + - name + - namespace + - relatedObjects + properties: + conditions: + description: "conditions are used to communicate the state of the componentRoutes entry. \n Supported conditions include Available, Degraded and Progressing. \n If available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured. \n If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect. \n If Progressing is true, that means the component is taking some action related to the componentRoutes entry." + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + consumingUsers: + description: consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret. + type: array + maxItems: 5 + items: + description: ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported. + type: string + maxLength: 512 + minLength: 1 + pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + currentHostnames: + description: currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list. + type: array + minItems: 1 + items: + description: "Hostname is an alias for hostname string validation. \n The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. ^([a-zA-Z0-9\\p{S}\\p{L}]((-?[a-zA-Z0-9\\p{S}\\p{L}]{0,62})?)|([a-zA-Z0-9\\p{S}\\p{L}](([a-zA-Z0-9-\\p{S}\\p{L}]{0,61}[a-zA-Z0-9\\p{S}\\p{L}])?)(\\.)){1,}([a-zA-Z\\p{L}]){2,63})$ \n The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, except that it allows hostnames longer than the maximum length: ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ \n Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname was saved via validation by the incorrect left operand of the | operator." + type: string + pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ + defaultHostname: + description: defaultHostname is the hostname of this route prior to customization. type: string - maxItems: 5 - type: array - currentHostnames: - description: currentHostnames is the list of current names used - by the route. Typically, this list should consist of a single - hostname, but if multiple hostnames are supported by the route - the operator may write multiple entries to this list. - items: - description: "Hostname is an alias for hostname string validation. - \n The left operand of the | is the original kubebuilder - hostname validation format, which is incorrect because it - allows upper case letters, disallows hyphen or number in - the TLD, and allows labels to start/end in non-alphanumeric - characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. - ^([a-zA-Z0-9\\p{S}\\p{L}]((-?[a-zA-Z0-9\\p{S}\\p{L}]{0,62})?)|([a-zA-Z0-9\\p{S}\\p{L}](([a-zA-Z0-9-\\p{S}\\p{L}]{0,61}[a-zA-Z0-9\\p{S}\\p{L}])?)(\\.)){1,}([a-zA-Z\\p{L}]){2,63})$ - \n The right operand of the | is a new pattern that mimics - the current API route admission validation on hostname, - except that it allows hostnames longer than the maximum - length: ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - \n Both operand patterns are made available so that modifications - on ingress spec can still happen after an invalid hostname - was saved via validation by the incorrect left operand of - the | operator." pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ + name: + description: "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized." type: string - minItems: 1 - type: array - defaultHostname: - description: defaultHostname is the hostname of this route prior - to customization. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: "name is the logical name of the route to customize. - It does not have to be the actual name of a route resource - but it cannot be renamed. \n The namespace and name of this - componentRoute must match a corresponding entry in the list - of spec.componentRoutes if the route is to be customized." - maxLength: 256 - minLength: 1 - type: string - namespace: - description: "namespace is the namespace of the route to customize. - It must be a real namespace. Using an actual namespace ensures - that no two components will conflict and the same component - can be installed multiple times. \n The namespace and name - of this componentRoute must match a corresponding entry in - the list of spec.componentRoutes if the route is to be customized." - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - relatedObjects: - description: relatedObjects is a list of resources which are - useful when debugging or inspecting how spec.componentRoutes - is applied. - items: - description: ObjectReference contains enough information to - let you inspect or modify the referred object. - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - required: - - group - - name - - resource - type: object - minItems: 1 - type: array - required: - - defaultHostname - - name - - namespace - - relatedObjects - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - defaultPlacement: - description: "defaultPlacement is set at installation time to control - which nodes will host the ingress router pods by default. The options - are control-plane nodes or worker nodes. \n This field works by - dictating how the Cluster Ingress Operator will consider unset replicas - and nodePlacement fields in IngressController resources when creating - the corresponding Deployments. \n See the documentation for the - IngressController replicas and nodePlacement fields for more information. - \n When omitted, the default value is Workers" - enum: - - ControlPlane - - Workers - - "" - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + maxLength: 256 + minLength: 1 + namespace: + description: "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized." + type: string + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + relatedObjects: + description: relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied. + type: array + minItems: 1 + items: + description: ObjectReference contains enough information to let you inspect or modify the referred object. + type: object + required: + - group + - name + - resource + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + x-kubernetes-list-map-keys: + - namespace + - name + x-kubernetes-list-type: map + defaultPlacement: + description: "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes. \n This field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments. \n See the documentation for the IngressController replicas and nodePlacement fields for more information. \n When omitted, the default value is Workers" + type: string + enum: + - ControlPlane + - Workers + - "" + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml index cdef73ec0..c01178506 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml @@ -17,192 +17,147 @@ spec: preserveUnknownFields: false scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network holds cluster-wide information about Network. The canonical - name is `cluster`. It is used to configure the desired network configuration, - such as: IP address pools for services/pod IPs, network plugin, etc. Please - view network.spec for an explanation on what applies when configuring this - resource. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration. As a general - rule, this SHOULD NOT be read directly. Instead, you should consume - the NetworkStatus, as it indicates the currently deployed configuration. - Currently, most spec fields are immutable after installation. Please - view the individual ones for further details on each. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. This field is immutable - after installation. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - externalIP: - description: externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is not allowed - to be set. - properties: - autoAssignCIDRs: - description: autoAssignCIDRs is a list of CIDRs from which to - automatically assign Service.ExternalIP. These are assigned - when the service is of type LoadBalancer. In general, this is - only useful for bare-metal clusters. In Openshift 3.x, this - was misleadingly called "IngressIPs". Automatically assigned - External IPs are not affected by any ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - policy: - description: policy is a set of restrictions applied to the ExternalIP - field. If nil or empty, then ExternalIP is not allowed to be - set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - rejectedCIDRs: - description: rejectedCIDRs is the list of disallowed CIDRs. - These take precedence over allowedCIDRs. - items: - type: string - type: array + - name: v1 + schema: + openAPIV3Schema: + description: "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. + type: object + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. This field is immutable after installation. + type: array + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated. type: object - type: object - networkType: - description: 'NetworkType is the plugin that is to be deployed (e.g. - OpenShiftSDN). This should match a value that the cluster-network-operator - understands, or else no networking will be installed. Currently - supported values are: - OpenShiftSDN This field is immutable after - installation.' - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. This field is immutable after installation. - items: + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset. + type: integer + format: int32 + minimum: 0 + externalIP: + description: externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set. + type: object + properties: + autoAssignCIDRs: + description: autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided. + type: array + items: + type: string + policy: + description: policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set. + type: object + properties: + allowedCIDRs: + description: allowedCIDRs is the list of allowed CIDRs. + type: array + items: + type: string + rejectedCIDRs: + description: rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs. + type: array + items: + type: string + networkType: + description: 'NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.' + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation. + type: array + items: + type: string + serviceNodePortRange: + description: The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed. type: string - type: array - serviceNodePortRange: - description: The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. Such - Services without a NodePort specified will have one automatically - allocated from this range. This parameter can be updated after the - cluster is installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. + pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. + type: array + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated. + type: object + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset. + type: integer + format: int32 + minimum: 0 + clusterNetworkMTU: + description: ClusterNetworkMTU is the MTU for inter-pod networking. + type: integer + migration: + description: Migration contains the cluster network migration configuration. + type: object properties: - cidr: - description: The complete block for pod IPs. + mtu: + description: MTU contains the MTU migration configuration. + type: object + properties: + machine: + description: Machine contains MTU migration configuration for the machine's uplink. + type: object + properties: + from: + description: From is the MTU to migrate from. + type: integer + format: int32 + minimum: 0 + to: + description: To is the MTU to migrate to. + type: integer + format: int32 + minimum: 0 + network: + description: Network contains MTU migration configuration for the default network. + type: object + properties: + from: + description: From is the MTU to migrate from. + type: integer + format: int32 + minimum: 0 + to: + description: To is the MTU to migrate to. + type: integer + format: int32 + minimum: 0 + networkType: + description: 'NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes' type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - clusterNetworkMTU: - description: ClusterNetworkMTU is the MTU for inter-pod networking. - type: integer - migration: - description: Migration contains the cluster network migration configuration. - properties: - mtu: - description: MTU contains the MTU migration configuration. - properties: - machine: - description: Machine contains MTU migration configuration - for the machine's uplink. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: Network contains MTU migration configuration - for the default network. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: 'NetworkType is the target plugin that is to be deployed. - Currently supported values are: OpenShiftSDN, OVNKubernetes' - enum: - - OpenShiftSDN - - OVNKubernetes - type: string - type: object - networkType: - description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. - items: + enum: + - OpenShiftSDN + - OVNKubernetes + networkType: + description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). type: string - type: array - type: object - required: - - spec - type: object - served: true - storage: true + serviceNetwork: + description: IP address pool for services. Currently, we only support a single entry here. + type: array + items: + type: string + served: true + storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml index ab135b221..a4ef368c2 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml @@ -16,51 +16,44 @@ spec: singular: node scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Node holds cluster-wide information about node specific features. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cgroupMode: - description: CgroupMode determines the cgroups version on the node - enum: - - v1 - - v2 - - "" - type: string - workerLatencyProfile: - description: WorkerLatencyProfile determins the how fast the kubelet - is updating the status and corresponding reaction of the cluster - enum: - - Default - - MediumUpdateAverageReaction - - LowUpdateSlowReaction - type: string - type: object - status: - description: status holds observed values. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: "Node holds cluster-wide information about node specific features. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + cgroupMode: + description: CgroupMode determines the cgroups version on the node + type: string + enum: + - v1 + - v2 + - "" + workerLatencyProfile: + description: WorkerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster + type: string + enum: + - Default + - MediumUpdateAverageReaction + - LowUpdateSlowReaction + status: + description: status holds observed values. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml index bc588e098..ba5ab8327 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml @@ -16,683 +16,429 @@ spec: singular: oauth scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OAuth holds cluster-wide information about OAuth. The canonical - name is `cluster`. It is used to configure the integrated OAuth server. - This configuration is only honored when the top level Authentication config - has type set to IntegratedOAuth. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - identityProviders: - description: identityProviders is an ordered list of ways for a user - to identify themselves. When this list is empty, no identities are - provisioned for users. - items: - description: IdentityProvider provides identities for users authenticating - using credentials - properties: - basicAuth: - description: basicAuth contains configuration options for the - BasicAuth IdP - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - tlsClientCert: - description: tlsClientCert is an optional reference to a - secret by name that contains the PEM-encoded TLS client - certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - tlsClientKey: - description: tlsClientKey is an optional reference to a - secret by name that contains the PEM-encoded TLS private - key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - github: - description: github enables user authentication using GitHub - credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. This can only be configured when hostname is set - to a non-empty value. The namespace for this config map - is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - hostname: - description: hostname is the optional domain (e.g. "mycompany.com") - for use with a hosted instance of GitHub Enterprise. It - must match the GitHub Enterprise settings value configured - at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts which organizations - are allowed to log in - items: + - name: v1 + schema: + openAPIV3Schema: + description: "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + identityProviders: + description: identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users. + type: array + items: + description: IdentityProvider provides identities for users authenticating using credentials + type: object + properties: + basicAuth: + description: basicAuth contains configuration options for the BasicAuth IdP + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: url is the remote URL to connect to type: string - type: array - teams: - description: teams optionally restricts which teams are - allowed to log in. Format is /. - items: + github: + description: github enables user authentication using GitHub credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + clientID: + description: clientID is the oauth client ID type: string - type: array - type: object - gitlab: - description: gitlab enables user authentication using GitLab - credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - url: - description: url is the oauth server base URL - type: string - type: object - google: - description: google enables user authentication using Google - credentials - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - hostedDomain: - description: hostedDomain is the optional Google App domain - (e.g. "mycompany.com") to restrict logins to - type: string - type: object - htpasswd: - description: htpasswd enables user authentication using an HTPasswd - file to validate credentials - properties: - fileData: - description: fileData is a required reference to a secret - by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. If the specified htpasswd data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - keystone: - description: keystone enables user authentication using keystone - password credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - domainName: - description: domainName is required for keystone v3 - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a - secret by name that contains the PEM-encoded TLS client - certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + hostname: + description: hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. + type: string + organizations: + description: organizations optionally restricts which organizations are allowed to log in + type: array + items: type: string - required: - - name - type: object - tlsClientKey: - description: tlsClientKey is an optional reference to a - secret by name that contains the PEM-encoded TLS private - key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret + teams: + description: teams optionally restricts which teams are allowed to log in. Format is /. + type: array + items: type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - ldap: - description: ldap enables user authentication using LDAP credentials - properties: - attributes: - description: attributes maps LDAP attributes to identities - properties: - email: - description: email is the list of attributes whose values - should be used as the email address. Optional. If - unspecified, no email is set for the identity - items: + gitlab: + description: gitlab enables user authentication using GitLab credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map type: string - type: array - id: - description: id is the list of attributes whose values - should be used as the user ID. Required. First non-empty - attribute is used. At least one attribute is required. - If none of the listed attribute have a value, authentication - fails. LDAP standard identity attribute is "dn" - items: + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret type: string - type: array - name: - description: name is the list of attributes whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity LDAP standard - display name attribute is "cn" - items: + url: + description: url is the oauth server base URL + type: string + google: + description: google enables user authentication using Google credentials + type: object + properties: + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret type: string - type: array - preferredUsername: - description: preferredUsername is the list of attributes - whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - items: + hostedDomain: + description: hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to + type: string + htpasswd: + description: htpasswd enables user authentication using an HTPasswd file to validate credentials + type: object + properties: + fileData: + description: fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key "htpasswd" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret type: string - type: array - type: object - bindDN: - description: bindDN is an optional DN to bind with during - the search phase. - type: string - bindPassword: - description: bindPassword is an optional reference to a - secret by name containing a password to bind with during - the search phase. The key "bindPassword" is used to locate - the data. If specified and