diff --git a/Gopkg.lock b/Gopkg.lock
index 7a14be93a5a..9e316779781 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -499,14 +499,14 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:e0497c97dc8e84143a1f2441358ac201270f6687d8e947b38fc1cea71ab0bee1"
+  digest = "1:90bd9406d319b87bc39c13f6a03a424106c6cbd4e713d435d152bdc2218c41eb"
   name = "github.com/openshift/api"
   packages = [
     "config/v1",
     "route/v1",
   ]
   pruneopts = "NUT"
-  revision = "a77179bc5896d5391a200f8a4578f092f8828178"
+  revision = "44f2eba96faa042c0f0adccba439acceae12e549"
 
 [[projects]]
   branch = "master"
@@ -521,7 +521,7 @@
     "route/clientset/versioned/typed/route/v1",
   ]
   pruneopts = "NUT"
-  revision = "8892c0adc000741c33af70e05f4ede47725d0773"
+  revision = "c44a8b61b9f46cd9e802384dfeda0bc9942db68a"
 
 [[projects]]
   branch = "master"
diff --git a/pkg/asset/manifests/infrastructure.go b/pkg/asset/manifests/infrastructure.go
index 496bff92223..2a7b7b391d0 100644
--- a/pkg/asset/manifests/infrastructure.go
+++ b/pkg/asset/manifests/infrastructure.go
@@ -1,6 +1,7 @@
 package manifests
 
 import (
+	"fmt"
 	"path/filepath"
 
 	"github.com/ghodss/yaml"
@@ -13,6 +14,7 @@ import (
 
 	"github.com/openshift/installer/pkg/types/aws"
 	"github.com/openshift/installer/pkg/types/azure"
+	"github.com/openshift/installer/pkg/types/gcp"
 	"github.com/openshift/installer/pkg/types/libvirt"
 	"github.com/openshift/installer/pkg/types/none"
 	"github.com/openshift/installer/pkg/types/openstack"
@@ -53,24 +55,6 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error {
 	cloudproviderconfig := &CloudProviderConfig{}
 	dependencies.Get(clusterID, installConfig, cloudproviderconfig)
 
-	var platform configv1.PlatformType
-	switch installConfig.Config.Platform.Name() {
-	case aws.Name:
-		platform = configv1.AWSPlatformType
-	case none.Name:
-		platform = configv1.NonePlatformType
-	case libvirt.Name:
-		platform = configv1.LibvirtPlatformType
-	case openstack.Name:
-		platform = configv1.OpenStackPlatformType
-	case vsphere.Name:
-		platform = configv1.VSpherePlatformType
-	case azure.Name:
-		platform = configv1.AzurePlatformType
-	default:
-		platform = configv1.NonePlatformType
-	}
-
 	config := &configv1.Infrastructure{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: configv1.SchemeGroupVersion.String(),
@@ -82,13 +66,50 @@ func (i *Infrastructure) Generate(dependencies asset.Parents) error {
 		},
 		Status: configv1.InfrastructureStatus{
 			InfrastructureName:   clusterID.InfraID,
-			Platform:             platform,
 			APIServerURL:         getAPIServerURL(installConfig.Config),
 			APIServerInternalURL: getInternalAPIServerURL(installConfig.Config),
 			EtcdDiscoveryDomain:  getEtcdDiscoveryDomain(installConfig.Config),
+			PlatformStatus:       &configv1.PlatformStatus{},
 		},
 	}
 
