diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml index fa6a8b63e97..dac11ccc7e8 100644 --- a/data/data/install.openshift.io_installconfigs.yaml +++ b/data/data/install.openshift.io_installconfigs.yaml @@ -78,6 +78,7 @@ spec: - MachineAPI - Build - DeploymentConfig + - ImageRegistry type: string type: array baselineCapabilitySet: diff --git a/go.mod b/go.mod index 601e26fa5fc..2599ba4551b 100644 --- a/go.mod +++ b/go.mod @@ -56,7 +56,7 @@ require ( github.com/microsoftgraph/msgraph-sdk-go v0.47.0 github.com/nutanix-cloud-native/prism-go-client v0.2.1-0.20220804130801-c8a253627c64 github.com/onsi/gomega v1.27.6 - github.com/openshift/api v0.0.0-20230807132801-600991d550ac + github.com/openshift/api v0.0.0-20230829144734-edd317298780 github.com/openshift/assisted-image-service v0.0.0-20230508133451-c15a62b72155 github.com/openshift/assisted-service/api v0.0.0 github.com/openshift/assisted-service/client v0.0.0 diff --git a/go.sum b/go.sum index 7662e6c923c..fd642813bc8 100644 --- a/go.sum +++ b/go.sum @@ -1010,8 +1010,8 @@ github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xA github.com/openshift/api v0.0.0-20200326160804-ecb9283fe820/go.mod h1:RKMJ5CBnljLfnej+BJ/xnOWc3kZDvJUaIAEq2oKSPtE= github.com/openshift/api v0.0.0-20200827090112-c05698d102cf/go.mod h1:M3xexPhgM8DISzzRpuFUy+jfPjQPIcs9yqEYj17mXV8= github.com/openshift/api v0.0.0-20200829102639-8a3a835f1acf/go.mod h1:M3xexPhgM8DISzzRpuFUy+jfPjQPIcs9yqEYj17mXV8= -github.com/openshift/api v0.0.0-20230807132801-600991d550ac h1:HqT8MmYGXiUGUW0BjygTGOOvqO2wIsTaG3q8nboJyPY= -github.com/openshift/api v0.0.0-20230807132801-600991d550ac/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= +github.com/openshift/api v0.0.0-20230829144734-edd317298780 h1:YkJr0cJmFd7lctcQ82I9zhxlSsrhwqOtHtw5rTIG5J8= +github.com/openshift/api v0.0.0-20230829144734-edd317298780/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= github.com/openshift/assisted-image-service v0.0.0-20230508133451-c15a62b72155 h1:tw+b2D3hxRmjARubw7I9aZ84VumljbIXSZ+8zWX1Y0o= github.com/openshift/assisted-image-service v0.0.0-20230508133451-c15a62b72155/go.mod h1:I+6C5J84eXUUFoOqXCVNOaHQkyYoFD2ObgBhz99B9gc= github.com/openshift/assisted-service/api v0.0.0-20230822055104-ba04805cce13 h1:l7+3leGv8eryw04p8cXyusMszLE1Dkw1S3hQPU4tBpU= diff --git a/pkg/asset/machines/azure/machines.go b/pkg/asset/machines/azure/machines.go index bc33dc3cf35..8aa5dff851c 100644 --- a/pkg/asset/machines/azure/machines.go +++ b/pkg/asset/machines/azure/machines.go @@ -6,6 +6,7 @@ import ( "sort" "strings" + "github.com/Azure/go-autorest/autorest/to" "github.com/pkg/errors" "github.com/sirupsen/logrus" corev1 "k8s.io/api/core/v1" @@ -92,7 +93,7 @@ func Machines(clusterID string, config *types.InstallConfig, pool *types.Machine failureDomains = append(failureDomains, domain) } - machineSetProvider.Zone = nil + machineSetProvider.Zone = "" controlPlaneMachineSet := &machinev1.ControlPlaneMachineSet{ TypeMeta: metav1.TypeMeta{ APIVersion: "machine.openshift.io/v1", @@ -253,7 +254,7 @@ func provider(platform *azure.Platform, mpool *azure.MachinePool, osImage string }, SecurityProfile: securityProfile, UltraSSDCapability: ultraSSDCapability, - Zone: az, + Zone: to.String(az), Subnet: subnet, ManagedIdentity: managedIdentity, Vnet: virtualNetwork, diff --git a/pkg/tfvars/azure/azure.go b/pkg/tfvars/azure/azure.go index 73d57ff82d9..82e3b5248ce 100644 --- a/pkg/tfvars/azure/azure.go +++ b/pkg/tfvars/azure/azure.go @@ -6,7 +6,6 @@ import ( "math/rand" "time" - "github.com/Azure/go-autorest/autorest/to" "github.com/pkg/errors" machineapi "github.com/openshift/api/machine/v1beta1" @@ -101,7 +100,7 @@ func TFVars(sources TFVarsSources) ([]byte, error) { masterAvailabilityZones := make([]string, len(sources.MasterConfigs)) for i, c := range sources.MasterConfigs { - masterAvailabilityZones[i] = to.String(c.Zone) + masterAvailabilityZones[i] = c.Zone } environment, err := environment(sources.CloudName) diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index 69a2ed280f4..b3e5c9dbc12 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -74,6 +74,7 @@ spec: - MachineAPI - Build - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic baselineCapabilitySet: description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent. @@ -199,6 +200,7 @@ spec: - MachineAPI - Build - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic knownCapabilities: description: knownCapabilities lists all the capabilities known to the current cluster. @@ -218,6 +220,7 @@ spec: - MachineAPI - Build - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic conditionalUpdates: description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified. @@ -439,6 +442,9 @@ spec: versionHash: description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only. type: string + x-kubernetes-validations: + - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' + message: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability served: true storage: true subresources: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml index 64a54d5c5fe..e5aa9ad7bf9 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -381,6 +381,13 @@ spec: - SingleReplica - External type: string + cpuPartitioning: + default: None + description: cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are "None" and "AllNodes". When omitted, the default value is "None". The default value of "None" indicates that no nodes will be setup with CPU partitioning. The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API. + enum: + - None + - AllNodes + type: string etcdDiscoveryDomain: description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' type: string diff --git a/vendor/github.com/openshift/api/config/v1/feature_gates.go b/vendor/github.com/openshift/api/config/v1/feature_gates.go index 364b1df935d..1aa6b41ce1f 100644 --- a/vendor/github.com/openshift/api/config/v1/feature_gates.go +++ b/vendor/github.com/openshift/api/config/v1/feature_gates.go @@ -23,6 +23,16 @@ var ( ) var ( + FeatureGateValidatingAdmissionPolicy = FeatureGateName("ValidatingAdmissionPolicy") + validatingAdmissionPolicy = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateValidatingAdmissionPolicy, + }, + OwningJiraComponent: "kube-apiserver", + ResponsiblePerson: "benluddy", + OwningProduct: kubernetes, + } + FeatureGateGatewayAPI = FeatureGateName("GatewayAPI") gateGatewayAPI = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ @@ -143,16 +153,6 @@ var ( OwningProduct: ocpSpecific, } - FeatureGatePDBUnhealthyPodEvictionPolicy = FeatureGateName("PDBUnhealthyPodEvictionPolicy") - pdbUnhealthyPodEvictionPolicy = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGatePDBUnhealthyPodEvictionPolicy, - }, - OwningJiraComponent: "apps", - ResponsiblePerson: "atiratree", - OwningProduct: kubernetes, - } - FeatureGateDynamicResourceAllocation = FeatureGateName("DynamicResourceAllocation") dynamicResourceAllocation = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml index b966b29a880..914d06d12fe 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml @@ -98,6 +98,38 @@ tests: version: 4.11.1 image: bar expectedError: "cannot set both Architecture and Image" + - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability onUpdate: - name: Should not allow image to be set if architecture set initial: | @@ -136,3 +168,111 @@ tests: version: 4.11.1 image: bar expectedError: "cannot set both Architecture and Image" + - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability diff --git a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml index 63da9aa4123..18d752f9194 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml @@ -208,6 +208,7 @@ tests: status: controlPlaneTopology: "HighlyAvailable" infrastructureTopology: "HighlyAvailable" + cpuPartitioning: None platform: Azure platformStatus: azure: @@ -340,6 +341,7 @@ tests: type: OpenStack status: controlPlaneTopology: HighlyAvailable + cpuPartitioning: None infrastructureTopology: HighlyAvailable platform: OpenStack platformStatus: @@ -378,6 +380,7 @@ tests: type: OpenStack status: controlPlaneTopology: HighlyAvailable + cpuPartitioning: None infrastructureTopology: HighlyAvailable platform: OpenStack platformStatus: @@ -550,6 +553,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -657,6 +661,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -764,6 +769,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -822,6 +828,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -857,6 +864,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External @@ -914,6 +922,7 @@ tests: status: controlPlaneTopology: HighlyAvailable infrastructureTopology: HighlyAvailable + cpuPartitioning: None platform: External platformStatus: type: External diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 888a9658ace..3fbe39e4d36 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -13,6 +13,7 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'baremetal' in self.spec.capabilities.additionalEnabledCapabilities ? 'MachineAPI' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'MachineAPI' in self.status.capabilities.enabledCapabilities) : true",message="the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability" type ClusterVersion struct { metav1.TypeMeta `json:",inline"` @@ -247,7 +248,7 @@ const ( ) // ClusterVersionCapability enumerates optional, core cluster components. -// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig +// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry type ClusterVersionCapability string const ( @@ -330,6 +331,9 @@ const ( // The following resources are taken into account: // - deploymentconfigs ClusterVersionCapabilityDeploymentConfig ClusterVersionCapability = "DeploymentConfig" + // ClusterVersionCapabilityImageRegistry