the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - insecure: - description: 'insecure, if true, indicates the connection - should not use TLS WARNING: Should not be set to `true` - with the URL scheme "ldaps://" as "ldaps://" URLs always - attempt to connect using TLS, even when `insecure` is - set to `true` When `true`, "ldap://" URLS connect insecurely. - When `false`, "ldap://" URLs are upgraded to a TLS connection - using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' - type: boolean - url: - description: 'url is an RFC 2255 URL which specifies the - LDAP search parameters to use. The syntax of the URL is: - ldap://host:port/basedn?attribute?scope?filter' - type: string - type: object - mappingMethod: - description: mappingMethod determines how identities from this - provider are mapped to users Defaults to "claim" - type: string - name: - description: 'name is used to qualify the identities returned - by this provider. - It MUST be unique and not shared by any - other identity provider used - It MUST be a valid path segment: - name cannot equal "." or ".." or contain "/" or "%" or ":" - Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' - type: string - openID: - description: openID enables user authentication using OpenID - credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - claims: - description: claims mappings - properties: - email: - description: email is the list of claims whose values - should be used as the email address. Optional. If - unspecified, no email is set for the identity - items: + keystone: + description: keystone enables user authentication using keystone password credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map type: string - type: array - x-kubernetes-list-type: atomic - groups: - description: groups is the list of claims value of which - should be used to synchronize groups from the OIDC - provider to OpenShift for the user. If multiple claims - are specified, the first one with a non-empty value - is used. - items: - description: OpenIDClaim represents a claim retrieved - from an OpenID provider's tokens or userInfo responses - minLength: 1 + domainName: + description: domainName is required for keystone v3 + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret type: string - type: array - x-kubernetes-list-type: atomic - name: - description: name is the list of claims whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity - items: + tlsClientKey: + description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret type: string - type: array - x-kubernetes-list-type: atomic - preferredUsername: - description: preferredUsername is the list of claims - whose values should be used as the preferred username. - If unspecified, the preferred username is determined - from the value of the sub claim - items: + url: + description: url is the remote URL to connect to + type: string + ldap: + description: ldap enables user authentication using LDAP credentials + type: object + properties: + attributes: + description: attributes maps LDAP attributes to identities + type: object + properties: + email: + description: email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity + type: array + items: + type: string + id: + description: id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is "dn" + type: array + items: + type: string + name: + description: name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is "cn" + type: array + items: + type: string + preferredUsername: + description: preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is "uid" + type: array + items: + type: string + bindDN: + description: bindDN is an optional DN to bind with during the search phase. + type: string + bindPassword: + description: bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key "bindPassword" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret type: string - type: array - x-kubernetes-list-type: atomic - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - extraAuthorizeParameters: - additionalProperties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + insecure: + description: 'insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always attempt to connect using TLS, even when `insecure` is set to `true` When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' + type: boolean + url: + description: 'url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter' type: string - description: extraAuthorizeParameters are any custom parameters - to add to the authorize request. - type: object - extraScopes: - description: extraScopes are any scopes to request in addition - to the standard "openid" scope. - items: + mappingMethod: + description: mappingMethod determines how identities from this provider are mapped to users Defaults to "claim" + type: string + name: + description: 'name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + type: string + openID: + description: openID enables user authentication using OpenID credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + claims: + description: claims mappings + type: object + properties: + email: + description: email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity + type: array + items: + type: string + x-kubernetes-list-type: atomic + groups: + description: groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used. + type: array + items: + description: OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo responses + type: string + minLength: 1 + x-kubernetes-list-type: atomic + name: + description: name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity + type: array + items: + type: string + x-kubernetes-list-type: atomic + preferredUsername: + description: preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim + type: array + items: + type: string + x-kubernetes-list-type: atomic + clientID: + description: clientID is the oauth client ID type: string - type: array - issuer: - description: issuer is the URL that the OpenID Provider - asserts as its Issuer Identifier. It must use the https - scheme with no query or fragment component. - type: string - type: object - requestHeader: - description: requestHeader enables user authentication using - request header credentials - properties: - ca: - description: ca is a required reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. Specifically, it allows verification - of incoming requests to prevent header spoofing. The key - "ca.crt" is used to locate the data. If the config map - or expected key is not found, the identity provider is - not honored. If the specified ca data is not valid, the - identity provider is not honored. The namespace for this - config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + extraAuthorizeParameters: + description: extraAuthorizeParameters are any custom parameters to add to the authorize request. + type: object + additionalProperties: type: string - required: - - name - type: object - challengeURL: - description: challengeURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect WWW-Authenticate challenges will - be redirected here. ${url} is replaced with the current - URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. - type: string - clientCommonNames: - description: clientCommonNames is an optional list of common - names to require a match from. If empty, any client certificate - validated against the clientCA bundle is considered authoritative. - items: + extraScopes: + description: extraScopes are any scopes to request in addition to the standard "openid" scope. + type: array + items: + type: string + issuer: + description: issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component. type: string - type: array - emailHeaders: - description: emailHeaders is the set of headers to check - for the email address - items: + requestHeader: + description: requestHeader enables user authentication using request header credentials + type: object + properties: + ca: + description: ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key "ca.crt" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + challengeURL: + description: challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when challenge is set to true. type: string - type: array - headers: - description: headers is the set of headers to check for - identity information - items: + clientCommonNames: + description: clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative. + type: array + items: + type: string + emailHeaders: + description: emailHeaders is the set of headers to check for the email address + type: array + items: + type: string + headers: + description: headers is the set of headers to check for identity information + type: array + items: + type: string + loginURL: + description: loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when login is set to true. type: string - type: array - loginURL: - description: loginURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect interactive logins will be redirected - here ${url} is replaced with the current URL, escaped - to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. + nameHeaders: + description: nameHeaders is the set of headers to check for the display name + type: array + items: + type: string + preferredUsernameHeaders: + description: preferredUsernameHeaders is the set of headers to check for the preferred username + type: array + items: + type: string + type: + description: type identifies the identity provider type for this entry. + type: string + x-kubernetes-list-type: atomic + templates: + description: templates allow you to customize pages like the login page. + type: object + properties: + error: + description: error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key "errors.html" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret type: string - nameHeaders: - description: nameHeaders is the set of headers to check - for the display name - items: - type: string - type: array - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set of headers - to check for the preferred username - items: - type: string - type: array + login: + description: login is the name of a secret that specifies a go template to use to render the login page. The key "login.html" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config. type: object - type: - description: type identifies the identity provider type for - this entry. - type: string + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + providerSelection: + description: providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key "providers.html" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tokenConfig: + description: tokenConfig contains options for authorization and access tokens type: object - type: array - x-kubernetes-list-type: atomic - templates: - description: templates allow you to customize pages like the login - page. - properties: - error: - description: error is the name of a secret that specifies a go - template to use to render error pages during the authentication - or grant flow. The key "errors.html" is used to locate the template - data. If specified and the secret or expected key is not found, - the default error page is used. If the specified template is - not valid, the default error page is used. If unspecified, the - default error page is used. The namespace for this secret is - openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - login: - description: login is the name of a secret that specifies a go - template to use to render the login page. The key "login.html" - is used to locate the template data. If specified and the secret - or expected key is not found, the default login page is used. - If the specified template is not valid, the default login page - is used. If unspecified, the default login page is used. The - namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - providerSelection: - description: providerSelection is the name of a secret that specifies - a go template to use to render the provider selection page. - The key "providers.html" is used to locate the template data. - If specified and the secret or expected key is not found, the - default provider selection page is used. If the specified template - is not valid, the default provider selection page is used. If - unspecified, the default provider selection page is used. The - namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - type: object - tokenConfig: - description: tokenConfig contains options for authorization and access - tokens - properties: - accessTokenInactivityTimeout: - description: "accessTokenInactivityTimeout defines the token inactivity - timeout for tokens granted by any client. The value represents - the maximum amount of time that can occur between consecutive - uses of the token. Tokens become invalid if they are not used - within this temporal window. The user will need to acquire a - new token to regain access once a token times out. Takes valid - time duration string such as \"5m\", \"1.5h\" or \"2h45m\". - The minimum allowed value for duration is 300s (5 minutes). - If the timeout is configured per client, then that value takes - precedence. If the timeout value is not specified and the client - does not override the value, then tokens are valid until their - lifetime. \n WARNING: existing tokens' timeout will not be affected - (lowered) by changing this value" - type: string - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: - setting this field has no effect.' - format: int32 - type: integer - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum age - of access tokens - format: int32 - type: integer - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + properties: + accessTokenInactivityTimeout: + description: "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime. \n WARNING: existing tokens' timeout will not be affected (lowered) by changing this value" + type: string + accessTokenInactivityTimeoutSeconds: + description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.' + type: integer + format: int32 + accessTokenMaxAgeSeconds: + description: accessTokenMaxAgeSeconds defines the maximum age of access tokens + type: integer + format: int32 + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml index ec2c7af3f..42f745c67 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml @@ -16,53 +16,40 @@ spec: singular: project scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Project holds cluster-wide information about Project. The canonical - name is `cluster` \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - projectRequestMessage: - description: projectRequestMessage is the string presented to a user - if they are unable to request a project via the projectrequest api - endpoint - type: string - projectRequestTemplate: - description: projectRequestTemplate is the template to use for creating - projects in response to projectrequest. This must point to a template - in 'openshift-config' namespace. It is optional. If it is not specified, - a default template is used. - properties: - name: - description: name is the metadata.name of the referenced project - request template - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: "Project holds cluster-wide information about Project. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + projectRequestMessage: + description: projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint + type: string + projectRequestTemplate: + description: projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used. + type: object + properties: + name: + description: name is the metadata.name of the referenced project request template + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml index ff9301110..f161bc432 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml @@ -16,93 +16,53 @@ spec: singular: scheduler scope: Cluster versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Scheduler holds cluster-wide config information to run the Kubernetes - Scheduler and influence its placement decisions. The canonical name for - this config is `cluster`. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - defaultNodeSelector: - description: 'defaultNodeSelector helps set the cluster-wide default - node selector to restrict pod placement to specific nodes. This - is applied to the pods created in all namespaces and creates an - intersection with any existing nodeSelectors already set on a pod, - additionally constraining that pod''s selector. For example, defaultNodeSelector: - "type=user-node,region=east" would set nodeSelector field in pod - spec to "type=user-node,region=east" to all pods created in all - namespaces. Namespaces having project-wide node selectors won''t - be impacted even if this field is set. This adds an annotation section - to the namespace. For example, if a new namespace is created with - node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: - type=user-node,region=east gets added to the project. When the openshift.io/node-selector - annotation is set on the project the value is used in preference - to the value we are setting for defaultNodeSelector field. For instance, - openshift.io/node-selector: "type=user-node,region=west" means that - the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied.' - type: string - mastersSchedulable: - description: 'MastersSchedulable allows masters nodes to be schedulable. - When this flag is turned on, all the master nodes in the cluster - will be made schedulable, so that workload pods can run on them. - The default value for this field is false, meaning none of the master - nodes are schedulable. Important Note: Once the workload pods start - running on the master nodes, extreme care must be taken to ensure - that cluster-critical control plane components are not impacted. - Please turn on this field after doing due diligence.' - type: boolean - policy: - description: 'DEPRECATED: the scheduler Policy API has been deprecated - and will be removed in a future release. policy is a reference to - a ConfigMap containing scheduler policy which has user specified - predicates and priorities. If this ConfigMap is not available scheduler - will default to use DefaultAlgorithmProvider. The namespace for - this configmap is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - profile: - description: "profile sets which scheduling profile should be set - in order to configure scheduling decisions for new pods. \n Valid - values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" - Defaults to \"LowNodeUtilization\"" - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + defaultNodeSelector: + description: 'defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod''s selector. For example, defaultNodeSelector: "type=user-node,region=east" would set nodeSelector field in pod spec to "type=user-node,region=east" to all pods created in all namespaces. Namespaces having project-wide node selectors won''t be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: "type=user-node,region=west" means that the default of "type=user-node,region=east" set in defaultNodeSelector would not be applied.' + type: string + mastersSchedulable: + description: 'MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.' + type: boolean + policy: + description: 'DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + profile: + description: "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods. \n Valid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"" + type: string + enum: + - "" + - LowNodeUtilization + - HighNodeUtilization + - NoScoring + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/Makefile b/vendor/github.com/openshift/api/config/v1/Makefile new file mode 100644 index 000000000..66bf63630 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="config.openshift.io/v1" diff --git a/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml new file mode 100644 index 000000000..5c28143d5 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] APIServer" +crd: 0000_10_config-operator_01_apiserver.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ClusterOperator + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: {} # No spec is required for a APIServer + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default diff --git a/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml new file mode 100644 index 000000000..dec366756 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Authentication" +crd: 0000_10_config-operator_01_authentication.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Authentication + initial: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: {} # No spec is required for a Authentication + expected: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml new file mode 100644 index 000000000..cdd8a9b70 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Build" +crd: 0000_10_config-operator_01_build.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Build + initial: | + apiVersion: config.openshift.io/v1 + kind: Build + spec: {} # No spec is required for a Build + expected: | + apiVersion: config.openshift.io/v1 + kind: Build + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml new file mode 100644 index 000000000..177e8f691 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ClusterOperator" +crd: 0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ClusterOperator + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterOperator + spec: {} # No spec is required for a ClusterOperator + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterOperator + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml new file mode 100644 index 000000000..b966b29a8 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml @@ -0,0 +1,138 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ClusterVersion" +crd: 0000_00_cluster-version-operator_01_clusterversion.