+	switch installConfig.Config.Platform.Name() {
+	case aws.Name:
+		config.Status.Platform = configv1.AWSPlatformType
+		config.Status.PlatformStatus.Type = configv1.AWSPlatformType
+		config.Status.PlatformStatus.AWS = &configv1.AWSPlatformStatus{
+			Region: installConfig.Config.Platform.AWS.Region,
+		}
+	case azure.Name:
+		config.Status.Platform = configv1.AzurePlatformType
+		config.Status.PlatformStatus.Type = configv1.AzurePlatformType
+		config.Status.PlatformStatus.Azure = &configv1.AzurePlatformStatus{
+			ResourceGroupName: fmt.Sprintf("%s-rg", clusterID.InfraID),
+		}
+	case gcp.Name:
+		config.Status.Platform = configv1.GCPPlatformType
+		config.Status.PlatformStatus.Type = configv1.GCPPlatformType
+		config.Status.PlatformStatus.GCP = &configv1.GCPPlatformStatus{
+			ProjectID: installConfig.Config.Platform.GCP.ProjectID,
+			Region:    installConfig.Config.Platform.GCP.Region,
+		}
+	case libvirt.Name:
+		config.Status.Platform = configv1.LibvirtPlatformType
+		config.Status.PlatformStatus.Type = configv1.LibvirtPlatformType
+	case none.Name:
+		config.Status.Platform = configv1.NonePlatformType
+		config.Status.PlatformStatus.Type = configv1.NonePlatformType
+	case openstack.Name:
+		config.Status.Platform = configv1.OpenStackPlatformType
+		config.Status.PlatformStatus.Type = configv1.OpenStackPlatformType
+	case vsphere.Name:
+		config.Status.Platform = configv1.VSpherePlatformType
+		config.Status.PlatformStatus.Type = configv1.VSpherePlatformType
+	default:
+		config.Status.PlatformStatus.Type = configv1.NonePlatformType
+	}
+	config.Status.Platform = config.Status.PlatformStatus.Type
+
 	if cloudproviderconfig.ConfigMap != nil {
 		// set the configmap reference.
 		config.Spec.CloudConfig = configv1.ConfigMapFileReference{Name: cloudproviderconfig.ConfigMap.Name, Key: cloudProviderConfigDataKey}
diff --git a/vendor/github.com/openshift/api/config/v1/types_console.go b/vendor/github.com/openshift/api/config/v1/types_console.go
index c8b5b482f50..40ad0015142 100644
--- a/vendor/github.com/openshift/api/config/v1/types_console.go
+++ b/vendor/github.com/openshift/api/config/v1/types_console.go
@@ -6,7 +6,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
-// Console holds cluster-wide information about Console.  The canonical name is `cluster`
+// Console holds cluster-wide information about Console.  The canonical name is `cluster`.
 type Console struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object's metadata.
@@ -20,11 +20,13 @@ type Console struct {
 	Status ConsoleStatus `json:"status"`
 }
 
+// ConsoleSpec is the specification of the desired behavior of the Console.
 type ConsoleSpec struct {
 	// +optional
 	Authentication ConsoleAuthentication `json:"authentication"`
 }
 
+// ConsoleStatus defines the observed status of the Console.
 type ConsoleStatus struct {
 	// The URL for the console. This will be derived from the host for the route that
 	// is created for the console.
@@ -40,6 +42,7 @@ type ConsoleList struct {
 	Items           []Console `json:"items"`
 }
 
+// ConsoleAuthentication defines a list of optional configuration for console authentication.
 type ConsoleAuthentication struct {
 	// An optional, absolute URL to redirect web browsers to after logging out of
 	// the console. If not specified, it will redirect to the default login page.
diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
index c59dc39c1ec..f925cdf8b53 100644
--- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
+++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
@@ -110,6 +110,14 @@ type PlatformStatus struct {
 	// AWS contains settings specific to the Amazon Web Services infrastructure provider.
 	// +optional
 	AWS *AWSPlatformStatus `json:"aws,omitempty"`
+
+	// Azure contains settings specific to the Azure infrastructure provider.
+	// +optional
+	Azure *AzurePlatformStatus `json:"azure,omitempty"`
+
+	// GCP contains settings specific to the Google Cloud Platform infrastructure provider.
+	// +optional
+	GCP *GCPPlatformStatus `json:"gcp,omitempty"`
 }
 
 // AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.
@@ -118,6 +126,21 @@ type AWSPlatformStatus struct {
 	Region string `json:"region"`
 }
 
+// AzurePlatformStatus holds the current status of the Azure infrastructure provider.
+type AzurePlatformStatus struct {
+	// resourceGroupName is the Resource Group for new Azure resources created for the cluster.
+	ResourceGroupName string `json:"resourceGroupName"`
+}
+
+// GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.
+type GCPPlatformStatus struct {
+	// resourceGroupName is the Project ID for new GCP resources created for the cluster.
+	ProjectID string `json:"projectID"`
+
+	// region holds the region for new GCP resources created for the cluster.
+	Region string `json:"region"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // InfrastructureList is
diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go
index 5b5ab19290d..40ba5e493a4 100644
--- a/vendor/github.com/openshift/api/config/v1/types_network.go
+++ b/vendor/github.com/openshift/api/config/v1/types_network.go
@@ -24,7 +24,8 @@ type Network struct {
 // NetworkSpec is the desired network configuration.
 // As a general rule, this SHOULD NOT be read directly. Instead, you should
 // consume the NetworkStatus, as it indicates the currently deployed configuration.
-// Currently, none of these fields may be changed after installation.
+// Currently, changing ClusterNetwork, ServiceNetwork, or NetworkType after
+// installation is not supported.
 type NetworkSpec struct {
 	// IP address pool to use for pod IPs.
 	ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"`
@@ -39,6 +40,11 @@ type NetworkSpec struct {
 	// Currently supported values are:
 	// - OpenShiftSDN
 	NetworkType string `json:"networkType"`
+
+	// externalIP defines configuration for controllers that
+	// affect Service.ExternalIP
+	// +optional
+	ExternalIP *ExternalIPConfig `json:"externalIP,omitempty"`
 }
 