manages the image registry which + // allows to distribute Docker images + ClusterVersionCapabilityImageRegistry ClusterVersionCapability = "ImageRegistry" ) // KnownClusterVersionCapabilities includes all known optional, core cluster components. @@ -345,6 +349,7 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ ClusterVersionCapabilityMachineAPI, ClusterVersionCapabilityBuild, ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. @@ -393,6 +398,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityBaremetal, ClusterVersionCapabilityMarketplace, ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_12: { ClusterVersionCapabilityBaremetal, @@ -402,6 +408,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityStorage, ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_13: { ClusterVersionCapabilityBaremetal, @@ -412,6 +419,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_14: { ClusterVersionCapabilityBaremetal, @@ -425,6 +433,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityMachineAPI, ClusterVersionCapabilityBuild, ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, }, ClusterVersionCapabilitySetCurrent: { ClusterVersionCapabilityBaremetal, @@ -438,6 +447,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityMachineAPI, ClusterVersionCapabilityBuild, ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, }, } diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 88835ae5315..e4da7ff97a8 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -163,15 +163,14 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ Disabled: []FeatureGateDescription{}, }, TechPreviewNoUpgrade: newDefaultFeatures(). + with(validatingAdmissionPolicy). with(externalCloudProvider). with(externalCloudProviderGCP). with(csiDriverSharedResource). - with(buildCSIVolumes). with(nodeSwap). with(machineAPIProviderOpenStack). with(insightsConfigAPI). with(retroactiveDefaultStorageClass). - with(pdbUnhealthyPodEvictionPolicy). with(dynamicResourceAllocation). with(admissionWebhookMatchConditions). with(azureWorkloadIdentity). @@ -198,6 +197,7 @@ var defaultFeatures = &FeatureGateEnabledDisabled{ externalCloudProviderAzure, externalCloudProviderExternal, privateHostedZoneAWS, + buildCSIVolumes, }, Disabled: []FeatureGateDescription{ retroactiveDefaultStorageClass, diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 6c791ee8c87..f3c4c6b6380 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -114,7 +114,6 @@ type InfrastructureStatus struct { // +kubebuilder:default=None // +default="None" // +kubebuilder:validation:Enum=None;AllNodes - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade // +optional CPUPartitioning CPUPartitioningMode `json:"cpuPartitioning,omitempty"` } diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml index 699621ec493..97c0ae60099 100644 --- a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml +++ b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml @@ -229,6 +229,11 @@ spec: required: - zone properties: + subnet: + description: subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used. + type: string + maxLength: 80 + pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$ zone: description: Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone. type: string diff --git a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go index 9f81f4d103b..e46c39b552f 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go +++ b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go @@ -287,6 +287,13 @@ type AzureFailureDomain struct { // If nil, the virtual machine should be deployed to no zone. // +kubebuilder:validation:Required Zone string `json:"zone"` + + // subnet is the name of the network subnet in which the VM will be created. + // When omitted, the subnet value from the machine providerSpec template will be used. + // +kubebuilder:validation:MaxLength=80 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$` + // +optional + Subnet string `json:"subnet,omitempty"` } // GCPFailureDomain configures failure domain information for the GCP platform diff --git a/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go index 03f4f8267cf..6406220e7d9 100644 --- a/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go @@ -159,8 +159,9 @@ func (AWSFailureDomainPlacement) SwaggerDoc() map[string]string { } var map_AzureFailureDomain = map[string]string{ - "": "AzureFailureDomain configures failure domain information for the Azure platform.", - "zone": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", + "": "AzureFailureDomain configures failure domain information for the Azure platform.", + "zone": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", + "subnet": "subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.", } func (AzureFailureDomain) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go index 1d565e5d229..ef812f52da9 