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ClusterVersion + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + - name: Should allow image to be set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + image: bar + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + image: bar + - name: Should allow version to be set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + version: 4.11.1 + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + version: 4.11.1 + - name: Should allow architecture to be empty + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: "" + version: 4.11.1 + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: "" + version: 4.11.1 + - name: Should allow architecture and version to be set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + - name: Version must be set if architecture is set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + expectedError: "Version must be set if Architecture is set" + - name: Should not allow image and architecture to be set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + image: bar + expectedError: "cannot set both Architecture and Image" + onUpdate: + - name: Should not allow image to be set if architecture set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + image: bar + expectedError: "cannot set both Architecture and Image" + - name: Should not allow architecture to be set if image set + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + image: bar + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + desiredUpdate: + architecture: Multi + version: 4.11.1 + image: bar + expectedError: "cannot set both Architecture and Image" diff --git a/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml new file mode 100644 index 000000000..0081816fc --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Console" +crd: 0000_10_config-operator_01_console.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Console + initial: | + apiVersion: config.openshift.io/v1 + kind: Console + spec: {} # No spec is required for a Console + expected: | + apiVersion: config.openshift.io/v1 + kind: Console + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml new file mode 100644 index 000000000..c69f50050 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] DNS" +crd: 0000_10_config-operator_01_dns.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal DNS + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} # No spec is required for a DNS + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml new file mode 100644 index 000000000..6b6a4327a --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] FeatureGate" +crd: 0000_10_config-operator_01_featuregate.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal FeatureGate + initial: | + apiVersion: config.openshift.io/v1 + kind: FeatureGate + spec: {} # No spec is required for a FeatureGate + expected: | + apiVersion: config.openshift.io/v1 + kind: FeatureGate + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml new file mode 100644 index 000000000..6bfbb820f --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Image" +crd: 0000_10_config-operator_01_image.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Image + initial: | + apiVersion: config.openshift.io/v1 + kind: Image + spec: {} # No spec is required for a Image + expected: | + apiVersion: config.openshift.io/v1 + kind: Image + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml new file mode 100644 index 000000000..bffdb6bcd --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ImageContentPolicy" +crd: 0000_10_config-operator_01_imagecontentpolicy.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ImageContentPolicy + initial: | + apiVersion: config.openshift.io/v1 + kind: ImageContentPolicy + spec: {} # No spec is required for a ImageContentPolicy + expected: | + apiVersion: config.openshift.io/v1 + kind: ImageContentPolicy + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml new file mode 100644 index 000000000..c25b1696b --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ImageDigestMirrorSet" +crd: 0000_10_config-operator_01_imagedigestmirrorset.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ImageDigestMirrorSet + initial: | + apiVersion: config.openshift.io/v1 + kind: ImageDigestMirrorSet + spec: {} # No spec is required for a ImageDigestMirrorSet + expected: | + apiVersion: config.openshift.io/v1 + kind: ImageDigestMirrorSet + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml new file mode 100644 index 000000000..de91eb2c5 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] ImageTagMirrorSet" +crd: 0000_10_config-operator_01_imagetagmirrorset.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal ImageTagMirrorSet + initial: | + apiVersion: config.openshift.io/v1 + kind: ImageTagMirrorSet + spec: {} # No spec is required for a ImageTagMirrorSet + expected: | + apiVersion: config.openshift.io/v1 + kind: ImageTagMirrorSet + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml new file mode 100644 index 000000000..e609e56ab --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Infrastructure" +crd: 0000_10_config-operator_01_infrastructure-Default.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Infrastructure + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} # No spec is required for a Infrastructure + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml new file mode 100644 index 000000000..90d48e896 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Ingress" +crd: 0000_10_config-operator_01_ingress.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Ingress + initial: | + apiVersion: config.openshift.io/v1 + kind: Ingress + spec: {} # No spec is required for a Ingress + expected: | + apiVersion: config.openshift.io/v1 + kind: Ingress + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml new file mode 100644 index 000000000..e8a8bcfaf --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Network" +crd: 0000_10_config-operator_01_network.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Network + initial: | + apiVersion: config.openshift.io/v1 + kind: Network + spec: {} # No spec is required for a Network + expected: | + apiVersion: config.openshift.io/v1 + kind: Network + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml new file mode 100644 index 000000000..d6502600b --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Node" +crd: 0000_10_config-operator_01_node.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Node + initial: | + apiVersion: config.openshift.io/v1 + kind: Node + spec: {} # No spec is required for a Node + expected: | + apiVersion: config.openshift.io/v1 + kind: Node + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml new file mode 100644 index 000000000..d33d2bc1b --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] OAuth" +crd: 0000_10_config-operator_01_oauth.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal OAuth + initial: | + apiVersion: config.openshift.io/v1 + kind: OAuth + spec: {} # No spec is required for a OAuth + expected: | + apiVersion: config.openshift.io/v1 + kind: OAuth + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml new file mode 100644 index 000000000..9dd7a4c6d --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] OperatorHub" +crd: 0000_03_marketplace-operator_01_operatorhub.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal OperatorHub + initial: | + apiVersion: config.openshift.io/v1 + kind: OperatorHub + spec: {} # No spec is required for a OperatorHub + expected: | + apiVersion: config.openshift.io/v1 + kind: OperatorHub + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml new file mode 100644 index 000000000..0144ad32f --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Project" +crd: 0000_10_config-operator_01_project.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Project + initial: | + apiVersion: config.openshift.io/v1 + kind: Project + spec: {} # No spec is required for a Project + expected: | + apiVersion: config.openshift.io/v1 + kind: Project + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml new file mode 100644 index 000000000..d49b83247 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Proxy" +crd: 0000_03_config-operator_01_proxy.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Proxy + initial: | + apiVersion: config.openshift.io/v1 + kind: Proxy + spec: {} # No spec is required for a Proxy + expected: | + apiVersion: config.openshift.io/v1 + kind: Proxy + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml new file mode 100644 index 000000000..d9333b558 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] Scheduler" +crd: 0000_10_config-operator_01_scheduler.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Scheduler + initial: | + apiVersion: config.openshift.io/v1 + kind: Scheduler + spec: {} # No spec is required for a Scheduler + expected: | + apiVersion: config.openshift.io/v1 + kind: Scheduler + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml new file mode 100644 index 000000000..23580beea --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreviewNoUpgrade] Infrastructure" +crd: 0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Infrastructure + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} # No spec is required for a Infrastructure + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 7f346069e..f00baa163 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -59,12 +59,11 @@ type AuthenticationSpec struct { // serviceAccountIssuer is the identifier of the bound service account token // issuer. // The default is https://kubernetes.default.svc - // WARNING: Updating this field will result in the invalidation of - // all bound tokens with the previous issuer value. Unless the - // holder of a bound token has explicit support for a change in - // issuer, they will not request a new bound token until pod - // restart or until their existing token exceeds 80% of its - // duration. + // WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the + // previous issuer value. Instead, the tokens issued by previous service account issuer will continue to + // be trusted for a time period chosen by the platform (currently set to 24h). + // This time period is subject to change over time. + // This allows internal components to transition to use new service account issuer without service distruption. // +optional ServiceAccountIssuer string `json:"serviceAccountIssuer"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 58dd358c4..195313eee 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -45,8 +45,17 @@ type ClusterVersionSpec struct { // the current version does not match the desired version). The set of // recommended update values is listed as part of available updates in // status, and setting values outside that range may cause the upgrade - // to fail. You may specify the version field without setting image if - // an update exists with that version in the availableUpdates or history. + // to fail. + // + // Some of the fields are inter-related with restrictions and meanings described here. + // 1. image is specified, version is specified, architecture is specified. API validation error. + // 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. + // 3. image is specified, version is not specified, architecture is specified. API validation error. + // 4. image is specified, version is not specified, architecture is not specified. image is used. + // 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. + // 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. + // 7. image is not specified, version is not specified, architecture is specified. API validation error. + // 8. image is not specified, version is not specified, architecture is not specified. API validation error. // // If an upgrade fails the operator will halt and report status // about the failing component. Setting the desired update value back to @@ -191,7 +200,7 @@ type UpdateHistory struct { // +nullable CompletionTime *metav1.Time `json:"completionTime"` - // version is a semantic versioning identifying the update version. If the + // version is a semantic version identifying the update version. If the // requested image does not define a version, or if a failure occurs // retrieving the image, this value may be empty. // @@ -224,6 +233,16 @@ type UpdateHistory struct { // ClusterID is string RFC4122 uuid. type ClusterID string +// ClusterVersionArchitecture enumerates valid cluster architectures. +// +kubebuilder:validation:Enum="Multi";"" +type ClusterVersionArchitecture string + +const ( + // ClusterVersionArchitectureMulti identifies a multi architecture. A multi + // architecture cluster is capable of running nodes with multiple architectures. + ClusterVersionArchitectureMulti ClusterVersionArchitecture = "Multi" +) + // ClusterVersionCapability enumerates optional, core cluster components. // +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot type ClusterVersionCapability string @@ -406,17 +425,33 @@ type ComponentOverride struct { type URL string // Update represents an administrator update request. +// +kubebuilder:validation:XValidation:rule="has(self.architecture) && has(self.image) ? (self.architecture == '' || self.image == '') : true",message="cannot set both Architecture and Image" +// +kubebuilder:validation:XValidation:rule="has(self.architecture) && self.architecture != '' ? self.version != '' : true",message="Version must be set if Architecture is set" // +k8s:deepcopy-gen=true type Update struct { - // version is a semantic versioning identifying the update version. When this - // field is part of spec, version is optional if image is specified. + // architecture is an optional field that indicates the desired + // value of the cluster architecture. In this context cluster + // architecture means either a single architecture or a multi + // architecture. architecture can only be set to Multi thereby + // only allowing updates from single to multi architecture. If + // architecture is set, image cannot be set and version must be + // set. + // Valid values are 'Multi' and empty. + // + // +optional + Architecture ClusterVersionArchitecture `json:"architecture"` + + // version is a semantic version identifying the update version. + // version is ignored if image is specified and required if + // architecture is specified. // // +optional Version string `json:"version"` - // image is a container image location that contains the update. When this - // field is part of spec, image is optional if version is specified and the - // availableUpdates field contains a matching version. + // image is a container image location that contains the update. + // image should be used when the desired version does not exist in availableUpdates or history. + // When image is set, version is ignored. When image is set, version should be empty. + // When image is set, architecture cannot be specified. // // +optional Image string `json:"image"` @@ -435,7 +470,7 @@ type Update struct { // Release represents an OpenShift release image and associated metadata. // +k8s:deepcopy-gen=true type Release struct { - // version is a semantic versioning identifying the update version. When this + // version is a semantic version identifying the update version. When this // field is part of spec, version is optional if image is specified. // +required Version string `json:"version"` diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index cef620a9c..949ca5d48 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -109,16 +109,19 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ Disabled: []string{}, }, TechPreviewNoUpgrade: newDefaultFeatures(). - with("CSIMigrationAzureFile"). // sig-storage, fbertina, Kubernetes feature gate - with("CSIMigrationvSphere"). // sig-storage, fbertina, Kubernetes feature gate - with("ExternalCloudProvider"). // sig-cloud-provider, jspeed, OCP specific - with("CSIDriverSharedResource"). // sig-build, adkaplan, OCP specific - with("BuildCSIVolumes"). // sig-build, adkaplan, OCP specific - with("NodeSwap"). // sig-node, ehashman, Kubernetes feature gate - with("MachineAPIProviderOpenStack"). // openstack, egarcia (#forum-openstack), OCP specific - with("CGroupsV2"). // sig-node, harche, OCP specific - with("Crun"). // sig-node, haircommander, OCP specific - with("InsightsConfigAPI"). // insights, tremes (#ccx), OCP specific + with("CSIMigrationAzureFile"). // sig-storage, fbertina, Kubernetes feature gate + with("CSIMigrationvSphere"). // sig-storage, fbertina, Kubernetes feature gate + with("ExternalCloudProvider"). // sig-cloud-provider, jspeed, OCP specific + with("CSIDriverSharedResource"). // sig-build, adkaplan, OCP specific + with("BuildCSIVolumes"). // sig-build, adkaplan, OCP specific + with("NodeSwap"). // sig-node, ehashman, Kubernetes feature gate + with("MachineAPIProviderOpenStack"). // openstack, egarcia (#forum-openstack), OCP specific + with("CGroupsV2"). // sig-node, harche, OCP specific + with("Crun"). // sig-node, haircommander, OCP specific + with("InsightsConfigAPI"). // insights, tremes (#ccx), OCP specific + with("CSIInlineVolumeAdmission"). // sig-storage, jdobson, OCP specific + with("MatchLabelKeysInPodTopologySpread"). // sig-scheduling, ingvagabund (#forum-workloads), Kubernetes feature gate + with("OpenShiftPodSecurityAdmission"). // bz-auth, standa, OCP specific toFeatures(), LatencySensitive: newDefaultFeatures(). with( diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 09f919253..149e46ac3 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -600,9 +600,202 @@ type OvirtPlatformStatus struct { NodeDNSIP string `json:"nodeDNSIP,omitempty"` } +// VSpherePlatformFailureDomainSpec holds the region and zone failure domain and +// the vCenter topology of that failure domain. +type VSpherePlatformFailureDomainSpec struct { + // name defines the arbitrary but unique name + // of a failure domain. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name"` + + // region defines the name of a region tag that will + // be attached to a vCenter datacenter. The tag + // category in vCenter must be named openshift-region. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=80 + // +kubebuilder:validation:Required + Region string `json:"region"` + + // zone defines the name of a zone tag that will + // be attached to a vCenter cluster. The tag + // category in vCenter must be named openshift-zone. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=80 + // +kubebuilder:validation:Required + Zone string `json:"zone"` + + // server is the fully-qualified domain name or the IP address of the vCenter server. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // --- + // + Validation is applied via a patch, we validate the format as either ipv4, ipv6 or hostname + Server string `json:"server"` + + // Topology describes a given failure domain using vSphere constructs + // +kubebuilder:validation:Required + Topology VSpherePlatformTopology `json:"topology"` +} + +// VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, +// computeCluster, networks, datastore and resourcePool - to provision virtual machines. +type VSpherePlatformTopology struct { + // datacenter is the name of vCenter datacenter in which virtual machines will be located. + // The maximum length of the datacenter name is 80 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=80 + Datacenter string `json:"datacenter"` + + // computeCluster the absolute path of the vCenter cluster + // in which virtual machine will be located. + // The absolute path is of the form //host/. + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/host/.*?` + ComputeCluster string `json:"computeCluster"` + + // networks is the list of port group network names within this failure domain. + // Currently, we only support a single interface per RHCOS virtual machine. + // The available networks (port groups) can be listed using + // `govc ls 'network/*'` + // The single interface should be the absolute path of the form + // //network/. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:MinItems=1 + Networks []string `json:"networks"` + + // datastore is the absolute path of the datastore in which the + // virtual machine is located. + // The absolute path is of the form //datastore/ + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/datastore/.*?` + Datastore string `json:"datastore"` + + // resourcePool is the absolute path of the resource pool where virtual machines will be + // created. The absolute path is of the form //host//Resources/. + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/host/.*?/Resources.*` + // +optional + ResourcePool string `json:"resourcePool,omitempty"` + + // folder is the absolute path of the folder where + // virtual machines are located. The absolute path + // is of the form //vm/. + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/vm/.*?` + // +optional + Folder string `json:"folder,omitempty"` +} + +// VSpherePlatformVCenterSpec stores the vCenter connection fields. +// This is used by the vSphere CCM. +type VSpherePlatformVCenterSpec struct { + + // server is the fully-qualified domain name or the IP address of the vCenter server. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=255 + // --- + // + Validation is applied via a patch, we validate the format as either ipv4, ipv6 or hostname + Server string `json:"server"` + + // port is the TCP port that will be used to communicate to + // the vCenter endpoint. + // When omitted, this means the user has no opinion and + // it is up to the platform to choose a sensible default, + // which is subject to change over time. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=32767 + // +optional + Port int32 `json:"port,omitempty"` + + // The vCenter Datacenters in which the RHCOS + // vm guests are located. This field will + // be used by the Cloud Controller Manager. + // Each datacenter listed here should be used within + // a topology. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + Datacenters []string `json:"datacenters"` +} + +// VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for +// including and excluding IP ranges in the cloud provider. +// This would be used for example when multiple network adapters are attached to +// a guest to help determine which IP address the cloud config manager should use +// for the external and internal node networking. +type VSpherePlatformNodeNetworkingSpec struct { + // networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs + // that will be used in respective status.addresses fields. + // --- + // + Validation is applied via a patch, we validate the format as cidr + // +optional + NetworkSubnetCIDR []string `json:"networkSubnetCidr,omitempty"` + + // network VirtualMachine's VM Network names that will be used to when searching + // for status.addresses fields. Note that if internal.networkSubnetCIDR and + // external.networkSubnetCIDR are not set, then the vNIC associated to this network must + // only have a single IP address assigned to it. + // The available networks (port groups) can be listed using + // `govc ls 'network/*'` + // +optional + Network string `json:"network,omitempty"` + + // excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting + // the IP address from the VirtualMachine's VM for use in the status.addresses fields. + // --- + // + Validation is applied via a patch, we validate the format as cidr + // +optional + ExcludeNetworkSubnetCIDR []string `json:"excludeNetworkSubnetCidr,omitempty"` +} + +// VSpherePlatformNodeNetworking holds the external and internal node networking spec. +type VSpherePlatformNodeNetworking struct { + // external represents the network configuration of the node that is externally routable. + // +optional + External VSpherePlatformNodeNetworkingSpec `json:"external"` + // internal represents the network configuration of the node that is routable only within the cluster. + // +optional + Internal VSpherePlatformNodeNetworkingSpec `json:"internal"` +} + // VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. -// This only includes fields that can be modified in the cluster. -type VSpherePlatformSpec struct{} +// In the future the cloud provider operator, storage operator and machine operator will +// use these fields for configuration. +type VSpherePlatformSpec struct { + // vcenters holds the connection details for services to communicate with vCenter. + // Currently, only a single vCenter is supported. + // --- + // + If VCenters is not defined use the existing cloud-config configmap defined + // + in openshift-config. + // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:MinItems=0 + // +optional + VCenters []VSpherePlatformVCenterSpec `json:"vcenters,omitempty"` + + // failureDomains contains the definition of region, zone and the vCenter topology. + // If this is omitted failure domains (regions and zones) will not be used. + // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +optional + FailureDomains []VSpherePlatformFailureDomainSpec `json:"failureDomains,omitempty"` + + // nodeNetworking contains the definition of internal and external network constraints for + // assigning the node's networking. + // If this field is omitted, networking defaults to the legacy + // address selection behavior which is to only support a single address and + // return the first one found. + // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +optional + NodeNetworking VSpherePlatformNodeNetworking `json:"nodeNetworking,omitempty"` +} // VSpherePlatformStatus holds the current status of the vSphere infrastructure provider. type VSpherePlatformStatus struct { @@ -652,7 +845,7 @@ type VSpherePlatformStatus struct { // This only includes fields that can be modified in the cluster. type IBMCloudPlatformSpec struct{} -//IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider. +// IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider. type IBMCloudPlatformStatus struct { // Location is where the cluster has been deployed Location string `json:"location,omitempty"` diff --git a/vendor/github.com/openshift/api/config/v1/types_ingress.go b/vendor/github.com/openshift/api/config/v1/types_ingress.go index cf3bafa94..1dec6b1d3 100644 --- a/vendor/github.com/openshift/api/config/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go @@ -89,7 +89,7 @@ type IngressSpec struct { // loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure // provider of the current cluster and are required for Ingress Controller to work on OpenShift. // +optional - LoadBalancer LoadBalancer `json:"loadbalancer,omitempty"` + LoadBalancer LoadBalancer `json:"loadBalancer,omitempty"` } // IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index ba6d3b72d..59e92ad7a 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -4004,7 +4004,7 @@ func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { if in.VSphere != nil { in, out := &in.VSphere, &out.VSphere *out = new(VSpherePlatformSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.IBMCloud != nil { in, out := &in.IBMCloud, &out.IBMCloud @@ -4880,9 +4880,85 @@ func (in *UpdateHistory) DeepCopy() *UpdateHistory { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformFailureDomainSpec) DeepCopyInto(out *VSpherePlatformFailureDomainSpec) { + *out = *in + in.Topology.DeepCopyInto(&out.Topology) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformFailureDomainSpec. +func (in *VSpherePlatformFailureDomainSpec) DeepCopy() *VSpherePlatformFailureDomainSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformFailureDomainSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformNodeNetworking) DeepCopyInto(out *VSpherePlatformNodeNetworking) { + *out = *in + in.External.DeepCopyInto(&out.External) + in.Internal.DeepCopyInto(&out.Internal) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformNodeNetworking. +func (in *VSpherePlatformNodeNetworking) DeepCopy() *VSpherePlatformNodeNetworking { + if in == nil { + return nil + } + out := new(VSpherePlatformNodeNetworking) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformNodeNetworkingSpec) DeepCopyInto(out *VSpherePlatformNodeNetworkingSpec) { + *out = *in + if in.NetworkSubnetCIDR != nil { + in, out := &in.NetworkSubnetCIDR, &out.NetworkSubnetCIDR + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExcludeNetworkSubnetCIDR != nil { + in, out := &in.ExcludeNetworkSubnetCIDR, &out.ExcludeNetworkSubnetCIDR + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformNodeNetworkingSpec. +func (in *VSpherePlatformNodeNetworkingSpec) DeepCopy() *VSpherePlatformNodeNetworkingSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformNodeNetworkingSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VSpherePlatformSpec) DeepCopyInto(out *VSpherePlatformSpec) { *out = *in + if in.VCenters != nil { + in, out := &in.VCenters, &out.VCenters + *out = make([]VSpherePlatformVCenterSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.FailureDomains != nil { + in, out := &in.FailureDomains, &out.FailureDomains + *out = make([]VSpherePlatformFailureDomainSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.NodeNetworking.DeepCopyInto(&out.NodeNetworking) return } @@ -4922,6 +4998,48 @@ func (in *VSpherePlatformStatus) DeepCopy() *VSpherePlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformTopology) DeepCopyInto(out *VSpherePlatformTopology) { + *out = *in + if in.Networks != nil { + in, out := &in.Networks, &out.Networks + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformTopology. +func (in *VSpherePlatformTopology) DeepCopy() *VSpherePlatformTopology { + if in == nil { + return nil + } + out := new(VSpherePlatformTopology) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformVCenterSpec) DeepCopyInto(out *VSpherePlatformVCenterSpec) { + *out = *in + if in.Datacenters != nil { + in, out := &in.Datacenters, &out.Datacenters + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformVCenterSpec. +func (in *VSpherePlatformVCenterSpec) DeepCopy() *VSpherePlatformVCenterSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformVCenterSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 69e697a57..5bf6f578c 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -364,7 +364,7 @@ var map_AuthenticationSpec = map[string]string{ "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", "webhookTokenAuthenticators": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", "webhookTokenAuthenticator": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.", - "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will result in the invalidation of all bound tokens with the previous issuer value. Unless the holder of a bound token has explicit support for a change in issuer, they will not request a new bound token until pod restart or until their existing token exceeds 80% of its duration.", + "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.", } func (AuthenticationSpec) SwaggerDoc() map[string]string { @@ -579,7 +579,7 @@ func (ClusterVersionList) SwaggerDoc() map[string]string { var map_ClusterVersionSpec = map[string]string{ "": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", "clusterID": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", - "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. You may specify the version field without setting image if an update exists with that version in the availableUpdates or history.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", + "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", "upstream": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", "channel": "channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.", "capabilities": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", @@ -653,7 +653,7 @@ func (PromQLClusterCondition) SwaggerDoc() map[string]string { var map_Release = map[string]string{ "": "Release represents an OpenShift release image and associated metadata.", - "version": "version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified.", + "version": "version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.", "image": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", "url": "url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.", "channels": "channels is the set of Cincinnati channels to which the release currently belongs.", @@ -664,10 +664,11 @@ func (Release) SwaggerDoc() map[string]string { } var map_Update = map[string]string{ - "": "Update represents an administrator update request.", - "version": "version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified.", - "image": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", - "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", + "": "Update represents an administrator update request.", + "architecture": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", + "version": "version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.", + "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.", + "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", } func (Update) SwaggerDoc() map[string]string { @@ -679,7 +680,7 @@ var map_UpdateHistory = map[string]string{ "state": "state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).", "startedTime": "startedTime is the time at which the update was started.", "completionTime": "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", - "version": "version is a semantic versioning identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", + "version": "version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", "image": "image is a container image location that contains the update. This value is always populated.", "verified": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.", "acceptedRisks": "acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.", @@ -1370,8 +1371,45 @@ func (PowerVSServiceEndpoint) SwaggerDoc() map[string]string { return map_PowerVSServiceEndpoint } +var map_VSpherePlatformFailureDomainSpec = map[string]string{ + "": "VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.", + "name": "name defines the arbitrary but unique name of a failure domain.", + "region": "region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.", + "zone": "zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.", + "server": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "topology": "Topology describes a given failure domain using vSphere constructs", +} + +func (VSpherePlatformFailureDomainSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformFailureDomainSpec +} + +var map_VSpherePlatformNodeNetworking = map[string]string{ + "": "VSpherePlatformNodeNetworking holds the external and internal node networking spec.", + "external": "external represents the network configuration of the node that is externally routable.", + "internal": "internal represents the network configuration of the node that is routable only within the cluster.", +} + +func (VSpherePlatformNodeNetworking) SwaggerDoc() map[string]string { + return map_VSpherePlatformNodeNetworking +} + +var map_VSpherePlatformNodeNetworkingSpec = map[string]string{ + "": "VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for including and excluding IP ranges in the cloud provider. This would be used for example when multiple network adapters are attached to a guest to help determine which IP address the cloud config manager should use for the external and internal node networking.", + "networkSubnetCidr": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields.", + "network": "network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`", + "excludeNetworkSubnetCidr": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields.", +} + +func (VSpherePlatformNodeNetworkingSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformNodeNetworkingSpec +} + var map_VSpherePlatformSpec = map[string]string{ - "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. This only includes fields that can be modified in the cluster.", + "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", + "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported.", + "failureDomains": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", + "nodeNetworking": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", } func (VSpherePlatformSpec) SwaggerDoc() map[string]string { @@ -1391,6 +1429,31 @@ func (VSpherePlatformStatus) SwaggerDoc() map[string]string { return map_VSpherePlatformStatus } +var map_VSpherePlatformTopology = map[string]string{ + "": "VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, computeCluster, networks, datastore and resourcePool - to provision virtual machines.", + "datacenter": "datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.", + "computeCluster": "computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters.", + "networks": "networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form //network/.", + "datastore": "datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters.", + "resourcePool": "resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters.", + "folder": "folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters.", +} + +func (VSpherePlatformTopology) SwaggerDoc() map[string]string { + return map_VSpherePlatformTopology +} + +var map_VSpherePlatformVCenterSpec = map[string]string{ + "": "VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.", + "server": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "port": "port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.", + "datacenters": "The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.", +} + +func (VSpherePlatformVCenterSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformVCenterSpec +} + var map_AWSIngressSpec = map[string]string{ "": "AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", @@ -1460,7 +1523,7 @@ var map_IngressSpec = map[string]string{ "appsDomain": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", "componentRoutes": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", "requiredHSTSPolicies": "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission.\n\nA candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains\n\n- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation.\n\nThe HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.\n\nNote that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.", - "loadbalancer": "loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.", + "loadBalancer": "loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.", } func (IngressSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather.crd.yaml index f73c6f889..8120185e2 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather.crd.yaml @@ -20,7 +20,7 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: "InsightsDataGather provides data gather configuration options for the the Insights Operator. \n Compatibility level 4." + description: "InsightsDataGather provides data gather configuration options for the the Insights Operator. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." type: object required: - spec @@ -42,14 +42,14 @@ spec: type: object properties: dataPolicy: - description: dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are "None" and "IPsAndClusterDomain". When set to None the data is not obfuscated. When set to IPsAndClusterDomain the IP addresses and the cluster domain name are obfuscated. No value equals the "None" policy. + description: dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are "None" and "ObfuscateNetworking". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is None. type: string enum: - "" - None - - IPsAndClusterDomain + - ObfuscateNetworking disabledGatherers: - description: 'disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing "all" value. If all the gatherers are disabled, the Insights operator does not gather any data. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. An example of disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", "workloads/workload_info"]`' + description: 'disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing "all" value. If all the gatherers are disabled, the Insights operator does not gather any data. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: "oc get insightsoperators.operator.openshift.io cluster -o json | jq ''.status.gatherStatus.gatherers[].name''" An example of disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", "workloads/workload_info"]`' type: array items: type: string diff --git a/vendor/github.com/openshift/api/config/v1alpha1/Makefile b/vendor/github.com/openshift/api/config/v1alpha1/Makefile new file mode 100644 index 000000000..e32ad5d9e --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="config.openshift.io/v1alpha1" diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml new file mode 100644 index 000000000..f73792738 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] InsightsDataGather" +crd: 0000_10_config-operator_01_insightsdatagather.