 // NetworkStatus is the current network configuration.
@@ -67,6 +73,39 @@ type ClusterNetworkEntry struct {
 	HostPrefix uint32 `json:"hostPrefix"`
 }
 
+// ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field
+// of a Service resource.
+type ExternalIPConfig struct {
+	// policy is a set of restrictions applied to the ExternalIP field.
+	// If nil, any value is allowed for an ExternalIP. If the empty/zero
+	// policy is supplied, then ExternalIP is not allowed to be set.
+	// +optional
+	Policy *ExternalIPPolicy `json:"policy,omitempty"`
+
+	// autoAssignCIDRs is a list of CIDRs from which to automatically assign
+	// Service.ExternalIP. These are assigned when the service is of type
+	// LoadBalancer. In general, this is only useful for bare-metal clusters.
+	// In Openshift 3.x, this was misleadingly called "IngressIPs".
+	// Automatically assigned External IPs are not affected by any
+	// ExternalIPPolicy rules.
+	// Currently, only one entry may be provided.
+	// +optional
+	AutoAssignCIDRs []string `json:"autoAssignCIDRs,omitempty"`
+}
+
+// ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP
+// field in a Service. If the zero struct is supplied, then none are permitted.
+// The policy controller always allows automatically assigned external IPs.
+type ExternalIPPolicy struct {
+	// allowedCIDRs is the list of allowed CIDRs.
+	AllowedCIDRs []string `json:"allowedCIDRs,omitempty"`
+
+	// rejectedCIDRs is the list of disallowed CIDRs. These take precedence
+	// over allowedCIDRs.
+	// +optional
+	RejectedCIDRs []string `json:"rejectedCIDRs,omitempty"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 type NetworkList struct {
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
index aa7adfb6034..656ecf3d73d 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
@@ -333,6 +333,22 @@ func (in *AuthenticationStatus) DeepCopy() *AuthenticationStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AzurePlatformStatus) DeepCopyInto(out *AzurePlatformStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePlatformStatus.
+func (in *AzurePlatformStatus) DeepCopy() *AzurePlatformStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(AzurePlatformStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *BasicAuthIdentityProvider) DeepCopyInto(out *BasicAuthIdentityProvider) {
 	*out = *in
@@ -1157,6 +1173,58 @@ func (in *EtcdStorageConfig) DeepCopy() *EtcdStorageConfig {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalIPConfig) DeepCopyInto(out *ExternalIPConfig) {
+	*out = *in
+	if in.Policy != nil {
+		in, out := &in.Policy, &out.Policy
+		*out = new(ExternalIPPolicy)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.AutoAssignCIDRs != nil {
+		in, out := &in.AutoAssignCIDRs, &out.AutoAssignCIDRs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPConfig.
+func (in *ExternalIPConfig) DeepCopy() *ExternalIPConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(ExternalIPConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalIPPolicy) DeepCopyInto(out *ExternalIPPolicy) {
+	*out = *in
+	if in.AllowedCIDRs != nil {
+		in, out := &in.AllowedCIDRs, &out.AllowedCIDRs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.RejectedCIDRs != nil {
+		in, out := &in.RejectedCIDRs, &out.RejectedCIDRs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPPolicy.
+func (in *ExternalIPPolicy) DeepCopy() *ExternalIPPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(ExternalIPPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FeatureGate) DeepCopyInto(out *FeatureGate) {
 	*out = *in
@@ -1276,6 +1344,22 @@ func (in *FeatureGateStatus) DeepCopy() *FeatureGateStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPPlatformStatus.
+func (in *GCPPlatformStatus) DeepCopy() *GCPPlatformStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(GCPPlatformStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) {
 	*out = *in
@@ -2019,6 +2103,11 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.ExternalIP != nil {
+		in, out := &in.ExternalIP, &out.ExternalIP
+		*out = new(ExternalIPConfig)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
@@ -2300,6 +2389,16 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) {
 		*out = new(AWSPlatformStatus)
 		**out = **in
 	}
+	if in.Azure != nil {
+		in, out := &in.Azure, &out.Azure
+		*out = new(AzurePlatformStatus)
+		**out = **in
+	}
+	if in.GCP != nil {
+		in, out := &in.GCP, &out.GCP
+		*out = new(GCPPlatformStatus)
+		**out = **in
+	}
 	return
 }
 
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
index 4e9c622e1b1..2fc1dc15747 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
@@ -539,7 +539,7 @@ func (UpdateHistory) SwaggerDoc() map[string]string {
 }
 
 var map_Console = map[string]string{
-	"":         "Console holds cluster-wide information about Console.  The canonical name is `cluster`",
+	"":         "Console holds cluster-wide information about Console.  The canonical name is `cluster`.",
 	"metadata": "Standard object's metadata.",
 	"spec":     "spec holds user settable values for configuration",
 	"status":   "status holds observed values from the cluster. They may not be overridden.",
@@ -550,6 +550,7 @@ func (Console) SwaggerDoc() map[string]string {
 }
 
 var map_ConsoleAuthentication = map[string]string{
+	"":               "ConsoleAuthentication defines a list of optional configuration for console authentication.",
 	"logoutRedirect": "An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user's token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.",
 }
 
@@ -565,7 +566,16 @@ func (ConsoleList) SwaggerDoc() map[string]string {
 	return map_ConsoleList
 }
 
+var map_ConsoleSpec = map[string]string{
+	"": "ConsoleSpec is the specification of the desired behavior of the Console.",
+}
+
+func (ConsoleSpec) SwaggerDoc() map[string]string {
+	return map_ConsoleSpec
+}
+
 var map_ConsoleStatus = map[string]string{
+	"":           "ConsoleStatus defines the observed status of the Console.",
 	"consoleURL": "The URL for the console. This will be derived from the host for the route that is created for the console.",
 }
 
@@ -708,6 +718,25 @@ func (AWSPlatformStatus) SwaggerDoc() map[string]string {
 	return map_AWSPlatformStatus
 }
 
+var map_AzurePlatformStatus = map[string]string{
+	"":                  "AzurePlatformStatus holds the current status of the Azure infrastructure provider.",
+	"resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.",
+}
+
+func (AzurePlatformStatus) SwaggerDoc() map[string]string {
+	return map_AzurePlatformStatus
+}
+
+var map_GCPPlatformStatus = map[string]string{
+	"":          "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.",
+	"projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.",
+	"region":    "region holds the region for new GCP resources created for the cluster.",
+}
+
+func (GCPPlatformStatus) SwaggerDoc() map[string]string {
+	return map_GCPPlatformStatus
+}
+
 var map_Infrastructure = map[string]string{
 	"":         "Infrastructure holds cluster-wide information about Infrastructure.  The canonical name is `cluster`",
 	"metadata": "Standard object's metadata.",
@@ -752,9 +781,11 @@ func (InfrastructureStatus) SwaggerDoc() map[string]string {
 }
 
 var map_PlatformStatus = map[string]string{
-	"":     "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.",
-	"type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.",
-	"aws":  "AWS contains settings specific to the Amazon Web Services infrastructure provider.",
+	"":      "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.",
+	"type":  "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.",
+	"aws":   "AWS contains settings specific to the Amazon Web Services infrastructure provider.",
+	"azure": "Azure contains settings specific to the Azure infrastructure provider.",
+	"gcp":   "GCP contains settings specific to the Google Cloud Platform infrastructure provider.",
 }
 
 func (PlatformStatus) SwaggerDoc() map[string]string {
@@ -798,6 +829,26 @@ func (ClusterNetworkEntry) SwaggerDoc() map[string]string {
 	return map_ClusterNetworkEntry
 }
 
+var map_ExternalIPConfig = map[string]string{
+	"":                "ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field of a Service resource.",
+	"policy":          "policy is a set of restrictions applied to the ExternalIP field. If nil, any value is allowed for an ExternalIP. If the empty/zero policy is supplied, then ExternalIP is not allowed to be set.",
+	"autoAssignCIDRs": "autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called \"IngressIPs\". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.",
+}
+
+func (ExternalIPConfig) SwaggerDoc() map[string]string {
+	return map_ExternalIPConfig
+}
+
+var map_ExternalIPPolicy = map[string]string{
+	"":              "ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP field in a Service. If the zero struct is supplied, then none are permitted. The policy controller always allows automatically assigned external IPs.",
+	"allowedCIDRs":  "allowedCIDRs is the list of allowed CIDRs.",
+	"rejectedCIDRs": "rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.",
+}
+
+func (ExternalIPPolicy) SwaggerDoc() map[string]string {
+	return map_ExternalIPPolicy
+}
+
 var map_Network = map[string]string{
 	"":         "Network holds cluster-wide information about Network.  The canonical name is `cluster`",
 	"metadata": "Standard object's metadata.",
@@ -818,10 +869,11 @@ func (NetworkList) SwaggerDoc() map[string]string {
 }
 
 var map_NetworkSpec = map[string]string{
-	"":               "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, none of these fields may be changed after installation.",
+	"":               "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, changing ClusterNetwork, ServiceNetwork, or NetworkType after installation is not supported.",
 	"clusterNetwork": "IP address pool to use for pod IPs.",
 	"serviceNetwork": "IP address pool for services. Currently, we only support a single entry here.",
 	"networkType":    "NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN",
+	"externalIP":     "externalIP defines configuration for controllers that affect Service.ExternalIP",
 }
 
 func (NetworkSpec) SwaggerDoc() map[string]string {