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal InsightsDataGather + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: InsightsDataGather + spec: {} # No spec is required for a InsightsDataGather + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: InsightsDataGather + spec: {} diff --git a/vendor/github.com/openshift/api/image/docker10/register.go b/vendor/github.com/openshift/api/image/docker10/register.go index 31d616a06..3d5ad268a 100644 --- a/vendor/github.com/openshift/api/image/docker10/register.go +++ b/vendor/github.com/openshift/api/image/docker10/register.go @@ -12,14 +12,23 @@ const ( // SchemeGroupVersion is group version used to register these objects var ( - SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "1.0"} + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "1.0"} LegacySchemeGroupVersion = schema.GroupVersion{Group: LegacyGroupName, Version: "1.0"} SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) LegacySchemeBuilder = runtime.NewSchemeBuilder(addLegacyKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme AddToSchemeInCoreGroup = LegacySchemeBuilder.AddToScheme + + // Install is a function which adds this version to a scheme + Install = SchemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = SchemeBuilder.AddToScheme ) // Adds the list of known types to api.Scheme. diff --git a/vendor/github.com/openshift/api/image/dockerpre012/register.go b/vendor/github.com/openshift/api/image/dockerpre012/register.go index 469806dbe..7ce2adb0a 100644 --- a/vendor/github.com/openshift/api/image/dockerpre012/register.go +++ b/vendor/github.com/openshift/api/image/dockerpre012/register.go @@ -11,14 +11,23 @@ const ( ) var ( - SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "pre012"} + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "pre012"} LegacySchemeGroupVersion = schema.GroupVersion{Group: LegacyGroupName, Version: "pre012"} SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme LegacySchemeBuilder = runtime.NewSchemeBuilder(addLegacyKnownTypes) AddToSchemeInCoreGroup = LegacySchemeBuilder.AddToScheme + + // Install is a function which adds this version to a scheme + Install = SchemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = SchemeBuilder.AddToScheme ) // Adds the list of known types to api.Scheme. diff --git a/vendor/github.com/openshift/api/image/v1/generated.pb.go b/vendor/github.com/openshift/api/image/v1/generated.pb.go index 3ca7374b4..6344617bb 100644 --- a/vendor/github.com/openshift/api/image/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/image/v1/generated.pb.go @@ -283,10 +283,38 @@ func (m *ImageLookupPolicy) XXX_DiscardUnknown() { var xxx_messageInfo_ImageLookupPolicy proto.InternalMessageInfo +func (m *ImageManifest) Reset() { *m = ImageManifest{} } +func (*ImageManifest) ProtoMessage() {} +func (*ImageManifest) Descriptor() ([]byte, []int) { + return fileDescriptor_650a0b34f65fde60, []int{9} +} +func (m *ImageManifest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ImageManifest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ImageManifest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ImageManifest.Merge(m, src) +} +func (m *ImageManifest) XXX_Size() int { + return m.Size() +} +func (m *ImageManifest) XXX_DiscardUnknown() { + xxx_messageInfo_ImageManifest.DiscardUnknown(m) +} + +var xxx_messageInfo_ImageManifest proto.InternalMessageInfo + func (m *ImageSignature) Reset() { *m = ImageSignature{} } func (*ImageSignature) ProtoMessage() {} func (*ImageSignature) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{9} + return fileDescriptor_650a0b34f65fde60, []int{10} } func (m *ImageSignature) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -314,7 +342,7 @@ var xxx_messageInfo_ImageSignature proto.InternalMessageInfo func (m *ImageStream) Reset() { *m = ImageStream{} } func (*ImageStream) ProtoMessage() {} func (*ImageStream) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{10} + return fileDescriptor_650a0b34f65fde60, []int{11} } func (m *ImageStream) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -342,7 +370,7 @@ var xxx_messageInfo_ImageStream proto.InternalMessageInfo func (m *ImageStreamImage) Reset() { *m = ImageStreamImage{} } func (*ImageStreamImage) ProtoMessage() {} func (*ImageStreamImage) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{11} + return fileDescriptor_650a0b34f65fde60, []int{12} } func (m *ImageStreamImage) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -370,7 +398,7 @@ var xxx_messageInfo_ImageStreamImage proto.InternalMessageInfo func (m *ImageStreamImport) Reset() { *m = ImageStreamImport{} } func (*ImageStreamImport) ProtoMessage() {} func (*ImageStreamImport) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{12} + return fileDescriptor_650a0b34f65fde60, []int{13} } func (m *ImageStreamImport) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -398,7 +426,7 @@ var xxx_messageInfo_ImageStreamImport proto.InternalMessageInfo func (m *ImageStreamImportSpec) Reset() { *m = ImageStreamImportSpec{} } func (*ImageStreamImportSpec) ProtoMessage() {} func (*ImageStreamImportSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{13} + return fileDescriptor_650a0b34f65fde60, []int{14} } func (m *ImageStreamImportSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -426,7 +454,7 @@ var xxx_messageInfo_ImageStreamImportSpec proto.InternalMessageInfo func (m *ImageStreamImportStatus) Reset() { *m = ImageStreamImportStatus{} } func (*ImageStreamImportStatus) ProtoMessage() {} func (*ImageStreamImportStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{14} + return fileDescriptor_650a0b34f65fde60, []int{15} } func (m *ImageStreamImportStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -454,7 +482,7 @@ var xxx_messageInfo_ImageStreamImportStatus proto.InternalMessageInfo func (m *ImageStreamLayers) Reset() { *m = ImageStreamLayers{} } func (*ImageStreamLayers) ProtoMessage() {} func (*ImageStreamLayers) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{15} + return fileDescriptor_650a0b34f65fde60, []int{16} } func (m *ImageStreamLayers) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -482,7 +510,7 @@ var xxx_messageInfo_ImageStreamLayers proto.InternalMessageInfo func (m *ImageStreamList) Reset() { *m = ImageStreamList{} } func (*ImageStreamList) ProtoMessage() {} func (*ImageStreamList) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{16} + return fileDescriptor_650a0b34f65fde60, []int{17} } func (m *ImageStreamList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -510,7 +538,7 @@ var xxx_messageInfo_ImageStreamList proto.InternalMessageInfo func (m *ImageStreamMapping) Reset() { *m = ImageStreamMapping{} } func (*ImageStreamMapping) ProtoMessage() {} func (*ImageStreamMapping) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{17} + return fileDescriptor_650a0b34f65fde60, []int{18} } func (m *ImageStreamMapping) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -538,7 +566,7 @@ var xxx_messageInfo_ImageStreamMapping proto.InternalMessageInfo func (m *ImageStreamSpec) Reset() { *m = ImageStreamSpec{} } func (*ImageStreamSpec) ProtoMessage() {} func (*ImageStreamSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{18} + return fileDescriptor_650a0b34f65fde60, []int{19} } func (m *ImageStreamSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -566,7 +594,7 @@ var xxx_messageInfo_ImageStreamSpec proto.InternalMessageInfo func (m *ImageStreamStatus) Reset() { *m = ImageStreamStatus{} } func (*ImageStreamStatus) ProtoMessage() {} func (*ImageStreamStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{19} + return fileDescriptor_650a0b34f65fde60, []int{20} } func (m *ImageStreamStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -594,7 +622,7 @@ var xxx_messageInfo_ImageStreamStatus proto.InternalMessageInfo func (m *ImageStreamTag) Reset() { *m = ImageStreamTag{} } func (*ImageStreamTag) ProtoMessage() {} func (*ImageStreamTag) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{20} + return fileDescriptor_650a0b34f65fde60, []int{21} } func (m *ImageStreamTag) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -622,7 +650,7 @@ var xxx_messageInfo_ImageStreamTag proto.InternalMessageInfo func (m *ImageStreamTagList) Reset() { *m = ImageStreamTagList{} } func (*ImageStreamTagList) ProtoMessage() {} func (*ImageStreamTagList) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{21} + return fileDescriptor_650a0b34f65fde60, []int{22} } func (m *ImageStreamTagList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -650,7 +678,7 @@ var xxx_messageInfo_ImageStreamTagList proto.InternalMessageInfo func (m *ImageTag) Reset() { *m = ImageTag{} } func (*ImageTag) ProtoMessage() {} func (*ImageTag) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{22} + return fileDescriptor_650a0b34f65fde60, []int{23} } func (m *ImageTag) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -678,7 +706,7 @@ var xxx_messageInfo_ImageTag proto.InternalMessageInfo func (m *ImageTagList) Reset() { *m = ImageTagList{} } func (*ImageTagList) ProtoMessage() {} func (*ImageTagList) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{23} + return fileDescriptor_650a0b34f65fde60, []int{24} } func (m *ImageTagList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -706,7 +734,7 @@ var xxx_messageInfo_ImageTagList proto.InternalMessageInfo func (m *NamedTagEventList) Reset() { *m = NamedTagEventList{} } func (*NamedTagEventList) ProtoMessage() {} func (*NamedTagEventList) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{24} + return fileDescriptor_650a0b34f65fde60, []int{25} } func (m *NamedTagEventList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -734,7 +762,7 @@ var xxx_messageInfo_NamedTagEventList proto.InternalMessageInfo func (m *RepositoryImportSpec) Reset() { *m = RepositoryImportSpec{} } func (*RepositoryImportSpec) ProtoMessage() {} func (*RepositoryImportSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{25} + return fileDescriptor_650a0b34f65fde60, []int{26} } func (m *RepositoryImportSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -762,7 +790,7 @@ var xxx_messageInfo_RepositoryImportSpec proto.InternalMessageInfo func (m *RepositoryImportStatus) Reset() { *m = RepositoryImportStatus{} } func (*RepositoryImportStatus) ProtoMessage() {} func (*RepositoryImportStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{26} + return fileDescriptor_650a0b34f65fde60, []int{27} } func (m *RepositoryImportStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -790,7 +818,7 @@ var xxx_messageInfo_RepositoryImportStatus proto.InternalMessageInfo func (m *SecretList) Reset() { *m = SecretList{} } func (*SecretList) ProtoMessage() {} func (*SecretList) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{27} + return fileDescriptor_650a0b34f65fde60, []int{28} } func (m *SecretList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -818,7 +846,7 @@ var xxx_messageInfo_SecretList proto.InternalMessageInfo func (m *SignatureCondition) Reset() { *m = SignatureCondition{} } func (*SignatureCondition) ProtoMessage() {} func (*SignatureCondition) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{28} + return fileDescriptor_650a0b34f65fde60, []int{29} } func (m *SignatureCondition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -846,7 +874,7 @@ var xxx_messageInfo_SignatureCondition proto.InternalMessageInfo func (m *SignatureGenericEntity) Reset() { *m = SignatureGenericEntity{} } func (*SignatureGenericEntity) ProtoMessage() {} func (*SignatureGenericEntity) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{29} + return fileDescriptor_650a0b34f65fde60, []int{30} } func (m *SignatureGenericEntity) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -874,7 +902,7 @@ var xxx_messageInfo_SignatureGenericEntity proto.InternalMessageInfo func (m *SignatureIssuer) Reset() { *m = SignatureIssuer{} } func (*SignatureIssuer) ProtoMessage() {} func (*SignatureIssuer) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{30} + return fileDescriptor_650a0b34f65fde60, []int{31} } func (m *SignatureIssuer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -902,7 +930,7 @@ var xxx_messageInfo_SignatureIssuer proto.InternalMessageInfo func (m *SignatureSubject) Reset() { *m = SignatureSubject{} } func (*SignatureSubject) ProtoMessage() {} func (*SignatureSubject) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{31} + return fileDescriptor_650a0b34f65fde60, []int{32} } func (m *SignatureSubject) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -930,7 +958,7 @@ var xxx_messageInfo_SignatureSubject proto.InternalMessageInfo func (m *TagEvent) Reset() { *m = TagEvent{} } func (*TagEvent) ProtoMessage() {} func (*TagEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{32} + return fileDescriptor_650a0b34f65fde60, []int{33} } func (m *TagEvent) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -958,7 +986,7 @@ var xxx_messageInfo_TagEvent proto.InternalMessageInfo func (m *TagEventCondition) Reset() { *m = TagEventCondition{} } func (*TagEventCondition) ProtoMessage() {} func (*TagEventCondition) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{33} + return fileDescriptor_650a0b34f65fde60, []int{34} } func (m *TagEventCondition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -986,7 +1014,7 @@ var xxx_messageInfo_TagEventCondition proto.InternalMessageInfo func (m *TagImportPolicy) Reset() { *m = TagImportPolicy{} } func (*TagImportPolicy) ProtoMessage() {} func (*TagImportPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{34} + return fileDescriptor_650a0b34f65fde60, []int{35} } func (m *TagImportPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1014,7 +1042,7 @@ var xxx_messageInfo_TagImportPolicy proto.InternalMessageInfo func (m *TagReference) Reset() { *m = TagReference{} } func (*TagReference) ProtoMessage() {} func (*TagReference) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{35} + return fileDescriptor_650a0b34f65fde60, []int{36} } func (m *TagReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1042,7 +1070,7 @@ var xxx_messageInfo_TagReference proto.InternalMessageInfo func (m *TagReferencePolicy) Reset() { *m = TagReferencePolicy{} } func (*TagReferencePolicy) ProtoMessage() {} func (*TagReferencePolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_650a0b34f65fde60, []int{36} + return fileDescriptor_650a0b34f65fde60, []int{37} } func (m *TagReferencePolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1077,6 +1105,7 @@ func init() { proto.RegisterType((*ImageLayerData)(nil), "github.com.openshift.api.image.v1.ImageLayerData") proto.RegisterType((*ImageList)(nil), "github.com.openshift.api.image.v1.ImageList") proto.RegisterType((*ImageLookupPolicy)(nil), "github.com.openshift.api.image.v1.ImageLookupPolicy") + proto.RegisterType((*ImageManifest)(nil), "github.com.openshift.api.image.v1.ImageManifest") proto.RegisterType((*ImageSignature)(nil), "github.com.openshift.api.image.v1.ImageSignature") proto.RegisterMapType((map[string]string)(nil), "github.com.openshift.api.image.v1.ImageSignature.SignedClaimsEntry") proto.RegisterType((*ImageStream)(nil), "github.com.openshift.api.image.v1.ImageStream") @@ -1116,166 +1145,175 @@ func init() { } var fileDescriptor_650a0b34f65fde60 = []byte{ - // 2529 bytes of a gzipped FileDescriptorProto + // 2685 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x5a, 0x4d, 0x6c, 0x1c, 0x49, - 0xf5, 0x4f, 0xcf, 0x97, 0xc7, 0xcf, 0x13, 0x3b, 0xae, 0xc4, 0xbb, 0xb3, 0x93, 0xac, 0xed, 0x74, - 0xfe, 0x89, 0xf2, 0x87, 0xec, 0x0c, 0x36, 0xd9, 0xc5, 0x09, 0x12, 0xd9, 0x4c, 0x26, 0x44, 0x03, - 0xf6, 0xc6, 0x5b, 0x1e, 0x22, 0x14, 0x05, 0x89, 0x72, 0x4f, 0xb9, 0xdd, 0x78, 0xa6, 0x7b, 0xe8, - 0xee, 0xf1, 0xae, 0x23, 0x90, 0x38, 0xa0, 0xd5, 0x1e, 0x38, 0xc0, 0x89, 0xc3, 0x1e, 0xd1, 0x0a, - 0x21, 0x8e, 0x08, 0xc4, 0x89, 0x0b, 0x20, 0x45, 0x5c, 0x58, 0x2d, 0x97, 0xbd, 0x60, 0x6d, 0x06, - 0xce, 0xdc, 0xb8, 0xec, 0x09, 0x55, 0x75, 0x75, 0x77, 0x75, 0x4f, 0x8f, 0xdd, 0x63, 0xe2, 0x01, - 0x6e, 0x33, 0x55, 0xef, 0xfd, 0xde, 0xab, 0xf7, 0xaa, 0xde, 0x47, 0x55, 0xc3, 0x8a, 0x6e, 0xb8, - 0xbb, 0xfd, 0xed, 0xaa, 0x66, 0x75, 0x6b, 0x56, 0x8f, 0x9a, 0xce, 0xae, 0xb1, 0xe3, 0xd6, 0x48, - 0xcf, 0xa8, 0x19, 0x5d, 0xa2, 0xd3, 0xda, 0xfe, 0x4a, 0x4d, 0xa7, 0x26, 0xb5, 0x89, 0x4b, 0xdb, - 0xd5, 0x9e, 0x6d, 0xb9, 0x16, 0xba, 0x1c, 0xb2, 0x54, 0x03, 0x96, 0x2a, 0xe9, 0x19, 0x55, 0xce, - 0x52, 0xdd, 0x5f, 0xa9, 0xbc, 0x26, 0xa1, 0xea, 0x96, 0x6e, 0xd5, 0x38, 0xe7, 0x76, 0x7f, 0x87, - 0xff, 0xe3, 0x7f, 0xf8, 0x2f, 0x0f, 0xb1, 0xa2, 0xee, 0xad, 0x39, 0x55, 0xc3, 0xe2, 0x62, 0x35, - 0xcb, 0x4e, 0x92, 0x5a, 0xb9, 0x19, 0xd2, 0x74, 0x89, 0xb6, 0x6b, 0x98, 0xd4, 0x3e, 0xa8, 0xf5, - 0xf6, 0x74, 0x36, 0xe0, 0xd4, 0xba, 0xd4, 0x25, 0x49, 0x5c, 0xb5, 0x51, 0x5c, 0x76, 0xdf, 0x74, - 0x8d, 0x2e, 0x1d, 0x62, 0x78, 0xe3, 0x38, 0x06, 0x47, 0xdb, 0xa5, 0x5d, 0x12, 0xe7, 0x53, 0x3f, - 0x56, 0xe0, 0x42, 0xc3, 0xd2, 0xf6, 0xa8, 0xdd, 0x64, 0x46, 0xc0, 0x74, 0x87, 0xda, 0xd4, 0xd4, - 0x28, 0xba, 0x01, 0x45, 0x9b, 0xea, 0x86, 0xe3, 0xda, 0x07, 0x65, 0x65, 0x59, 0xb9, 0x3e, 0x5d, - 0x3f, 0xf7, 0xec, 0x70, 0xe9, 0xcc, 0xe0, 0x70, 0xa9, 0x88, 0xc5, 0x38, 0x0e, 0x28, 0x50, 0x0d, - 0xa6, 0x4d, 0xd2, 0xa5, 0x4e, 0x8f, 0x68, 0xb4, 0x9c, 0xe1, 0xe4, 0xf3, 0x82, 0x7c, 0xfa, 0x2d, - 0x7f, 0x02, 0x87, 0x34, 0x68, 0x19, 0x72, 0xec, 0x4f, 0x39, 0xcb, 0x69, 0x4b, 0x82, 0x36, 0xc7, - 0x68, 0x31, 0x9f, 0x41, 0xaf, 0x42, 0xd6, 0x25, 0x7a, 0x39, 0xc7, 0x09, 0x66, 0x04, 0x41, 0xb6, - 0x45, 0x74, 0xcc, 0xc6, 0x51, 0x05, 0x32, 0x46, 0xa3, 0x9c, 0xe7, 0xb3, 0x20, 0x66, 0x33, 0xcd, - 0x06, 0xce, 0x18, 0x0d, 0xf5, 0xcf, 0x53, 0x90, 0xe7, 0xcb, 0x41, 0xdf, 0x86, 0x22, 0x33, 0x71, - 0x9b, 0xb8, 0x84, 0xaf, 0x62, 0x66, 0xf5, 0x0b, 0x55, 0xcf, 0x52, 0x55, 0xd9, 0x52, 0xd5, 0xde, - 0x9e, 0xce, 0x06, 0x9c, 0x2a, 0xa3, 0xae, 0xee, 0xaf, 0x54, 0x1f, 0x6e, 0x7f, 0x87, 0x6a, 0xee, - 0x06, 0x75, 0x49, 0x1d, 0x09, 0x74, 0x08, 0xc7, 0x70, 0x80, 0x8a, 0x36, 0xe1, 0x42, 0x3b, 0xc1, - 0x7e, 0xc2, 0x08, 0x97, 0x04, 0x6f, 0xa2, 0x8d, 0x71, 0x22, 0x27, 0xfa, 0x1e, 0x9c, 0x97, 0xc6, - 0x37, 0x7c, 0xf5, 0xb3, 0x5c, 0xfd, 0xd7, 0x46, 0xaa, 0x2f, 0x1c, 0x5d, 0xc5, 0xe4, 0x9d, 0xfb, - 0xef, 0xba, 0xd4, 0x74, 0x0c, 0xcb, 0xac, 0x5f, 0x14, 0xf2, 0xcf, 0x37, 0x86, 0x11, 0x71, 0x92, - 0x18, 0xb4, 0x0d, 0x95, 0x84, 0xe1, 0x47, 0xd4, 0x66, 0x78, 0xc2, 0x1b, 0xaa, 0x40, 0xad, 0x34, - 0x46, 0x52, 0xe2, 0x23, 0x50, 0xd0, 0x46, 0x74, 0x85, 0xc4, 0x34, 0x76, 0xa8, 0xe3, 0x0a, 0x67, - 0x26, 0xaa, 0x2c, 0x48, 0x70, 0x12, 0x1f, 0xda, 0x87, 0x79, 0x69, 0x78, 0x9d, 0x1c, 0x50, 0xdb, - 0x29, 0x17, 0x96, 0xb3, 0xdc, 0x5c, 0xc7, 0x1e, 0xfa, 0x6a, 0xc8, 0x55, 0x7f, 0x45, 0xc8, 0x9e, - 0x6f, 0xc4, 0xf1, 0xf0, 0xb0, 0x08, 0x44, 0x01, 0x1c, 0x43, 0x37, 0x89, 0xdb, 0xb7, 0xa9, 0x53, - 0x9e, 0xe2, 0x02, 0x57, 0xd2, 0x0a, 0xdc, 0xf2, 0x39, 0xc3, 0xfd, 0x15, 0x0c, 0x39, 0x58, 0x02, - 0x46, 0x0f, 0x61, 0x41, 0x92, 0x1d, 0x12, 0x95, 0x8b, 0xcb, 0xd9, 0xeb, 0xa5, 0xfa, 0x2b, 0x83, - 0xc3, 0xa5, 0x85, 0x46, 0x12, 0x01, 0x4e, 0xe6, 0x43, 0xbb, 0x70, 0x29, 0xc1, 0x8c, 0x1b, 0xb4, - 0x6d, 0x90, 0xd6, 0x41, 0x8f, 0x96, 0xa7, 0xb9, 0x1f, 0xfe, 0x4f, 0xa8, 0x75, 0xa9, 0x71, 0x04, - 0x2d, 0x3e, 0x12, 0x09, 0x3d, 0x88, 0x78, 0xe6, 0x9e, 0x65, 0xee, 0x18, 0x7a, 0x19, 0x38, 0x7c, - 0x92, 0xa9, 0x3d, 0x02, 0x3c, 0xcc, 0xa3, 0xfe, 0x54, 0x81, 0xf3, 0xfc, 0x7f, 0xbd, 0x63, 0x6d, - 0x07, 0x47, 0xc5, 0x41, 0x6b, 0x50, 0xe2, 0x66, 0xdd, 0x30, 0x1c, 0xc7, 0x30, 0x75, 0x7e, 0x48, - 0x8a, 0xf5, 0x0b, 0x02, 0xbb, 0xd4, 0x94, 0xe6, 0x70, 0x84, 0x12, 0xa9, 0x50, 0xe8, 0x78, 0x3b, - 0x45, 0x59, 0xce, 0xb2, 0x18, 0x32, 0x38, 0x5c, 0x2a, 0x08, 0x5f, 0x8b, 0x19, 0x46, 0xa3, 0x79, - 0x3a, 0x7b, 0xa7, 0x99, 0xd3, 0x08, 0x25, 0xc5, 0x8c, 0xfa, 0xc7, 0x2c, 0xcc, 0x71, 0x31, 0xcd, - 0x6e, 0xcf, 0xb2, 0xdd, 0xad, 0x1e, 0xd5, 0xd0, 0x7d, 0xc8, 0xed, 0xd8, 0x56, 0x57, 0x44, 0x9c, - 0x2b, 0xd2, 0x91, 0xad, 0xb2, 0x34, 0x11, 0xc6, 0x97, 0x60, 0x25, 0x61, 0x04, 0xfc, 0xaa, 0x6d, - 0x75, 0x31, 0x67, 0x47, 0x6f, 0x42, 0xc6, 0xb5, 0xb8, 0xe8, 0x99, 0xd5, 0xeb, 0x49, 0x20, 0xeb, - 0x96, 0x46, 0x3a, 0x71, 0xa4, 0x02, 0x0b, 0x84, 0x2d, 0x0b, 0x67, 0x5c, 0x0b, 0x75, 0x98, 0x79, - 0x98, 0x5a, 0x9b, 0x56, 0xc7, 0xd0, 0x0e, 0x44, 0x0c, 0x59, 0x4d, 0xb1, 0x47, 0x5b, 0x44, 0x6f, - 0x4a, 0x9c, 0xb2, 0x49, 0xc3, 0x51, 0x1c, 0x41, 0x47, 0xef, 0xc2, 0x9c, 0xed, 0xab, 0x21, 0x04, - 0xe6, 0xb9, 0xc0, 0xd7, 0xd3, 0x09, 0xc4, 0x51, 0xe6, 0xfa, 0xcb, 0x42, 0xe6, 0x5c, 0x6c, 0x02, - 0xc7, 0xc5, 0xa0, 0xbb, 0x30, 0x67, 0x98, 0x5a, 0xa7, 0xdf, 0x0e, 0x83, 0x49, 0x8e, 0xef, 0x84, - 0x00, 0xa2, 0x19, 0x9d, 0xc6, 0x71, 0x7a, 0xf5, 0x2f, 0x0a, 0xcc, 0xcb, 0x7e, 0x74, 0x89, 0xdb, - 0x77, 0x50, 0x0b, 0x0a, 0x0e, 0xff, 0x25, 0x7c, 0x79, 0x23, 0x5d, 0xf6, 0xf0, 0xb8, 0xeb, 0xb3, - 0x42, 0x7a, 0xc1, 0xfb, 0x8f, 0x05, 0x16, 0x6a, 0x42, 0x9e, 0xaf, 0x3b, 0xf0, 0x6d, 0xca, 0x98, - 0x51, 0x9f, 0x1e, 0x1c, 0x2e, 0x79, 0x99, 0x0d, 0x7b, 0x08, 0x7e, 0x96, 0xcc, 0x26, 0x67, 0x49, - 0xf5, 0x3d, 0x05, 0x20, 0x0c, 0x59, 0x41, 0xd6, 0x55, 0x46, 0x66, 0xdd, 0xab, 0x90, 0x73, 0x8c, - 0xa7, 0x9e, 0x66, 0xd9, 0x30, 0x87, 0x73, 0xf6, 0x2d, 0xe3, 0x29, 0xc5, 0x7c, 0x9a, 0xe5, 0xfb, - 0x6e, 0x10, 0x2f, 0xb2, 0xd1, 0x7c, 0x1f, 0x06, 0x87, 0x90, 0x46, 0x6d, 0xc3, 0x6c, 0xa8, 0x47, - 0x83, 0x25, 0x9a, 0xcb, 0x42, 0x92, 0xc2, 0x25, 0x9d, 0x3d, 0x56, 0x4a, 0x26, 0x85, 0x94, 0xdf, - 0x2a, 0x30, 0xed, 0x89, 0x31, 0x1c, 0x17, 0x3d, 0x19, 0x4a, 0xfe, 0xd5, 0x74, 0xee, 0x63, 0xdc, - 0x3c, 0xf5, 0x07, 0x25, 0x8f, 0x3f, 0x22, 0x25, 0xfe, 0x0d, 0xc8, 0x1b, 0x2e, 0xed, 0x3a, 0xe5, - 0x0c, 0x0f, 0xfc, 0xe9, 0x9d, 0x78, 0x56, 0x80, 0xe6, 0x9b, 0x8c, 0x1d, 0x7b, 0x28, 0xea, 0x9a, - 0xd8, 0x7e, 0xeb, 0x96, 0xb5, 0xd7, 0xef, 0x89, 0x7d, 0x7d, 0x05, 0xf2, 0x1d, 0x76, 0xc6, 0x45, - 0x5c, 0x0b, 0x38, 0xf9, 0xc1, 0xc7, 0xde, 0x9c, 0xfa, 0xab, 0x82, 0xb0, 0x6d, 0x10, 0xe2, 0x27, - 0x50, 0xf6, 0x2c, 0x43, 0xce, 0x0d, 0xbd, 0x12, 0xec, 0x24, 0xee, 0x10, 0x3e, 0x83, 0xae, 0xc2, - 0x94, 0x66, 0x99, 0x2e, 0x35, 0x5d, 0xae, 0x7d, 0xa9, 0x3e, 0x33, 0x38, 0x5c, 0x9a, 0xba, 0xe7, - 0x0d, 0x61, 0x7f, 0x0e, 0x19, 0x00, 0x9a, 0x65, 0xb6, 0x0d, 0xd7, 0xb0, 0x4c, 0xa7, 0x9c, 0xe3, - 0xb6, 0x4c, 0x13, 0x2f, 0x82, 0xc5, 0xde, 0xf3, 0xb9, 0x43, 0x8d, 0x83, 0x21, 0x07, 0x4b, 0xe0, - 0xe8, 0xcb, 0x70, 0x96, 0xb3, 0x37, 0xdb, 0xd4, 0x74, 0x0d, 0xf7, 0x40, 0x14, 0x1c, 0x0b, 0x82, - 0xed, 0x6c, 0x53, 0x9e, 0xc4, 0x51, 0x5a, 0xf4, 0x7d, 0x28, 0xb1, 0x9c, 0x4c, 0xdb, 0xf7, 0x3a, - 0xc4, 0xe8, 0xfa, 0xf5, 0xc5, 0xbd, 0xb1, 0xd3, 0x3d, 0x57, 0xdc, 0x47, 0xb9, 0x6f, 0xba, 0xb6, - 0x14, 0x5b, 0xe5, 0x29, 0x1c, 0x11, 0x87, 0xde, 0x86, 0x29, 0xcd, 0xa6, 0xac, 0x70, 0x2f, 0x4f, - 0x71, 0x87, 0x7e, 0x2e, 0x9d, 0x43, 0x5b, 0x46, 0x97, 0x0a, 0xcb, 0x7b, 0xec, 0xd8, 0xc7, 0x61, - 0xc7, 0xc3, 0x70, 0x9c, 0x3e, 0x6d, 0xd7, 0x0f, 0xca, 0xc5, 0xd4, 0x89, 0x21, 0x58, 0x48, 0x93, - 0xf1, 0xda, 0xf5, 0x12, 0x3b, 0x1e, 0x4d, 0x81, 0x83, 0x03, 0x44, 0xf4, 0x2d, 0x1f, 0xbd, 0x65, - 0xf1, 0x82, 0x62, 0x66, 0xf5, 0x8b, 0xe3, 0xa0, 0x6f, 0xf5, 0xf9, 0xae, 0x93, 0xe1, 0x5b, 0x16, - 0x0e, 0x20, 0x2b, 0x77, 0x60, 0x7e, 0xc8, 0x90, 0xe8, 0x1c, 0x64, 0xf7, 0xa8, 0x68, 0x57, 0x30, - 0xfb, 0x89, 0x2e, 0x40, 0x7e, 0x9f, 0x74, 0xfa, 0x62, 0x9f, 0x62, 0xef, 0xcf, 0xed, 0xcc, 0x9a, - 0xa2, 0xfe, 0x2c, 0x03, 0x33, 0x9e, 0x67, 0x5c, 0x9b, 0x92, 0xee, 0x04, 0x8e, 0x4c, 0x0b, 0x72, - 0x4e, 0x8f, 0x6a, 0x22, 0xe8, 0xaf, 0xa6, 0xde, 0x39, 0x5c, 0x3f, 0x56, 0x57, 0x84, 0xc7, 0x8c, - 0xfd, 0xc3, 0x1c, 0x0d, 0x3d, 0x09, 0x32, 0x94, 0x97, 0xdc, 0x6f, 0x8e, 0x89, 0x7b, 0x64, 0xa6, - 0x52, 0x7f, 0xaf, 0xc0, 0x39, 0x89, 0x7a, 0x52, 0x4d, 0xd5, 0xc6, 0x49, 0x13, 0x64, 0x18, 0x5b, - 0xa5, 0x24, 0xa9, 0xfe, 0x3a, 0x23, 0x82, 0xab, 0xbf, 0x0a, 0x96, 0xe1, 0x27, 0xb0, 0x8c, 0xc7, - 0x11, 0x8f, 0xaf, 0x8d, 0xe7, 0x99, 0xb0, 0x9e, 0x4c, 0xf4, 0xfb, 0x76, 0xcc, 0xef, 0xb7, 0x4f, - 0x84, 0x7e, 0xb4, 0xf7, 0x7f, 0x98, 0x81, 0x85, 0x44, 0x8d, 0xd0, 0x35, 0x28, 0x78, 0xa5, 0x1f, - 0xb7, 0x5c, 0x31, 0x44, 0xf0, 0x68, 0xb0, 0x98, 0x45, 0x3a, 0x80, 0x4d, 0x7b, 0x96, 0x63, 0xb8, - 0x96, 0x7d, 0x20, 0xec, 0xf0, 0xa5, 0x14, 0x9a, 0xe2, 0x80, 0x49, 0x32, 0xc3, 0x2c, 0x33, 0x74, - 0x38, 0x83, 0x25, 0x68, 0xf4, 0x98, 0x29, 0x44, 0x74, 0xca, 0xcc, 0x91, 0x1d, 0xe7, 0x78, 0xc9, - 0xf8, 0xe1, 0x22, 0x18, 0x12, 0x16, 0x88, 0xea, 0x6f, 0x32, 0xf0, 0xf2, 0x08, 0xd3, 0x21, 0x1c, - 0x31, 0x04, 0xab, 0x30, 0xc6, 0x72, 0x83, 0xd7, 0x52, 0xc4, 0x8c, 0x66, 0x24, 0x18, 0xed, 0xd6, - 0x49, 0x8c, 0x26, 0xbc, 0x7b, 0x84, 0xd9, 0x9e, 0xc4, 0xcc, 0x76, 0x73, 0x4c, 0xb3, 0xc5, 0xf6, - 0x4f, 0xcc, 0x70, 0x1f, 0xe6, 0x22, 0xe7, 0x4e, 0xb4, 0xcd, 0xa7, 0x7f, 0xee, 0xda, 0x90, 0xdf, - 0xee, 0x58, 0xdb, 0x7e, 0x69, 0x76, 0x67, 0x3c, 0x9f, 0x78, 0x6a, 0x56, 0x59, 0xa7, 0x29, 0x12, - 0x74, 0x10, 0x55, 0xf8, 0x18, 0xf6, 0xc0, 0xd1, 0x6e, 0xcc, 0x76, 0x6f, 0x9e, 0x48, 0x8c, 0x67, - 0x32, 0x4f, 0xce, 0x08, 0x3b, 0x56, 0xf6, 0x00, 0x42, 0x6d, 0x12, 0xb2, 0xdc, 0x03, 0x39, 0xcb, - 0x8d, 0x71, 0x07, 0x11, 0x14, 0xe3, 0x52, 0x62, 0xac, 0x7c, 0x57, 0xe4, 0xc5, 0x91, 0xd2, 0xd6, - 0xa3, 0xd2, 0xde, 0x48, 0x1d, 0x9c, 0x23, 0xad, 0xbb, 0x9c, 0x8b, 0xff, 0xa0, 0x88, 0x1e, 0x5a, - 0x58, 0xe6, 0xf4, 0x8b, 0xf7, 0xad, 0x68, 0xf1, 0x3e, 0xee, 0xa9, 0x4d, 0x2e, 0xe1, 0xff, 0xae, - 0x00, 0x92, 0xa8, 0x36, 0x48, 0xaf, 0x67, 0x98, 0xfa, 0xff, 0x5c, 0xba, 0x3c, 0xae, 0xa7, 0xfc, - 0x45, 0x26, 0xe2, 0x2d, 0x9e, 0x0f, 0x4c, 0x28, 0x75, 0xa4, 0xc6, 0x65, 0xdc, 0x5a, 0x44, 0x6e, - 0x7a, 0xc2, 0x72, 0x58, 0x1e, 0xc5, 0x11, 0x7c, 0xb4, 0x15, 0xb9, 0x13, 0x0b, 0x83, 0x9b, 0xe8, - 0x6c, 0x5f, 0x15, 0x10, 0x0b, 0x8d, 0x24, 0x22, 0x9c, 0xcc, 0x8b, 0xde, 0x86, 0x9c, 0x4b, 0x74, - 0x7f, 0x4f, 0xd4, 0xc6, 0xbc, 0xb4, 0x90, 0x9a, 0x20, 0xa2, 0x3b, 0x98, 0x43, 0xa9, 0x3f, 0x8f, - 0x56, 0x1e, 0x22, 0x69, 0x9c, 0x8a, 0xf6, 0x14, 0x2e, 0xf6, 0xfa, 0xdb, 0x1d, 0x43, 0x4b, 0xe4, - 0x12, 0xde, 0xbc, 0x22, 0xa0, 0x2f, 0x6e, 0x8e, 0x26, 0xc5, 0x47, 0xe1, 0xa0, 0x47, 0x11, 0x23, - 0xa5, 0xf1, 0xf0, 0x5b, 0xa4, 0x4b, 0xdb, 0x2d, 0xa2, 0xdf, 0xdf, 0xa7, 0xa6, 0xcb, 0xce, 0x62, - 0xa2, 0xa5, 0x3e, 0xc8, 0xf9, 0x5d, 0x2c, 0xb7, 0x54, 0x8b, 0x4c, 0xe2, 0xe0, 0x7c, 0xcd, 0xdb, - 0xe9, 0xde, 0xb1, 0x19, 0xdb, 0xe1, 0x53, 0x91, 0x07, 0x89, 0x55, 0x00, 0xf1, 0xb8, 0x62, 0x58, - 0x26, 0x37, 0x77, 0x36, 0x94, 0xfe, 0x20, 0x98, 0xc1, 0x12, 0xd5, 0xd0, 0xb1, 0x29, 0x9c, 0xf2, - 0xb1, 0xd9, 0x4d, 0x68, 0xb6, 0x6f, 0xa6, 0x5b, 0x36, 0xf7, 0x5e, 0xfa, 0x5e, 0x3b, 0x08, 0x49, - 0xf9, 0x17, 0x52, 0xc1, 0xff, 0x29, 0x1a, 0x5a, 0x5b, 0x44, 0x9f, 0x40, 0x92, 0x78, 0x14, 0x4d, - 0x12, 0x2b, 0xe3, 0x25, 0x89, 0x16, 0xd1, 0x47, 0xe4, 0x89, 0x4f, 0x33, 0x50, 0xe4, 0x84, 0x93, - 0xd9, 0xe4, 0x1b, 0x91, 0x2e, 0x64, 0xec, 0x5d, 0x5e, 0x8c, 0x35, 0x1e, 0xdf, 0x3c, 0x41, 0xc3, - 0x39, 0x1c, 0x02, 0xe0, 0xa8, 0x6b, 0xd1, 0xdc, 0xbf, 0x7b, 0x2d, 0xaa, 0xfe, 0x4e, 0x81, 0x92, - 0x6f, 0xe2, 0x09, 0xec, 0x94, 0xcd, 0xe8, 0x4e, 0xf9, 0x7c, 0x5a, 0xcd, 0x47, 0xef, 0x91, 0x7f, - 0x28, 0x30, 0x3f, 0x64, 0x35, 0x3f, 0x33, 0x2b, 0x23, 0xde, 0x44, 0x4f, 0xa0, 0x86, 0x0f, 0x9f, - 0xac, 0x46, 0x2c, 0x60, 0x64, 0x4f, 0x2f, 0x60, 0xa8, 0xef, 0x67, 0xe1, 0x42, 0x52, 0xd7, 0xf7, - 0xa2, 0x1e, 0x53, 0xe2, 0x4f, 0x21, 0x99, 0x49, 0x3f, 0x85, 0xe4, 0xfe, 0x63, 0x4f, 0x21, 0xd9, - 0x31, 0x9f, 0x42, 0xde, 0xcf, 0xc0, 0x4b, 0xc9, 0xbd, 0xe4, 0x29, 0xbd, 0x87, 0x84, 0x5d, 0x68, - 0xe6, 0xc5, 0x77, 0xa1, 0xe8, 0x36, 0xcc, 0x92, 0xb6, 0xb7, 0xcd, 0x48, 0x87, 0x55, 0x1c, 0x7c, - 0x1f, 0x4f, 0xd7, 0xd1, 0xe0, 0x70, 0x69, 0xf6, 0x6e, 0x64, 0x06, 0xc7, 0x28, 0xd5, 0x5f, 0x2a, - 0x00, 0x5b, 0x54, 0xb3, 0xa9, 0x3b, 0x81, 0x28, 0x72, 0x27, 0x7a, 0x7c, 0x2b, 0x49, 0x5b, 0xdd, - 0x53, 0x66, 0x44, 0xd0, 0xf8, 0x38, 0x0b, 0x68, 0xf8, 0x5e, 0x1c, 0xdd, 0x16, 0x77, 0xf5, 0x5e, - 0xd8, 0xb8, 0x26, 0xdf, 0xd5, 0x7f, 0x76, 0xb8, 0xf4, 0xd2, 0x30, 0x87, 0x74, 0x8b, 0xbf, 0x1e, - 0x38, 0xdc, 0xbb, 0xe9, 0xbf, 0x19, 0x75, 0xe1, 0x67, 0x87, 0x4b, 0x09, 0x1f, 0xc1, 0x54, 0x03, - 0xa4, 0x98, 0xa3, 0x75, 0x38, 0xdb, 0x21, 0x8e, 0xbb, 0x69, 0x5b, 0xdb, 0xb4, 0x65, 0x88, 0xcf, - 0x3f, 0xc6, 0xbb, 0xcb, 0x0e, 0x6e, 0xeb, 0xd7, 0x65, 0x20, 0x1c, 0xc5, 0x45, 0xfb, 0x80, 0xd8, - 0x40, 0xcb, 0x26, 0xa6, 0xe3, 0x2d, 0x89, 0x49, 0xcb, 0x8d, 0x2d, 0xad, 0x22, 0xa4, 0xa1, 0xf5, - 0x21, 0x34, 0x9c, 0x20, 0x01, 0x5d, 0x83, 0x82, 0x4d, 0x89, 0x63, 0x99, 0xe2, 0x6d, 0x21, 0xd8, - 0x93, 0x98, 0x8f, 0x62, 0x31, 0x8b, 0xfe, 0x1f, 0xa6, 0xba, 0xd4, 0x71, 0x58, 0xb2, 0x2b, 0x70, - 0xc2, 0x39, 0x41, 0x38, 0xb5, 0xe1, 0x0d, 0x63, 0x7f, 0x5e, 0x7d, 0x4f, 0x81, 0xd0, 0x45, 0xbc, - 0x8e, 0x34, 0xb4, 0xfb, 0xde, 0x9b, 0xc4, 0x1a, 0x94, 0x2c, 0x5b, 0x27, 0xa6, 0xf1, 0xd4, 0x2b, - 0x3a, 0x3d, 0x07, 0x07, 0xf1, 0xe9, 0xa1, 0x34, 0x87, 0x23, 0x94, 0xac, 0x58, 0xd5, 0xac, 0x6e, - 0xd7, 0x32, 0x59, 0x8e, 0x11, 0xae, 0x95, 0x22, 0xb4, 0x3f, 0x83, 0x25, 0x2a, 0xf5, 0x43, 0x05, - 0xe6, 0x62, 0xb7, 0xff, 0xe8, 0x27, 0x0a, 0xbc, 0xe4, 0x24, 0x2a, 0x27, 0xce, 0xc7, 0xad, 0x71, - 0x2e, 0xfd, 0x23, 0x00, 0xf5, 0x45, 0xa1, 0xcf, 0x88, 0xd5, 0xe3, 0x11, 0x82, 0xd5, 0xbf, 0x2a, - 0x70, 0x2e, 0xfe, 0x8e, 0xf0, 0xdf, 0xa8, 0x28, 0x7a, 0x1d, 0x66, 0xbc, 0x4e, 0xeb, 0xeb, 0xf4, - 0xa0, 0xd9, 0x10, 0x5e, 0x38, 0x2f, 0xc0, 0x66, 0x36, 0xc3, 0x29, 0x2c, 0xd3, 0xa9, 0x3f, 0xca, - 0x40, 0xd1, 0xcf, 0xaf, 0xe8, 0x1b, 0xe1, 0xbb, 0x90, 0x32, 0xf6, 0xee, 0x0e, 0x36, 0xdd, 0xd0, - 0xdb, 0xd0, 0x8b, 0xff, 0xaa, 0xe9, 0x8a, 0x5f, 0xdc, 0x79, 0x8d, 0x68, 0xf2, 0xcd, 0x43, 0xb4, - 0x87, 0xca, 0xa5, 0xe9, 0xa1, 0xd4, 0x0f, 0xb2, 0x30, 0x3f, 0x54, 0x6e, 0xa0, 0x5b, 0x91, 0x98, - 0x77, 0x35, 0x16, 0xf3, 0x16, 0x86, 0x18, 0x4e, 0x2d, 0xe4, 0x25, 0x47, 0xa2, 0xec, 0x04, 0x23, - 0x51, 0x2e, 0x6d, 0x24, 0xca, 0x1f, 0x1d, 0x89, 0x62, 0xde, 0x29, 0xa4, 0xf2, 0x4e, 0x0f, 0xe6, - 0x62, 0xf5, 0x13, 0xba, 0x01, 0x45, 0xc3, 0x74, 0xa8, 0xd6, 0xb7, 0xa9, 0x78, 0x3d, 0x08, 0x92, - 0x62, 0x53, 0x8c, 0xe3, 0x80, 0x02, 0xd5, 0x60, 0xda, 0xd1, 0x76, 0x69, 0xbb, 0xdf, 0xa1, 0x6d, - 0xee, 0x90, 0x62, 0xf8, 0x0d, 0xc0, 0x96, 0x3f, 0x81, 0x43, 0x1a, 0xf5, 0x9f, 0x39, 0x28, 0xc9, - 0x15, 0x54, 0x8a, 0x8f, 0x1e, 0xde, 0x81, 0x19, 0x62, 0x9a, 0x96, 0x4b, 0xbc, 0x32, 0x37, 0x93, - 0xfa, 0x3a, 0x57, 0x96, 0x53, 0xbd, 0x1b, 0x42, 0x78, 0xd7, 0xb9, 0xc1, 0x51, 0x96, 0x66, 0xb0, - 0x2c, 0x09, 0xdd, 0x15, 0xb5, 0x6d, 0x36, 0x7d, 0x6d, 0x5b, 0x8c, 0xd5, 0xb5, 0x35, 0x98, 0x0e, - 0x4a, 0x40, 0xf1, 0xd1, 0x4b, 0x60, 0x9f, 0xf0, 0x4c, 0x86, 0x34, 0xa8, 0x1a, 0xf1, 0x62, 0x9e, - 0x7b, 0x71, 0xf6, 0x88, 0x3b, 0x8a, 0x78, 0xe1, 0x5c, 0x98, 0x74, 0xe1, 0x3c, 0x35, 0x91, 0xc2, - 0xb9, 0xf2, 0x15, 0x38, 0x17, 0xf7, 0xe0, 0x58, 0x0f, 0xca, 0x9b, 0x80, 0x86, 0xe5, 0x1f, 0x57, - 0x7b, 0x0d, 0x73, 0x84, 0x81, 0xa8, 0xfe, 0xe0, 0xd9, 0xf3, 0xc5, 0x33, 0x1f, 0x3d, 0x5f, 0x3c, - 0xf3, 0xc9, 0xf3, 0xc5, 0x33, 0x3f, 0x18, 0x2c, 0x2a, 0xcf, 0x06, 0x8b, 0xca, 0x47, 0x83, 0x45, - 0xe5, 0x93, 0xc1, 0xa2, 0xf2, 0xe9, 0x60, 0x51, 0xf9, 0xf1, 0xdf, 0x16, 0xcf, 0x3c, 0xbe, 0x7c, - 0xec, 0x97, 0xd0, 0xff, 0x0a, 0x00, 0x00, 0xff, 0xff, 0x40, 0xa9, 0x69, 0xec, 0x2d, 0x2d, 0x00, - 0x00, + 0x15, 0x4e, 0xcf, 0x9f, 0xc7, 0xcf, 0x8e, 0x1d, 0x57, 0xe2, 0xdd, 0xd9, 0x49, 0xd6, 0x76, 0x3a, + 0x24, 0xca, 0x42, 0x76, 0x66, 0x6d, 0xb2, 0x8b, 0x13, 0x24, 0xb2, 0x99, 0x4c, 0x88, 0x06, 0x3c, + 0x1b, 0x6f, 0x79, 0x88, 0x20, 0x0a, 0x12, 0xe5, 0x9e, 0x72, 0xbb, 0xf1, 0x4c, 0xf7, 0xd0, 0xdd, + 0xe3, 0x5d, 0x47, 0x20, 0x21, 0x84, 0x56, 0x7b, 0xe0, 0x00, 0x27, 0x0e, 0x7b, 0x44, 0x2b, 0x84, + 0x90, 0xb8, 0x20, 0x56, 0x9c, 0xb8, 0x00, 0x52, 0xc4, 0x69, 0xb5, 0xe2, 0xb0, 0x17, 0xac, 0x8d, + 0xe1, 0xcc, 0x8d, 0x4b, 0x4e, 0xa8, 0xaa, 0xab, 0xbb, 0xab, 0x7b, 0x7a, 0xec, 0x1e, 0x13, 0x0f, + 0x70, 0x9b, 0xa9, 0xf7, 0xde, 0xf7, 0xaa, 0xde, 0x7b, 0xf5, 0xde, 0xab, 0xaa, 0x86, 0x65, 0xdd, + 0x70, 0xb7, 0xfb, 0x9b, 0x15, 0xcd, 0xea, 0x56, 0xad, 0x1e, 0x35, 0x9d, 0x6d, 0x63, 0xcb, 0xad, + 0x92, 0x9e, 0x51, 0x35, 0xba, 0x44, 0xa7, 0xd5, 0xdd, 0xe5, 0xaa, 0x4e, 0x4d, 0x6a, 0x13, 0x97, + 0xb6, 0x2b, 0x3d, 0xdb, 0x72, 0x2d, 0x74, 0x31, 0x14, 0xa9, 0x04, 0x22, 0x15, 0xd2, 0x33, 0x2a, + 0x5c, 0xa4, 0xb2, 0xbb, 0x5c, 0x7e, 0x55, 0x42, 0xd5, 0x2d, 0xdd, 0xaa, 0x72, 0xc9, 0xcd, 0xfe, + 0x16, 0xff, 0xc7, 0xff, 0xf0, 0x5f, 0x1e, 0x62, 0x59, 0xdd, 0x59, 0x75, 0x2a, 0x86, 0xc5, 0xd5, + 0x6a, 0x96, 0x9d, 0xa4, 0xb5, 0x7c, 0x3d, 0xe4, 0xe9, 0x12, 0x6d, 0xdb, 0x30, 0xa9, 0xbd, 0x57, + 0xed, 0xed, 0xe8, 0x6c, 0xc0, 0xa9, 0x76, 0xa9, 0x4b, 0x92, 0xa4, 0xaa, 0xc3, 0xa4, 0xec, 0xbe, + 0xe9, 0x1a, 0x5d, 0x3a, 0x20, 0xf0, 0xc6, 0x51, 0x02, 0x8e, 0xb6, 0x4d, 0xbb, 0x24, 0x2e, 0xa7, + 0x7e, 0xa2, 0xc0, 0xb9, 0xba, 0xa5, 0xed, 0x50, 0xbb, 0xc1, 0x8c, 0x80, 0xe9, 0x16, 0xb5, 0xa9, + 0xa9, 0x51, 0x74, 0x0d, 0x8a, 0x36, 0xd5, 0x0d, 0xc7, 0xb5, 0xf7, 0x4a, 0xca, 0x92, 0x72, 0x75, + 0xb2, 0x76, 0xe6, 0xc9, 0xfe, 0xe2, 0xa9, 0x83, 0xfd, 0xc5, 0x22, 0x16, 0xe3, 0x38, 0xe0, 0x40, + 0x55, 0x98, 0x34, 0x49, 0x97, 0x3a, 0x3d, 0xa2, 0xd1, 0x52, 0x86, 0xb3, 0xcf, 0x09, 0xf6, 0xc9, + 0xb7, 0x7c, 0x02, 0x0e, 0x79, 0xd0, 0x12, 0xe4, 0xd8, 0x9f, 0x52, 0x96, 0xf3, 0x4e, 0x0b, 0xde, + 0x1c, 0xe3, 0xc5, 0x9c, 0x82, 0x5e, 0x86, 0xac, 0x4b, 0xf4, 0x52, 0x8e, 0x33, 0x4c, 0x09, 0x86, + 0x6c, 0x8b, 0xe8, 0x98, 0x8d, 0xa3, 0x32, 0x64, 0x8c, 0x7a, 0x29, 0xcf, 0xa9, 0x20, 0xa8, 0x99, + 0x46, 0x1d, 0x67, 0x8c, 0xba, 0xfa, 0xd7, 0x22, 0xe4, 0xf9, 0x72, 0xd0, 0x77, 0xa0, 0xc8, 0x4c, + 0xdc, 0x26, 0x2e, 0xe1, 0xab, 0x98, 0x5a, 0x79, 0xad, 0xe2, 0x59, 0xaa, 0x22, 0x5b, 0xaa, 0xd2, + 0xdb, 0xd1, 0xd9, 0x80, 0x53, 0x61, 0xdc, 0x95, 0xdd, 0xe5, 0xca, 0xfd, 0xcd, 0xef, 0x52, 0xcd, + 0x6d, 0x52, 0x97, 0xd4, 0x90, 0x40, 0x87, 0x70, 0x0c, 0x07, 0xa8, 0x68, 0x1d, 0xce, 0xb5, 0x13, + 0xec, 0x27, 0x8c, 0x70, 0x41, 0xc8, 0x26, 0xda, 0x18, 0x27, 0x4a, 0xa2, 0xef, 0xc3, 0x59, 0x69, + 0xbc, 0xe9, 0x4f, 0x3f, 0xcb, 0xa7, 0xff, 0xea, 0xd0, 0xe9, 0x0b, 0x47, 0x57, 0x30, 0x79, 0xe7, + 0xee, 0xbb, 0x2e, 0x35, 0x1d, 0xc3, 0x32, 0x6b, 0xe7, 0x85, 0xfe, 0xb3, 0xf5, 0x41, 0x44, 0x9c, + 0xa4, 0x06, 0x6d, 0x42, 0x39, 0x61, 0xf8, 0x01, 0xb5, 0x19, 0x9e, 0xf0, 0x86, 0x2a, 0x50, 0xcb, + 0xf5, 0xa1, 0x9c, 0xf8, 0x10, 0x14, 0xd4, 0x8c, 0xae, 0x90, 0x98, 0xc6, 0x16, 0x75, 0x5c, 0xe1, + 0xcc, 0xc4, 0x29, 0x0b, 0x16, 0x9c, 0x24, 0x87, 0x76, 0x61, 0x4e, 0x1a, 0x5e, 0x23, 0x7b, 0xd4, + 0x76, 0x4a, 0x85, 0xa5, 0x2c, 0x37, 0xd7, 0x91, 0x9b, 0xbe, 0x12, 0x4a, 0xd5, 0x5e, 0x12, 0xba, + 0xe7, 0xea, 0x71, 0x3c, 0x3c, 0xa8, 0x02, 0x51, 0x00, 0xc7, 0xd0, 0x4d, 0xe2, 0xf6, 0x6d, 0xea, + 0x94, 0x26, 0xb8, 0xc2, 0xe5, 0xb4, 0x0a, 0x37, 0x7c, 0xc9, 0x30, 0xbe, 0x82, 0x21, 0x07, 0x4b, + 0xc0, 0xe8, 0x3e, 0xcc, 0x4b, 0xba, 0x43, 0xa6, 0x52, 0x71, 0x29, 0x7b, 0x75, 0xba, 0xf6, 0xd2, + 0xc1, 0xfe, 0xe2, 0x7c, 0x3d, 0x89, 0x01, 0x27, 0xcb, 0xa1, 0x6d, 0xb8, 0x90, 0x60, 0xc6, 0x26, + 0x6d, 0x1b, 0xa4, 0xb5, 0xd7, 0xa3, 0xa5, 0x49, 0xee, 0x87, 0xcf, 0x89, 0x69, 0x5d, 0xa8, 0x1f, + 0xc2, 0x8b, 0x0f, 0x45, 0x42, 0xf7, 0x22, 0x9e, 0xb9, 0x63, 0x99, 0x5b, 0x86, 0x5e, 0x02, 0x0e, + 0x9f, 0x64, 0x6a, 0x8f, 0x01, 0x0f, 0xca, 0xa0, 0x1f, 0x29, 0x91, 0x6d, 0xe6, 0x6b, 0x72, 0x4a, + 0x53, 0xdc, 0xea, 0xaf, 0xa5, 0xb5, 0xba, 0x2f, 0x98, 0xb8, 0x31, 0x03, 0x54, 0x9c, 0xa8, 0x4b, + 0xfd, 0xb9, 0x02, 0x67, 0xf9, 0x50, 0xad, 0x63, 0x6d, 0x06, 0xfb, 0xd5, 0x41, 0xab, 0x30, 0xcd, + 0xb5, 0x34, 0x0d, 0xc7, 0x31, 0x4c, 0x9d, 0xef, 0xd4, 0x62, 0xed, 0x9c, 0xd0, 0x30, 0xdd, 0x90, + 0x68, 0x38, 0xc2, 0x89, 0x54, 0x28, 0x74, 0xbc, 0x70, 0x55, 0x96, 0xb2, 0x2c, 0x91, 0x1d, 0xec, + 0x2f, 0x16, 0x44, 0xc0, 0x09, 0x0a, 0xe3, 0xd1, 0x3c, 0xc3, 0x79, 0x29, 0x85, 0xf3, 0x08, 0x4b, + 0x09, 0x8a, 0xfa, 0xe7, 0x2c, 0xcc, 0x72, 0x35, 0x8d, 0x6e, 0xcf, 0xb2, 0xdd, 0x8d, 0x1e, 0xd5, + 0xd0, 0x5d, 0xc8, 0x6d, 0xd9, 0x56, 0x57, 0xa4, 0xbd, 0x4b, 0x52, 0xde, 0xa8, 0xb0, 0x5a, 0x15, + 0x26, 0xb9, 0x60, 0x25, 0x61, 0x1a, 0xfe, 0xaa, 0x6d, 0x75, 0x31, 0x17, 0x47, 0x6f, 0x42, 0xc6, + 0xb5, 0xb8, 0xea, 0xa9, 0x95, 0xab, 0x49, 0x20, 0x6b, 0x96, 0x46, 0x3a, 0x71, 0xa4, 0x02, 0xcb, + 0xc6, 0x2d, 0x0b, 0x67, 0x5c, 0x0b, 0x75, 0x98, 0x79, 0xd8, 0xb4, 0xd6, 0xad, 0x8e, 0xa1, 0xed, + 0x89, 0x44, 0xb6, 0x92, 0xc2, 0x65, 0x2d, 0xa2, 0x37, 0x24, 0x49, 0xd9, 0xa4, 0xe1, 0x28, 0x8e, + 0xa0, 0xa3, 0x77, 0x61, 0xd6, 0xf6, 0xa7, 0x21, 0x14, 0xe6, 0xb9, 0xc2, 0xd7, 0xd3, 0x29, 0xc4, + 0x51, 0xe1, 0xda, 0x8b, 0x42, 0xe7, 0x6c, 0x8c, 0x80, 0xe3, 0x6a, 0xd0, 0x6d, 0x98, 0x35, 0x4c, + 0xad, 0xd3, 0x6f, 0x87, 0x19, 0x2d, 0xc7, 0x23, 0x21, 0x80, 0x68, 0x44, 0xc9, 0x38, 0xce, 0xaf, + 0xfe, 0x26, 0x03, 0x73, 0xb2, 0x1f, 0x5d, 0xe2, 0xf6, 0x1d, 0xd4, 0x82, 0x82, 0xc3, 0x7f, 0x09, + 0x5f, 0x5e, 0x4b, 0x57, 0xc2, 0x3c, 0xe9, 0xda, 0x8c, 0xd0, 0x5e, 0xf0, 0xfe, 0x63, 0x81, 0x85, + 0x1a, 0x90, 0xe7, 0xeb, 0x0e, 0x7c, 0x9b, 0x72, 0x0b, 0xd5, 0x26, 0x0f, 0xf6, 0x17, 0xbd, 0xf2, + 0x8a, 0x3d, 0x04, 0xbf, 0x54, 0x67, 0x87, 0x94, 0xea, 0x6f, 0xc1, 0x64, 0x37, 0xd8, 0xb0, 0x39, + 0xbe, 0x61, 0xd3, 0x6b, 0x0b, 0xda, 0x88, 0x70, 0x77, 0x86, 0x68, 0xea, 0x7b, 0x0a, 0x40, 0x98, + 0x92, 0x83, 0xae, 0x42, 0x19, 0xda, 0x55, 0x5c, 0x86, 0x9c, 0x63, 0x3c, 0xf6, 0x16, 0x9d, 0x0d, + 0xc1, 0xb9, 0xf8, 0x86, 0xf1, 0x98, 0x62, 0x4e, 0x66, 0xfd, 0x4c, 0x37, 0xc8, 0x87, 0xd9, 0x68, + 0x3f, 0x13, 0x26, 0xbf, 0x90, 0x47, 0x6d, 0xc3, 0x4c, 0x38, 0x8f, 0x3a, 0x2b, 0xa4, 0x17, 0x85, + 0x26, 0x85, 0x6b, 0x3a, 0x7d, 0xa4, 0x96, 0x4c, 0x0a, 0x2d, 0xbf, 0x57, 0x60, 0xd2, 0x53, 0x63, + 0x38, 0x2e, 0x7a, 0x34, 0xd0, 0xdc, 0x54, 0xd2, 0x45, 0x06, 0x93, 0xe6, 0xad, 0x4d, 0xd0, 0xd2, + 0xf9, 0x23, 0x52, 0x63, 0xd3, 0x84, 0xbc, 0xe1, 0xd2, 0xae, 0x53, 0xca, 0x8c, 0xe8, 0xb1, 0xd3, + 0x02, 0x34, 0xdf, 0x60, 0xe2, 0xd8, 0x43, 0x51, 0x57, 0x45, 0x64, 0xaf, 0x59, 0xd6, 0x4e, 0xbf, + 0x27, 0xb6, 0xcc, 0x25, 0xc8, 0x77, 0x58, 0xfa, 0x10, 0x29, 0x33, 0x90, 0xe4, 0x39, 0x05, 0x7b, + 0x34, 0xf5, 0x17, 0x19, 0x38, 0x1d, 0x2d, 0xf8, 0x57, 0xa0, 0xd0, 0x36, 0x74, 0xb6, 0xc1, 0x3c, + 0x47, 0x07, 0x21, 0x5e, 0xe7, 0xa3, 0x58, 0x50, 0x47, 0xb6, 0x2f, 0xcb, 0xe4, 0x7e, 0x6c, 0x31, + 0x37, 0xf1, 0x69, 0x65, 0xc3, 0xb4, 0xd3, 0x94, 0x68, 0x38, 0xc2, 0xc9, 0x24, 0x89, 0xad, 0x6d, + 0x1b, 0x2e, 0xd5, 0x58, 0x91, 0x15, 0x8d, 0x52, 0x20, 0x79, 0x5b, 0xa2, 0xe1, 0x08, 0x27, 0x6b, + 0x64, 0x2d, 0x27, 0xde, 0xc8, 0xde, 0xdf, 0xc0, 0x19, 0xcb, 0x41, 0xaf, 0xc0, 0xc4, 0x2e, 0xb1, + 0x0d, 0x62, 0xba, 0xa5, 0x02, 0x67, 0x98, 0x15, 0x0c, 0x13, 0x0f, 0xbc, 0x61, 0xec, 0xd3, 0xd5, + 0xdf, 0x16, 0x44, 0x04, 0x06, 0x85, 0x7e, 0x0c, 0xcd, 0xef, 0x12, 0xe4, 0xdc, 0xd0, 0xb6, 0xc1, + 0x7e, 0xe3, 0x66, 0xe5, 0x14, 0x74, 0x19, 0x26, 0x34, 0xcb, 0x74, 0xa9, 0xe9, 0x72, 0x63, 0x4e, + 0xd7, 0xa6, 0xd8, 0xec, 0xef, 0x78, 0x43, 0xd8, 0xa7, 0x21, 0x03, 0x40, 0xb3, 0xcc, 0xb6, 0xe1, + 0x1a, 0x96, 0xe9, 0xe7, 0x88, 0x34, 0x09, 0x3b, 0x58, 0xec, 0x1d, 0x5f, 0x3a, 0x9c, 0x71, 0x30, + 0xe4, 0x60, 0x09, 0x1c, 0x7d, 0x19, 0x4e, 0x73, 0xf1, 0x46, 0x9b, 0x9a, 0xae, 0xe1, 0xee, 0x09, + 0xd3, 0xcf, 0x0b, 0x31, 0x2f, 0xd4, 0x7c, 0x22, 0x8e, 0xf2, 0xa2, 0x1f, 0xc0, 0x34, 0xeb, 0xcc, + 0x68, 0xfb, 0x4e, 0x87, 0x18, 0x5d, 0xbf, 0xcb, 0xbc, 0x33, 0x72, 0xd3, 0xc7, 0x27, 0xee, 0xa3, + 0xdc, 0x35, 0x5d, 0x5b, 0x2a, 0x6e, 0x32, 0x09, 0x47, 0xd4, 0xa1, 0xb7, 0x61, 0x42, 0xb3, 0x29, + 0x3b, 0xbe, 0x95, 0x26, 0xb8, 0x43, 0x3f, 0x9f, 0xce, 0xa1, 0x2d, 0xa3, 0x4b, 0x85, 0xe5, 0x3d, + 0x71, 0xec, 0xe3, 0xb0, 0x24, 0x62, 0x38, 0x4e, 0x9f, 0xb6, 0x6b, 0x7b, 0xa5, 0x62, 0xea, 0xca, + 0x1c, 0x2c, 0xa4, 0xc1, 0x64, 0xed, 0xda, 0x34, 0x4b, 0x22, 0x0d, 0x81, 0x83, 0x03, 0x44, 0xf4, + 0x6d, 0x1f, 0xbd, 0x65, 0xf1, 0xb6, 0x72, 0x6a, 0xe5, 0x8b, 0xa3, 0xa0, 0x6f, 0xf4, 0x79, 0xd4, + 0xc9, 0xf0, 0x2d, 0x0b, 0x07, 0x90, 0xe5, 0x5b, 0x30, 0x37, 0x60, 0x48, 0x74, 0x06, 0xb2, 0x3b, + 0x54, 0x1c, 0x5a, 0x31, 0xfb, 0x89, 0xce, 0x41, 0x7e, 0x97, 0x74, 0xfa, 0x22, 0x4e, 0xb1, 0xf7, + 0xe7, 0x66, 0x66, 0x55, 0x61, 0xb9, 0x65, 0xca, 0xf3, 0x8c, 0x6b, 0x53, 0xd2, 0x1d, 0xc3, 0x96, + 0x69, 0x41, 0xce, 0xe9, 0x51, 0x4d, 0x54, 0xdd, 0x95, 0xd4, 0x91, 0xc3, 0xe7, 0xc7, 0x1a, 0xbb, + 0x70, 0x9b, 0xb1, 0x7f, 0x98, 0xa3, 0xa1, 0x47, 0x41, 0x8b, 0xe0, 0x75, 0x57, 0xd7, 0x47, 0xc4, + 0x3d, 0xb4, 0x55, 0x50, 0xff, 0xa8, 0xc0, 0x19, 0x89, 0x7b, 0x5c, 0x47, 0xeb, 0xe6, 0x71, 0x3b, + 0x94, 0xb0, 0x02, 0x49, 0x5d, 0x8a, 0xfa, 0x3b, 0xbf, 0xb9, 0xf2, 0x57, 0xc1, 0x5a, 0xac, 0x31, + 0x2c, 0xe3, 0x61, 0xc4, 0xe3, 0xab, 0xa3, 0x79, 0x26, 0x6c, 0xe8, 0x13, 0xfd, 0xbe, 0x19, 0xf3, + 0xfb, 0xcd, 0x63, 0xa1, 0x1f, 0xee, 0xfd, 0x1f, 0x67, 0x60, 0x3e, 0x71, 0x46, 0xac, 0x0e, 0x7b, + 0xbd, 0x37, 0xb7, 0x5c, 0x31, 0x44, 0xf0, 0x78, 0xb0, 0xa0, 0x22, 0x1d, 0xc0, 0xa6, 0x3d, 0xcb, + 0x31, 0x5c, 0xcb, 0xde, 0x13, 0x76, 0xf8, 0x52, 0x8a, 0x99, 0xe2, 0x40, 0x48, 0x32, 0xc3, 0x0c, + 0x33, 0x74, 0x48, 0xc1, 0x12, 0x34, 0x7a, 0xc8, 0x26, 0x44, 0x74, 0xca, 0xcc, 0x91, 0x1d, 0x65, + 0x7b, 0xc9, 0xf8, 0xe1, 0x22, 0x18, 0x12, 0x16, 0x88, 0xea, 0x47, 0x19, 0x78, 0x71, 0x88, 0xe9, + 0x10, 0x8e, 0x18, 0x82, 0xf5, 0x61, 0x23, 0xb9, 0xc1, 0x3b, 0xd3, 0xc5, 0x8c, 0x66, 0x24, 0x18, + 0xed, 0xc6, 0x71, 0x8c, 0x26, 0xbc, 0x7b, 0x88, 0xd9, 0x1e, 0xc5, 0xcc, 0x76, 0x7d, 0x44, 0xb3, + 0xc5, 0xe2, 0x27, 0x66, 0xb8, 0x0f, 0x73, 0x91, 0x7d, 0x27, 0x2e, 0x4f, 0x4e, 0x7e, 0xdf, 0xb5, + 0x21, 0xbf, 0xd9, 0xb1, 0x36, 0xfd, 0x06, 0xf6, 0xd6, 0x68, 0x3e, 0xf1, 0xa6, 0x59, 0x61, 0x47, + 0x7d, 0x51, 0xa0, 0x83, 0xac, 0xc2, 0xc7, 0xb0, 0x07, 0x8e, 0xb6, 0x63, 0xb6, 0x7b, 0xf3, 0x58, + 0x6a, 0x3c, 0x93, 0x79, 0x7a, 0x86, 0xd8, 0xb1, 0xbc, 0x03, 0x10, 0xce, 0x26, 0xa1, 0xca, 0xdd, + 0x93, 0xab, 0xdc, 0x08, 0x37, 0x51, 0xc1, 0x91, 0x45, 0x2a, 0x8c, 0xe5, 0xef, 0x89, 0xba, 0x38, + 0x54, 0xdb, 0x5a, 0x54, 0xdb, 0x1b, 0xa9, 0x93, 0x73, 0xe4, 0xee, 0x44, 0xae, 0xc5, 0x7f, 0x52, + 0xc4, 0x25, 0x86, 0xb0, 0xcc, 0xc9, 0x1f, 0x71, 0x36, 0xa2, 0x47, 0x9c, 0x51, 0x77, 0x6d, 0xf2, + 0x41, 0xe7, 0x1f, 0x0a, 0x20, 0x89, 0xab, 0x49, 0x7a, 0x3d, 0xc3, 0xd4, 0xff, 0xef, 0xca, 0xe5, + 0x11, 0x87, 0x7a, 0xf5, 0x57, 0x99, 0x88, 0xb7, 0x78, 0x3d, 0x30, 0x61, 0xba, 0x23, 0x1d, 0xef, + 0x46, 0xed, 0x45, 0xe4, 0xa3, 0x61, 0xd8, 0x0e, 0xcb, 0xa3, 0x38, 0x82, 0x8f, 0x36, 0x22, 0x37, + 0xa3, 0x61, 0x72, 0x13, 0xc7, 0xc2, 0x97, 0x05, 0xc4, 0x7c, 0x3d, 0x89, 0x09, 0x27, 0xcb, 0xa2, + 0xb7, 0x21, 0xe7, 0x12, 0xdd, 0x8f, 0x89, 0xea, 0x88, 0xb7, 0x46, 0xd2, 0x21, 0x88, 0xe8, 0x0e, + 0xe6, 0x50, 0xea, 0x2f, 0xa3, 0x9d, 0x87, 0x28, 0x1a, 0x27, 0x32, 0x7b, 0x0a, 0xe7, 0x7b, 0xfd, + 0xcd, 0x8e, 0xa1, 0x25, 0x4a, 0x09, 0x6f, 0x5e, 0x12, 0xd0, 0xe7, 0xd7, 0x87, 0xb3, 0xe2, 0xc3, + 0x70, 0xd0, 0x83, 0x88, 0x91, 0xd2, 0x78, 0xf8, 0x2d, 0xd2, 0xa5, 0xed, 0x16, 0xd1, 0xef, 0xee, + 0x52, 0xd3, 0x65, 0x7b, 0x31, 0xd1, 0x52, 0x1f, 0xe4, 0xfc, 0x53, 0x2c, 0xb7, 0x54, 0x8b, 0x8c, + 0x63, 0xe3, 0x7c, 0xcd, 0x8b, 0x74, 0x6f, 0xdb, 0x8c, 0xec, 0xf0, 0x89, 0xc8, 0x5d, 0xd7, 0x0a, + 0x80, 0x78, 0x62, 0x33, 0x2c, 0x53, 0xdc, 0x1f, 0x04, 0xda, 0xef, 0x05, 0x14, 0x2c, 0x71, 0x0d, + 0x6c, 0x9b, 0xc2, 0x09, 0x6f, 0x9b, 0xed, 0x84, 0xc3, 0xf6, 0xf5, 0x74, 0xcb, 0xe6, 0xde, 0x4b, + 0x7f, 0xd6, 0x0e, 0x52, 0x52, 0xfe, 0xb9, 0x74, 0xf0, 0x7f, 0x89, 0xa6, 0xd6, 0x16, 0xd1, 0xc7, + 0x50, 0x24, 0x1e, 0x44, 0x8b, 0xc4, 0xf2, 0x68, 0x45, 0xa2, 0x45, 0xf4, 0x21, 0x75, 0xe2, 0xb3, + 0x0c, 0x14, 0x39, 0xe3, 0x78, 0x82, 0xbc, 0x19, 0x39, 0x85, 0x8c, 0x1c, 0xe5, 0xc5, 0xd8, 0xc1, + 0xe3, 0x9b, 0xc7, 0x38, 0x70, 0x0e, 0xa6, 0x00, 0x38, 0xec, 0x5e, 0x3a, 0xf7, 0x9f, 0xde, 0x4b, + 0xab, 0x7f, 0x50, 0x60, 0xda, 0x37, 0xf1, 0x18, 0x22, 0x65, 0x3d, 0x1a, 0x29, 0x5f, 0x48, 0x3b, + 0xf3, 0xe1, 0x31, 0xf2, 0x4f, 0x05, 0xe6, 0x06, 0xac, 0xe6, 0x57, 0x66, 0x65, 0xc8, 0x75, 0xfb, + 0x31, 0xa6, 0xe1, 0xc3, 0x27, 0x4f, 0x23, 0x96, 0x30, 0xb2, 0x27, 0x97, 0x30, 0xd4, 0xf7, 0xb3, + 0x70, 0x2e, 0xe9, 0xd4, 0xf7, 0xbc, 0x5e, 0xb3, 0xe2, 0x6f, 0x51, 0x99, 0x71, 0xbf, 0x45, 0xe5, + 0xfe, 0x6b, 0x6f, 0x51, 0xd9, 0x11, 0xdf, 0xa2, 0xde, 0xcf, 0xc0, 0x0b, 0xc9, 0x67, 0xc9, 0x13, + 0x7a, 0x90, 0x0a, 0x4f, 0xa1, 0x99, 0xe7, 0x7f, 0x0a, 0x45, 0x37, 0x61, 0x86, 0xb4, 0xbd, 0x30, + 0x23, 0x1d, 0xd6, 0x71, 0xf0, 0x38, 0x9e, 0xac, 0xa1, 0x83, 0xfd, 0xc5, 0x99, 0xdb, 0x11, 0x0a, + 0x8e, 0x71, 0xaa, 0xbf, 0x56, 0x00, 0x36, 0xa8, 0x66, 0x53, 0x77, 0x0c, 0x59, 0xe4, 0x56, 0x74, + 0xfb, 0x96, 0x93, 0x42, 0xdd, 0x9b, 0xcc, 0x90, 0xa4, 0xf1, 0x49, 0x16, 0xd0, 0xe0, 0xbd, 0x38, + 0xba, 0x29, 0xee, 0xea, 0xbd, 0xb4, 0x71, 0x45, 0xbe, 0xab, 0x7f, 0xb6, 0xbf, 0xf8, 0xc2, 0xa0, + 0x84, 0x74, 0x8b, 0xbf, 0x16, 0x38, 0xdc, 0xbb, 0xe9, 0xbf, 0x1e, 0x75, 0xe1, 0xb3, 0xfd, 0xc5, + 0x84, 0x4f, 0xa1, 0x2a, 0x01, 0x52, 0xcc, 0xd1, 0x3a, 0x9c, 0xee, 0x10, 0xc7, 0x5d, 0xb7, 0xad, + 0x4d, 0xda, 0x32, 0xc4, 0x47, 0x40, 0xa3, 0xdd, 0x65, 0x07, 0xb7, 0xf5, 0x6b, 0x32, 0x10, 0x8e, + 0xe2, 0xa2, 0x5d, 0x40, 0x6c, 0xa0, 0x65, 0x13, 0xd3, 0xf1, 0x96, 0xc4, 0xb4, 0xe5, 0x46, 0xd6, + 0x56, 0x16, 0xda, 0xd0, 0xda, 0x00, 0x1a, 0x4e, 0xd0, 0x80, 0xae, 0x40, 0xc1, 0xa6, 0xc4, 0xb1, + 0x4c, 0xf1, 0xb6, 0x10, 0xc4, 0x24, 0xe6, 0xa3, 0x58, 0x50, 0xd1, 0x2b, 0x30, 0xd1, 0xa5, 0x8e, + 0xc3, 0x8a, 0x5d, 0xec, 0x79, 0xa7, 0xe9, 0x0d, 0x63, 0x9f, 0xae, 0xbe, 0xa7, 0x40, 0xe8, 0x22, + 0xde, 0x47, 0x1a, 0xda, 0x5d, 0xef, 0x4d, 0x62, 0x15, 0xa6, 0x2d, 0x5b, 0x27, 0xa6, 0xf1, 0xd8, + 0x6b, 0x3a, 0x95, 0xe8, 0xd3, 0xd3, 0x7d, 0x89, 0x86, 0x23, 0x9c, 0xac, 0x59, 0xd5, 0xac, 0x6e, + 0xd7, 0x32, 0x59, 0x8d, 0x11, 0xae, 0x95, 0x32, 0xb4, 0x4f, 0xc1, 0x12, 0x97, 0xfa, 0xa1, 0x02, + 0xb3, 0xb1, 0xdb, 0x7f, 0xf4, 0x33, 0x05, 0x5e, 0x70, 0x12, 0x27, 0x27, 0xf6, 0xc7, 0x8d, 0x51, + 0x2e, 0xfd, 0x23, 0x00, 0xb5, 0x05, 0x31, 0x9f, 0x21, 0xab, 0xc7, 0x43, 0x14, 0xab, 0x7f, 0x53, + 0xe0, 0x4c, 0xfc, 0x1d, 0xe1, 0x7f, 0x71, 0xa2, 0xe8, 0x75, 0x98, 0xf2, 0x4e, 0x5a, 0x5f, 0xa7, + 0x7b, 0x8d, 0xba, 0xf0, 0xc2, 0x59, 0x01, 0x36, 0xb5, 0x1e, 0x92, 0xb0, 0xcc, 0xa7, 0xfe, 0x24, + 0x03, 0x45, 0xbf, 0xbe, 0xa2, 0x6f, 0x84, 0xef, 0x42, 0xca, 0xc8, 0xd1, 0x1d, 0x04, 0xdd, 0xc0, + 0xdb, 0xd0, 0xf3, 0xff, 0xb6, 0xed, 0x92, 0xdf, 0xdc, 0x79, 0x07, 0xd1, 0xe4, 0x9b, 0x87, 0xe8, + 0x19, 0x2a, 0x97, 0xe6, 0x0c, 0xa5, 0x7e, 0x90, 0x85, 0xb9, 0x81, 0x76, 0x03, 0xdd, 0x88, 0xe4, + 0xbc, 0xcb, 0xb1, 0x9c, 0x37, 0x3f, 0x20, 0x70, 0x62, 0x29, 0x2f, 0x39, 0x13, 0x65, 0xc7, 0x98, + 0x89, 0x72, 0x69, 0x33, 0x51, 0xfe, 0xf0, 0x4c, 0x14, 0xf3, 0x4e, 0x21, 0x95, 0x77, 0x3e, 0x52, + 0x60, 0x36, 0xd6, 0x40, 0xa1, 0x6b, 0x50, 0x34, 0x4c, 0x87, 0x6a, 0x7d, 0x9b, 0x8a, 0xe7, 0x83, + 0xa0, 0x2a, 0x36, 0xc4, 0x38, 0x0e, 0x38, 0x50, 0x15, 0x26, 0x1d, 0x6d, 0x9b, 0xb6, 0xfb, 0x1d, + 0xda, 0xe6, 0x1e, 0x29, 0x86, 0x4f, 0xf9, 0x1b, 0x3e, 0x01, 0x87, 0x3c, 0xa8, 0x0e, 0xe0, 0xf5, + 0x62, 0x4d, 0xab, 0xed, 0x87, 0x9b, 0xff, 0x49, 0x1b, 0x34, 0x02, 0xca, 0xb3, 0xfd, 0xc5, 0x99, + 0xf0, 0x1f, 0xf7, 0xbf, 0x24, 0xa7, 0xfe, 0x2b, 0x07, 0xd3, 0x72, 0x23, 0x96, 0xe2, 0x0b, 0x93, + 0x77, 0x60, 0x8a, 0x98, 0xa6, 0xe5, 0x12, 0xaf, 0x5b, 0xce, 0xa4, 0xbe, 0x15, 0x96, 0xf5, 0x54, + 0x6e, 0x87, 0x10, 0xde, 0xad, 0x70, 0x90, 0x11, 0x24, 0x0a, 0x96, 0x35, 0xa1, 0xdb, 0xa2, 0x45, + 0xce, 0xa6, 0x6f, 0x91, 0x8b, 0xb1, 0xf6, 0xb8, 0x0a, 0x93, 0x41, 0x27, 0x29, 0x3e, 0x5e, 0x0a, + 0xac, 0x1c, 0x6e, 0xed, 0x90, 0x07, 0x55, 0x22, 0xc1, 0x90, 0xe7, 0xc1, 0x30, 0x73, 0xc8, 0x55, + 0x47, 0xbc, 0xff, 0x2e, 0x8c, 0xbb, 0xff, 0x9e, 0x18, 0x4b, 0xff, 0x5d, 0xfe, 0x0a, 0x9c, 0x89, + 0x7b, 0x70, 0xa4, 0x77, 0xe9, 0x75, 0x40, 0x83, 0xfa, 0x8f, 0x6a, 0xe1, 0x06, 0x25, 0xc2, 0x7c, + 0x56, 0xbb, 0xf7, 0xe4, 0xe9, 0xc2, 0xa9, 0x8f, 0x9f, 0x2e, 0x9c, 0xfa, 0xf4, 0xe9, 0xc2, 0xa9, + 0x1f, 0x1e, 0x2c, 0x28, 0x4f, 0x0e, 0x16, 0x94, 0x8f, 0x0f, 0x16, 0x94, 0x4f, 0x0f, 0x16, 0x94, + 0xcf, 0x0e, 0x16, 0x94, 0x9f, 0xfe, 0x7d, 0xe1, 0xd4, 0xc3, 0x8b, 0x47, 0x7e, 0x56, 0xff, 0xef, + 0x00, 0x00, 0x00, 0xff, 0xff, 0x99, 0x51, 0xcf, 0x5f, 0x7a, 0x2f, 0x00, 0x00, } func (m *DockerImageReference) Marshal() (dAtA []byte, err error) { @@ -1346,6 +1384,20 @@ func (m *Image) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.DockerImageManifests) > 0 { + for iNdEx := len(m.DockerImageManifests) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.DockerImageManifests[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x5a + } + } i -= len(m.DockerImageConfig) copy(dAtA[i:], m.DockerImageConfig) i = encodeVarintGenerated(dAtA, i, uint64(len(m.DockerImageConfig))) @@ -1571,6 +1623,20 @@ func (m *ImageImportStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.Manifests) > 0 { + for iNdEx := len(m.Manifests) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Manifests[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + } i -= len(m.Tag) copy(dAtA[i:], m.Tag) i = encodeVarintGenerated(dAtA, i, uint64(len(m.Tag))) @@ -1748,6 +1814,57 @@ func (m *ImageLookupPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *ImageManifest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ImageManifest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ImageManifest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Variant) + copy(dAtA[i:], m.Variant) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Variant))) + i-- + dAtA[i] = 0x32 + i -= len(m.OS) + copy(dAtA[i:], m.OS) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.OS))) + i-- + dAtA[i] = 0x2a + i -= len(m.Architecture) + copy(dAtA[i:], m.Architecture) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Architecture))) + i-- + dAtA[i] = 0x22 + i = encodeVarintGenerated(dAtA, i, uint64(m.ManifestSize)) + i-- + dAtA[i] = 0x18 + i -= len(m.MediaType) + copy(dAtA[i:], m.MediaType) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.MediaType))) + i-- + dAtA[i] = 0x12 + i -= len(m.Digest) + copy(dAtA[i:], m.Digest) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Digest))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *ImageSignature) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -3178,6 +3295,11 @@ func (m *TagImportPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + i -= len(m.ImportMode) + copy(dAtA[i:], m.ImportMode) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ImportMode))) + i-- + dAtA[i] = 0x1a i-- if m.Scheduled { dAtA[i] = 1 @@ -3390,6 +3512,12 @@ func (m *Image) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = len(m.DockerImageConfig) n += 1 + l + sovGenerated(uint64(l)) + if len(m.DockerImageManifests) > 0 { + for _, e := range m.DockerImageManifests { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -3447,6 +3575,12 @@ func (m *ImageImportStatus) Size() (n int) { } l = len(m.Tag) n += 1 + l + sovGenerated(uint64(l)) + if len(m.Manifests) > 0 { + for _, e := range m.Manifests { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -3505,6 +3639,26 @@ func (m *ImageLookupPolicy) Size() (n int) { return n } +func (m *ImageManifest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Digest) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.MediaType) + n += 1 + l + sovGenerated(uint64(l)) + n += 1 + sovGenerated(uint64(m.ManifestSize)) + l = len(m.Architecture) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.OS) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Variant) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *ImageSignature) Size() (n int) { if m == nil { return 0 @@ -3999,6 +4153,8 @@ func (m *TagImportPolicy) Size() (n int) { _ = l n += 2 n += 2 + l = len(m.ImportMode) + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -4078,6 +4234,11 @@ func (this *Image) String() string { repeatedStringForSignatures += strings.Replace(strings.Replace(f.String(), "ImageSignature", "ImageSignature", 1), `&`, ``, 1) + "," } repeatedStringForSignatures += "}" + repeatedStringForDockerImageManifests := "[]ImageManifest{" + for _, f := range this.DockerImageManifests { + repeatedStringForDockerImageManifests += strings.Replace(strings.Replace(f.String(), "ImageManifest", "ImageManifest", 1), `&`, ``, 1) + "," + } + repeatedStringForDockerImageManifests += "}" s := strings.Join([]string{`&Image{`, `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `DockerImageReference:` + fmt.Sprintf("%v", this.DockerImageReference) + `,`, @@ -4089,6 +4250,7 @@ func (this *Image) String() string { `DockerImageSignatures:` + fmt.Sprintf("%v", this.DockerImageSignatures) + `,`, `DockerImageManifestMediaType:` + fmt.Sprintf("%v", this.DockerImageManifestMediaType) + `,`, `DockerImageConfig:` + fmt.Sprintf("%v", this.DockerImageConfig) + `,`, + `DockerImageManifests:` + repeatedStringForDockerImageManifests + `,`, `}`, }, "") return s @@ -4123,10 +4285,16 @@ func (this *ImageImportStatus) String() string { if this == nil { return "nil" } + repeatedStringForManifests := "[]Image{" + for _, f := range this.Manifests { + repeatedStringForManifests += strings.Replace(strings.Replace(f.String(), "Image", "Image", 1), `&`, ``, 1) + "," + } + repeatedStringForManifests += "}" s := strings.Join([]string{`&ImageImportStatus{`, `Status:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Status), "Status", "v1.Status", 1), `&`, ``, 1) + `,`, `Image:` + strings.Replace(this.Image.String(), "Image", "Image", 1) + `,`, `Tag:` + fmt.Sprintf("%v", this.Tag) + `,`, + `Manifests:` + repeatedStringForManifests + `,`, `}`, }, "") return s @@ -4180,6 +4348,21 @@ func (this *ImageLookupPolicy) String() string { }, "") return s } +func (this *ImageManifest) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&ImageManifest{`, + `Digest:` + fmt.Sprintf("%v", this.Digest) + `,`, + `MediaType:` + fmt.Sprintf("%v", this.MediaType) + `,`, + `ManifestSize:` + fmt.Sprintf("%v", this.ManifestSize) + `,`, + `Architecture:` + fmt.Sprintf("%v", this.Architecture) + `,`, + `OS:` + fmt.Sprintf("%v", this.OS) + `,`, + `Variant:` + fmt.Sprintf("%v", this.Variant) + `,`, + `}`, + }, "") + return s +} func (this *ImageSignature) String() string { if this == nil { return "nil" @@ -4591,6 +4774,7 @@ func (this *TagImportPolicy) String() string { s := strings.Join([]string{`&TagImportPolicy{`, `Insecure:` + fmt.Sprintf("%v", this.Insecure) + `,`, `Scheduled:` + fmt.Sprintf("%v", this.Scheduled) + `,`, + `ImportMode:` + fmt.Sprintf("%v", this.ImportMode) + `,`, `}`, }, "") return s @@ -5204,6 +5388,40 @@ func (m *Image) Unmarshal(dAtA []byte) error { } m.DockerImageConfig = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DockerImageManifests", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DockerImageManifests = append(m.DockerImageManifests, ImageManifest{}) + if err := m.DockerImageManifests[len(m.DockerImageManifests)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -5695,6 +5913,40 @@ func (m *ImageImportStatus) Unmarshal(dAtA []byte) error { } m.Tag = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Manifests", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Manifests = append(m.Manifests, Image{}) + if err := m.Manifests[len(m.Manifests)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -6138,6 +6390,235 @@ func (m *ImageLookupPolicy) Unmarshal(dAtA []byte) error { } return nil } +func (m *ImageManifest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ImageManifest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ImageManifest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Digest", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Digest = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MediaType", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.MediaType = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ManifestSize", wireType) + } + m.ManifestSize = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.ManifestSize |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Architecture", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Architecture = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field OS", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.OS = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Variant", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Variant = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ImageSignature) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -10470,6 +10951,38 @@ func (m *TagImportPolicy) Unmarshal(dAtA []byte) error { } } m.Scheduled = bool(v != 0) + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ImportMode", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ImportMode = ImportModeType(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/openshift/api/image/v1/generated.proto b/vendor/github.com/openshift/api/image/v1/generated.proto index 355c19bba..faef1f7b1 100644 --- a/vendor/github.com/openshift/api/image/v1/generated.proto +++ b/vendor/github.com/openshift/api/image/v1/generated.proto @@ -59,7 +59,7 @@ message Image { // DockerImageManifest is the raw JSON of the manifest optional string dockerImageManifest = 5; - // DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. + // DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. repeated ImageLayer dockerImageLayers = 6; // Signatures holds all signatures of the image. @@ -74,7 +74,12 @@ message Image { optional string dockerImageManifestMediaType = 9; // DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. + // Will not be set when the image represents a manifest list. optional string dockerImageConfig = 10; + + // DockerImageManifests holds information about sub-manifests when the image represents a manifest list. + // When this field is present, no DockerImageLayers should be specified. + repeated ImageManifest dockerImageManifests = 11; } // ImageBlobReferences describes the blob references within an image. @@ -126,6 +131,9 @@ message ImageImportStatus { // Tag is the tag this image was located under, if any optional string tag = 3; + + // Manifests holds sub-manifests metadata when importing a manifest list + repeated Image manifests = 4; } // ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none. @@ -172,6 +180,30 @@ message ImageLookupPolicy { optional bool local = 3; } +// ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular +// Image object. +message ImageManifest { + // Digest is the unique identifier for the manifest. It refers to an Image object. + optional string digest = 1; + + // MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, + // application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + optional string mediaType = 2; + + // ManifestSize represents the size of the raw object contents, in bytes. + optional int64 manifestSize = 3; + + // Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + optional string architecture = 4; + + // OS specifies the operating system, for example `linux`. + optional string os = 5; + + // Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU + // variant of the ARM CPU. + optional string variant = 6; +} + // ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims // as long as the signature is trusted. Based on this information it is possible to restrict runnable images // to those matching cluster-wide policy. @@ -624,6 +656,9 @@ message TagImportPolicy { // Scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported optional bool scheduled = 2; + + // ImportMode describes how to import an image manifest. + optional string importMode = 3; } // TagReference specifies optional annotations for images using this tag and an optional reference to an ImageStreamTag, ImageStreamImage, or DockerImage this tag should track. diff --git a/vendor/github.com/openshift/api/image/v1/types.go b/vendor/github.com/openshift/api/image/v1/types.go index c636a9277..3edf9f0ae 100644 --- a/vendor/github.com/openshift/api/image/v1/types.go +++ b/vendor/github.com/openshift/api/image/v1/types.go @@ -49,8 +49,8 @@ type Image struct { DockerImageMetadataVersion string `json:"dockerImageMetadataVersion,omitempty" protobuf:"bytes,4,opt,name=dockerImageMetadataVersion"` // DockerImageManifest is the raw JSON of the manifest DockerImageManifest string `json:"dockerImageManifest,omitempty" protobuf:"bytes,5,opt,name=dockerImageManifest"` - // DockerImageLayers represents the layers in the image. May not be set if the image does not define that data. - DockerImageLayers []ImageLayer `json:"dockerImageLayers" protobuf:"bytes,6,rep,name=dockerImageLayers"` + // DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list. + DockerImageLayers []ImageLayer `json:"dockerImageLayers,omitempty" protobuf:"bytes,6,rep,name=dockerImageLayers"` // Signatures holds all signatures of the image. // +patchMergeKey=name // +patchStrategy=merge @@ -60,7 +60,30 @@ type Image struct { // DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2. DockerImageManifestMediaType string `json:"dockerImageManifestMediaType,omitempty" protobuf:"bytes,9,opt,name=dockerImageManifestMediaType"` // DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. + // Will not be set when the image represents a manifest list. DockerImageConfig string `json:"dockerImageConfig,omitempty" protobuf:"bytes,10,opt,name=dockerImageConfig"` + // DockerImageManifests holds information about sub-manifests when the image represents a manifest list. + // When this field is present, no DockerImageLayers should be specified. + DockerImageManifests []ImageManifest `json:"dockerImageManifests,omitempty" protobuf:"bytes,11,rep,name=dockerImageManifests"` +} + +// ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular +// Image object. +type ImageManifest struct { + // Digest is the unique identifier for the manifest. It refers to an Image object. + Digest string `json:"digest" protobuf:"bytes,1,opt,name=digest"` + // MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, + // application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json. + MediaType string `json:"mediaType" protobuf:"bytes,2,opt,name=mediaType"` + // ManifestSize represents the size of the raw object contents, in bytes. + ManifestSize int64 `json:"manifestSize" protobuf:"varint,3,opt,name=manifestSize"` + // Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`. + Architecture string `json:"architecture" protobuf:"bytes,4,opt,name=architecture"` + // OS specifies the operating system, for example `linux`. + OS string `json:"os" protobuf:"bytes,5,opt,name=os"` + // Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU + // variant of the ARM CPU. + Variant string `json:"variant,omitempty" protobuf:"bytes,6,opt,name=variant"` } // ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none. @@ -267,8 +290,25 @@ type TagImportPolicy struct { Insecure bool `json:"insecure,omitempty" protobuf:"varint,1,opt,name=insecure"` // Scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported Scheduled bool `json:"scheduled,omitempty" protobuf:"varint,2,opt,name=scheduled"` + // ImportMode describes how to import an image manifest. + ImportMode ImportModeType `json:"importMode,omitempty" protobuf:"bytes,3,opt,name=importMode,casttype=ImportModeType"` } +// ImportModeType describes how to import an image manifest. +type ImportModeType string + +const ( + // ImportModeLegacy indicates that the legacy behaviour should be used. + // For manifest lists, the legacy behaviour will discard the manifest list and import a single + // sub-manifest. In this case, the platform is chosen in the following order of priority: + // 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + // This mode is the default. + ImportModeLegacy ImportModeType = "Legacy" + // ImportModePreserveOriginal indicates that the original manifest will be preserved. + // For manifest lists, the manifest list and all its sub-manifests will be imported. + ImportModePreserveOriginal ImportModeType = "PreserveOriginal" +) + // TagReferencePolicyType describes how pull-specs for images in an image stream tag are generated when // image change triggers are fired. type TagReferencePolicyType string @@ -670,6 +710,8 @@ type ImageImportStatus struct { Image *Image `json:"image,omitempty" protobuf:"bytes,2,opt,name=image"` // Tag is the tag this image was located under, if any Tag string `json:"tag,omitempty" protobuf:"bytes,3,opt,name=tag"` + // Manifests holds sub-manifests metadata when importing a manifest list + Manifests []Image `json:"manifests,omitempty" protobuf:"bytes,4,rep,name=manifests"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/image/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/image/v1/zz_generated.deepcopy.go index f6a028507..a8894b039 100644 --- a/vendor/github.com/openshift/api/image/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/image/v1/zz_generated.deepcopy.go @@ -55,6 +55,11 @@ func (in *Image) DeepCopyInto(out *Image) { } } } + if in.DockerImageManifests != nil { + in, out := &in.DockerImageManifests, &out.DockerImageManifests + *out = make([]ImageManifest, len(*in)) + copy(*out, *in) + } return } @@ -135,6 +140,13 @@ func (in *ImageImportStatus) DeepCopyInto(out *ImageImportStatus) { *out = new(Image) (*in).DeepCopyInto(*out) } + if in.Manifests != nil { + in, out := &in.Manifests, &out.Manifests + *out = make([]Image, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -234,6 +246,22 @@ func (in *ImageLookupPolicy) DeepCopy() *ImageLookupPolicy { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageManifest) DeepCopyInto(out *ImageManifest) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageManifest. +func (in *ImageManifest) DeepCopy() *ImageManifest { + if in == nil { + return nil + } + out := new(ImageManifest) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImageSignature) DeepCopyInto(out *ImageSignature) { *out = *in diff --git a/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go index 8950a8255..561e44c57 100644 --- a/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go @@ -30,11 +30,12 @@ var map_Image = map[string]string{ "dockerImageMetadata": "DockerImageMetadata contains metadata about this image", "dockerImageMetadataVersion": "DockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", "dockerImageManifest": "DockerImageManifest is the raw JSON of the manifest", - "dockerImageLayers": "DockerImageLayers represents the layers in the image. May not be set if the image does not define that data.", + "dockerImageLayers": "DockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", "signatures": "Signatures holds all signatures of the image.", "dockerImageSignatures": "DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", "dockerImageManifestMediaType": "DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", - "dockerImageConfig": "DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2.", + "dockerImageConfig": "DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", + "dockerImageManifests": "DockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", } func (Image) SwaggerDoc() map[string]string { @@ -66,10 +67,11 @@ func (ImageImportSpec) SwaggerDoc() map[string]string { } var map_ImageImportStatus = map[string]string{ - "": "ImageImportStatus describes the result of an image import.", - "status": "Status is the status of the image import, including errors encountered while retrieving the image", - "image": "Image is the metadata of that image, if the image was located", - "tag": "Tag is the tag this image was located under, if any", + "": "ImageImportStatus describes the result of an image import.", + "status": "Status is the status of the image import, including errors encountered while retrieving the image", + "image": "Image is the metadata of that image, if the image was located", + "tag": "Tag is the tag this image was located under, if any", + "manifests": "Manifests holds sub-manifests metadata when importing a manifest list", } func (ImageImportStatus) SwaggerDoc() map[string]string { @@ -115,6 +117,20 @@ func (ImageLookupPolicy) SwaggerDoc() map[string]string { return map_ImageLookupPolicy } +var map_ImageManifest = map[string]string{ + "": "ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object.", + "digest": "Digest is the unique identifier for the manifest. It refers to an Image object.", + "mediaType": "MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json.", + "manifestSize": "ManifestSize represents the size of the raw object contents, in bytes.", + "architecture": "Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`.", + "os": "OS specifies the operating system, for example `linux`.", + "variant": "Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU.", +} + +func (ImageManifest) SwaggerDoc() map[string]string { + return map_ImageManifest +} + var map_ImageSignature = map[string]string{ "": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "Required: Describes a type of stored blob.", @@ -377,9 +393,10 @@ func (TagEventCondition) SwaggerDoc() map[string]string { } var map_TagImportPolicy = map[string]string{ - "": "TagImportPolicy controls how images related to this tag will be imported.", - "insecure": "Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.", - "scheduled": "Scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported", + "": "TagImportPolicy controls how images related to this tag will be imported.", + "insecure": "Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.", + "scheduled": "Scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported", + "importMode": "ImportMode describes how to import an image manifest.", } func (TagImportPolicy) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml index a533efbc1..f08d16578 100644 --- a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml +++ b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml @@ -16,350 +16,264 @@ spec: singular: securitycontextconstraints scope: Cluster versions: - - additionalPrinterColumns: - - description: Determines if a container can request to be run as privileged - jsonPath: .allowPrivilegedContainer - name: Priv - type: string - - description: A list of capabilities that can be requested to add to the container - jsonPath: .allowedCapabilities - name: Caps - type: string - - description: Strategy that will dictate what labels will be set in the SecurityContext - jsonPath: .seLinuxContext.type - name: SELinux - type: string - - description: Strategy that will dictate what RunAsUser is used in the SecurityContext - jsonPath: .runAsUser.type - name: RunAsUser - type: string - - description: Strategy that will dictate what fs group is used by the SecurityContext - jsonPath: .fsGroup.type - name: FSGroup - type: string - - description: Strategy that will dictate what supplemental groups are used by - the SecurityContext - jsonPath: .supplementalGroups.type - name: SupGroup - type: string - - description: Sort order of SCCs - jsonPath: .priority - name: Priority - type: string - - description: Force containers to run with a read only root file system - jsonPath: .readOnlyRootFilesystem - name: ReadOnlyRootFS - type: string - - description: White list of allowed volume plugins - jsonPath: .volumes - name: Volumes - type: string - name: v1 - schema: - openAPIV3Schema: - description: "SecurityContextConstraints governs the ability to make requests - that affect the SecurityContext that will be applied to a container. For - historical reasons SCC was exposed under the core Kubernetes API group. - That exposure is deprecated and will be removed in a future release - users - should instead use the security.openshift.io group to manage SecurityContextConstraints. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - allowHostDirVolumePlugin: - description: AllowHostDirVolumePlugin determines if the policy allow containers - to use the HostDir volume plugin - type: boolean - allowHostIPC: - description: AllowHostIPC determines if the policy allows host ipc in - the containers. - type: boolean - allowHostNetwork: - description: AllowHostNetwork determines if the policy allows the use - of HostNetwork in the pod spec. - type: boolean - allowHostPID: - description: AllowHostPID determines if the policy allows host pid in - the containers. - type: boolean - allowHostPorts: - description: AllowHostPorts determines if the policy allows host ports - in the containers. - type: boolean - allowPrivilegeEscalation: - description: AllowPrivilegeEscalation determines if a pod can request - to allow privilege escalation. If unspecified, defaults to true. - nullable: true - type: boolean - allowPrivilegedContainer: - description: AllowPrivilegedContainer determines if a container can request - to be run as privileged. - type: boolean - allowedCapabilities: - description: AllowedCapabilities is a list of capabilities that can be - requested to add to the container. Capabilities in this field maybe - added at the pod author's discretion. You must not list a capability - in both AllowedCapabilities and RequiredDropCapabilities. To allow all - capabilities you may use '*'. - items: - description: Capability represent POSIX capabilities type + - additionalPrinterColumns: + - description: Determines if a container can request to be run as privileged + jsonPath: .allowPrivilegedContainer + name: Priv + type: string + - description: A list of capabilities that can be requested to add to the container + jsonPath: .allowedCapabilities + name: Caps + type: string + - description: Strategy that will dictate what labels will be set in the SecurityContext + jsonPath: .seLinuxContext.type + name: SELinux + type: string + - description: Strategy that will dictate what RunAsUser is used in the SecurityContext + jsonPath: .runAsUser.type + name: RunAsUser + type: string + - description: Strategy that will dictate what fs group is used by the SecurityContext + jsonPath: .fsGroup.type + name: FSGroup + type: string + - description: Strategy that will dictate what supplemental groups are used by the SecurityContext + jsonPath: .supplementalGroups.type + name: SupGroup + type: string + - description: Sort order of SCCs + jsonPath: .priority + name: Priority + type: string + - description: Force containers to run with a read only root file system + jsonPath: .readOnlyRootFilesystem + name: ReadOnlyRootFS + type: string + - description: White list of allowed volume plugins + jsonPath: .volumes + name: Volumes + type: string + name: v1 + schema: + openAPIV3Schema: + description: "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - allowHostDirVolumePlugin + - allowHostIPC + - allowHostNetwork + - allowHostPID + - allowHostPorts + - allowPrivilegedContainer + - allowedCapabilities + - defaultAddCapabilities + - priority + - readOnlyRootFilesystem + - requiredDropCapabilities + - volumes + properties: + allowHostDirVolumePlugin: + description: AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin + type: boolean + allowHostIPC: + description: AllowHostIPC determines if the policy allows host ipc in the containers. + type: boolean + allowHostNetwork: + description: AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec. + type: boolean + allowHostPID: + description: AllowHostPID determines if the policy allows host pid in the containers. + type: boolean + allowHostPorts: + description: AllowHostPorts determines if the policy allows host ports in the containers. + type: boolean + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true. + type: boolean + nullable: true + allowPrivilegedContainer: + description: AllowPrivilegedContainer determines if a container can request to be run as privileged. + type: boolean + allowedCapabilities: + description: AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + allowedFlexVolumes: + description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "Volumes" field. + type: array + items: + description: AllowedFlexVolume represents a single Flexvolume that is allowed to be used. + type: object + required: + - driver + properties: + driver: + description: Driver is the name of the Flexvolume driver. + type: string + nullable: true + allowedUnsafeSysctls: + description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." + type: array + items: + type: string + nullable: true + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string - nullable: true - type: array - allowedFlexVolumes: - description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty - or nil indicates that all Flexvolumes may be used. This parameter is - effective only when the usage of the Flexvolumes is allowed in the "Volumes" - field. - items: - description: AllowedFlexVolume represents a single Flexvolume that is - allowed to be used. + defaultAddCapabilities: + description: DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + defaultAllowPrivilegeEscalation: + description: DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process. + type: boolean + nullable: true + forbiddenSysctls: + description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc." + type: array + items: + type: string + nullable: true + fsGroup: + description: FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. + type: object properties: - driver: - description: Driver is the name of the Flexvolume driver. + ranges: + description: Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. + type: array + items: + description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' + type: object + properties: + max: + description: Max is the end of the range, inclusive. + type: integer + format: int64 + min: + description: Min is the start of the range, inclusive. + type: integer + format: int64 + type: + description: Type is the strategy that will dictate what FSGroup is used in the SecurityContext. type: string - required: - - driver - type: object - nullable: true - type: array - allowedUnsafeSysctls: - description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe - sysctls, defaults to none. Each entry is either a plain sysctl name - or ends in \"*\" in which case it is considered as a prefix of allowed - sysctls. Single * means all unsafe sysctls are allowed. Kubelet has - to whitelist all allowed unsafe sysctls explicitly to avoid rejection. - \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. - \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." - items: - type: string - nullable: true - type: array - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - defaultAddCapabilities: - description: DefaultAddCapabilities is the default set of capabilities - that will be added to the container unless the pod spec specifically - drops the capability. You may not list a capabiility in both DefaultAddCapabilities - and RequiredDropCapabilities. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - defaultAllowPrivilegeEscalation: - description: DefaultAllowPrivilegeEscalation controls the default setting - for whether a process can gain more privileges than its parent process. - nullable: true - type: boolean - forbiddenSysctls: - description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, - defaults to none. Each entry is either a plain sysctl name or ends in - \"*\" in which case it is considered as a prefix of forbidden sysctls. - Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" - forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", - \"foo.baz\", etc." - items: - type: string - nullable: true - type: array - fsGroup: - description: FSGroup is the strategy that will dictate what fs group is - used by the SecurityContext. - nullable: true - properties: - ranges: - description: Ranges are the allowed ranges of fs groups. If you would - like to force a single fs group then supply a single range with - the same start and end. - items: - description: 'IDRange provides a min/max of an allowed range of - IDs. TODO: this could be reused for UIDs.' - properties: - max: - description: Max is the end of the range, inclusive. - format: int64 - type: integer - min: - description: Min is the start of the range, inclusive. - format: int64 - type: integer - type: object - type: array - type: - description: Type is the strategy that will dictate what FSGroup is - used in the SecurityContext. + nullable: true + groups: + description: The groups that have permission to use this security context constraints + type: array + items: type: string - type: object - groups: - description: The groups that have permission to use this security context - constraints - items: - type: string - nullable: true - type: array - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - priority: - description: Priority influences the sort order of SCCs when evaluating - which SCCs to try first for a given pod request based on access in the - Users and Groups fields. The higher the int, the higher priority. An - unset value is considered a 0 priority. If scores for multiple SCCs - are equal they will be sorted from most restrictive to least restrictive. - If both priorities and restrictions are equal the SCCs will be sorted - by name. - format: int32 - nullable: true - type: integer - readOnlyRootFilesystem: - description: ReadOnlyRootFilesystem when set to true will force containers - to run with a read only root file system. If the container specifically - requests to run with a non-read only root file system the SCC should - deny the pod. If set to false the container may run with a read only - root file system if it wishes but it will not be forced to. - type: boolean - requiredDropCapabilities: - description: RequiredDropCapabilities are the capabilities that will be - dropped from the container. These are required to be dropped and cannot - be added. - items: - description: Capability represent POSIX capabilities type + nullable: true + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - nullable: true - type: array - runAsUser: - description: RunAsUser is the strategy that will dictate what RunAsUser - is used in the SecurityContext. - nullable: true - properties: - type: - description: Type is the strategy that will dictate what RunAsUser - is used in the SecurityContext. - type: string - uid: - description: UID is the user id that containers must run as. Required - for the MustRunAs strategy if not using namespace/service account - allocated uids. - format: int64 - type: integer - uidRangeMax: - description: UIDRangeMax defines the max value for a strategy that - allocates by range. - format: int64 - type: integer - uidRangeMin: - description: UIDRangeMin defines the min value for a strategy that - allocates by range. - format: int64 - type: integer - type: object - seLinuxContext: - description: SELinuxContext is the strategy that will dictate what labels - will be set in the SecurityContext. - nullable: true - properties: - seLinuxOptions: - description: seLinuxOptions required to run as; required for MustRunAs - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - type: - description: Type is the strategy that will dictate what SELinux context - is used in the SecurityContext. + metadata: + type: object + priority: + description: Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name. + type: integer + format: int32 + nullable: true + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to. + type: boolean + requiredDropCapabilities: + description: RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added. + type: array + items: + description: Capability represent POSIX capabilities type type: string - type: object - seccompProfiles: - description: "SeccompProfiles lists the allowed profiles that may be set - for the pod or container's seccomp annotations. An unset (nil) or empty - value means that no profiles may be specifid by the pod or container.\tThe - wildcard '*' may be used to allow all profiles. When used to generate - a value for a pod the first non-wildcard profile will be used as the - default." - items: - type: string - nullable: true - type: array - supplementalGroups: - description: SupplementalGroups is the strategy that will dictate what - supplemental groups are used by the SecurityContext. - nullable: true - properties: - ranges: - description: Ranges are the allowed ranges of supplemental groups. If - you would like to force a single supplemental group then supply - a single range with the same start and end. - items: - description: 'IDRange provides a min/max of an allowed range of - IDs. TODO: this could be reused for UIDs.' - properties: - max: - description: Max is the end of the range, inclusive. - format: int64 - type: integer - min: - description: Min is the start of the range, inclusive. - format: int64 - type: integer + nullable: true + runAsUser: + description: RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext. + type: object + properties: + type: + description: Type is the strategy that will dictate what RunAsUser is used in the SecurityContext. + type: string + uid: + description: UID is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids. + type: integer + format: int64 + uidRangeMax: + description: UIDRangeMax defines the max value for a strategy that allocates by range. + type: integer + format: int64 + uidRangeMin: + description: UIDRangeMin defines the min value for a strategy that allocates by range. + type: integer + format: int64 + nullable: true + seLinuxContext: + description: SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext. + type: object + properties: + seLinuxOptions: + description: seLinuxOptions required to run as; required for MustRunAs type: object - type: array - type: - description: Type is the strategy that will dictate what supplemental - groups is used in the SecurityContext. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: + description: Type is the strategy that will dictate what SELinux context is used in the SecurityContext. + type: string + nullable: true + seccompProfiles: + description: "SeccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default." + type: array + items: type: string - type: object - users: - description: The users who have permissions to use this security context - constraints - items: - type: string - nullable: true - type: array - volumes: - description: Volumes is a white list of allowed volume plugins. FSType - corresponds directly with the field names of a VolumeSource (azureFile, - configMap, emptyDir). To allow all volumes you may use "*". To allow - no volumes, set to ["none"]. - items: - description: FS Type gives strong typing to different file systems that - are used by volumes. - type: string - nullable: true - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - served: true - storage: true + nullable: true + supplementalGroups: + description: SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. + type: object + properties: + ranges: + description: Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. + type: array + items: + description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' + type: object + properties: + max: + description: Max is the end of the range, inclusive. + type: integer + format: int64 + min: + description: Min is the start of the range, inclusive. + type: integer + format: int64 + type: + description: Type is the strategy that will dictate what supplemental groups is used in the SecurityContext. + type: string + nullable: true + users: + description: The users who have permissions to use this security context constraints + type: array + items: + type: string + nullable: true + volumes: + description: Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". To allow no volumes, set to ["none"]. + type: array + items: + description: FS Type gives strong typing to different file systems that are used by volumes. + type: string + nullable: true + served: true + storage: true diff --git a/vendor/github.com/openshift/api/security/v1/Makefile b/vendor/github.com/openshift/api/security/v1/Makefile new file mode 100644 index 000000000..096e6fa2c --- /dev/null +++ b/vendor/github.com/openshift/api/security/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="security.openshift.io/v1" diff --git a/vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml b/vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml new file mode 100644 index 000000000..d663b94c2 --- /dev/null +++ b/vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Stable] SecurityContextConstraints" +crd: 0000_03_security-openshift_01_scc.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal SecurityContextConstraints + initial: | + apiVersion: security.openshift.io/v1 + kind: SecurityContextConstraints + allowHostDirVolumePlugin: false + allowHostIPC: false + allowHostNetwork: false + allowHostPID: false + allowHostPorts: false + allowPrivilegedContainer: false + allowedCapabilities: [] + defaultAddCapabilities: [] + priority: 0 + readOnlyRootFilesystem: false + requiredDropCapabilities: [] + volumes: [] + expected: | + apiVersion: security.openshift.io/v1 + kind: SecurityContextConstraints + allowHostDirVolumePlugin: false + allowHostIPC: false + allowHostNetwork: false + allowHostPID: false + allowHostPorts: false + allowPrivilegedContainer: false + allowedCapabilities: [] + defaultAddCapabilities: [] + priority: 0 + readOnlyRootFilesystem: false + requiredDropCapabilities: [] + volumes: [] diff --git a/vendor/modules.txt b/vendor/modules.txt index 5d47386df..303a7639f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -109,7 +109,7 @@ github.com/munnerz/goautoneg # github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f ## explicit github.com/mwitkow/go-conntrack -# github.com/openshift/api v0.0.0-20220919112502-5eaf4250c423 +# github.com/openshift/api v0.0.0-20221207195358-a671aa80d995 ## explicit; go 1.18 github.com/openshift/api/config/v1 github.com/openshift/api/config/v1alpha1