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_azureprovider.go @@ -95,7 +95,7 @@ type AzureMachineProviderSpec struct { // Availability Zone for the virtual machine. // If nil, the virtual machine should be deployed to no zone // +optional - Zone *string `json:"zone,omitempty"` + Zone string `json:"zone,omitempty"` // NetworkResourceGroup is the resource group for the virtual machine's network // +optional NetworkResourceGroup string `json:"networkResourceGroup,omitempty"` diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go index 4cca127cb4c..caffc189890 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go @@ -303,11 +303,6 @@ func (in *AzureMachineProviderSpec) DeepCopyInto(out *AzureMachineProviderSpec) *out = new(int64) **out = **in } - if in.Zone != nil { - in, out := &in.Zone, &out.Zone - *out = new(string) - **out = **in - } if in.SpotVMOptions != nil { in, out := &in.SpotVMOptions, &out.SpotVMOptions *out = new(SpotVMOptions) diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..6e9f72e132f --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,207 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Etcd provides information to configure an operator to manage etcd. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + controlPlaneHardwareSpeed: + description: HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are "", "Standard" and "Slower". "" means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. + type: string + enum: + - "" + - Standard + - Slower + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. + type: string + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels + type: string + enum: + - "" + - Standard + - Slower + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most recent deployment + type: integer + format: int32 + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across individual nodes + type: array + items: + description: NodeStatus provides information about the current state of a particular node managed by this operator. + type: object + properties: + currentRevision: + description: currentRevision is the generation of the most recently successful deployment + type: integer + format: int32 + lastFailedCount: + description: lastFailedCount is how often the installer pod of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. + type: integer + format: int32 + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. + type: array + items: + type: string + lastFailedTime: + description: lastFailedTime is the time the last failed revision failed the last time. + type: string + format: date-time + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment we're trying to apply + type: integer + format: int32 + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml index 813d03ca72e..e6a79fe6c13 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml @@ -6,6 +6,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: Default name: etcds.operator.openshift.io spec: group: operator.openshift.io @@ -102,6 +103,13 @@ spec: type: string type: type: string + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels + type: string + enum: + - "" + - Standard + - Slower generations: description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. type: array diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml index 0d944cbcd71..83222ab78cb 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml @@ -219,6 +219,59 @@ spec: ipForwarding: description: IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to "Global". The supported values are "Restricted" and "Global". type: string + ipv4: + description: ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values. + type: object + properties: + internalMasqueradeSubnet: + description: internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format + type: string + maxLength: 18 + x-kubernetes-validations: + - rule: self.indexOf('/') == self.lastIndexOf('/') + message: CIDR format must contain exactly one '/' + - rule: '[int(self.split(''/'')[1])].all(x, x <= 29 && x >= 0)' + message: subnet must be in the range /0 to /29 inclusive + - rule: self.split('/')[0].split('.').size() == 4 + message: a valid IPv4 address must contain 4 octets + - rule: '[self.findAll(''[0-9]+'')[0]].all(x, x != ''0'' && int(x) <= 255 && !x.startsWith(''0''))' + message: first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255 + - rule: '[self.findAll(''[0-9]+'')[1], self.findAll(''[0-9]+'')[2], self.findAll(''[0-9]+'')[3]].all(x, int(x) <= 255 && (x == ''0'' || !x.startsWith(''0'')))' + message: IP address octets must not contain leading zeros, and must be less or equal to 255 + ipv6: + description: ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values. + type: object + properties: + internalMasqueradeSubnet: + description: internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - rule: self.indexOf('/') == self.lastIndexOf('/') + message: CIDR format must contain exactly one '/' + - rule: self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0) + message: subnet must be in the range /0 to /125 inclusive + - rule: self.indexOf('::') == self.lastIndexOf('::') + message: IPv6 addresses must contain at most one '::' and may only be shortened once + - rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() <= 8 : self.split(''/'')[0].split('':'').size() == 8' + message: a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments + - rule: 'self.split(''/'')[0].split('':'').size() >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1 + - rule: 'self.split(''/'')[0].split('':'').size() >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2 + - rule: 'self.split(''/'')[0].split('':'').size() >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3 + - rule: 'self.split(''/'')[0].split('':'').size() >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4 + - rule: 'self.split(''/'')[0].split('':'').size() >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5 + - rule: 'self.split(''/'')[0].split('':'').size() >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6 + - rule: 'self.split(''/'')[0].split('':'').size() >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7 + - rule: 'self.split(''/'')[0].split('':'').size() >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8 + - rule: '!self.contains(''.'')' + message: IPv6 dual addresses are not permitted, value should not contain `.` characters routingViaHost: description: RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified. type: boolean diff --git a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml index a40c21fabe1..698e4bf48c8 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml @@ -15,3 +15,216 @@ tests: disableNetworkDiagnostics: false logLevel: Normal operatorLogLevel: Normal + - name: Should be able to pass a valid IPV4 CIDR to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: "169.254.168.0/29" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: false + ipv4: + internalMasqueradeSubnet: "169.254.168.0/29" + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should not be able to pass CIDR with a subnet larger than /29 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.10/32 + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" + - name: Should not be able to pass CIDR with a subnet smaller than /0 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.10/-1 + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" + - name: Should not be able to add an IP address with the incorrect number of octets to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10/24 + expectedError: "Invalid value: \"string\": a valid IPv4 address must contain 4 octets" + - name: Should not be able to add an IP address with leading zeros in an octet to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.010.10/24 + expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" + - name: Should not be able to add an IP address with with zero for the first octet to internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 0.10.10.10/24 + expectedError: "Invalid value: \"string\": first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" + - name: Should not be able to add an IP address with an octet greater than 255 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.256/24 + expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" + - name: Should be able to pass a valid IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + routingViaHost: false + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to pass a valid shorthand IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: false + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should not be able to pass invalid IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "foo" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /125 inclusive" + - name: Should not be able to add an IP address with the more than 8 octets to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:6789:abcd/125 + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: Should not be able to add a dual IP address to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:1.2.3.4/125 + expectedError: "Invalid value: \"string\": IPv6 dual addresses are not permitted, value should not contain `.` characters" + - name: Should be able to pass a double elided IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd::ef01::2345:6789/20" + expectedError: "Invalid value: \"string\": IPv6 addresses must contain at most one '::' and may only be shortened once" + - name: "Should not be able to pass a complete IPV6 CIDR with a :: expander to v6InternalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::abcd:ef01:2345:6789/125" + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: Should not be able to pass a IPV6 CIDR without enough segments to v6InternalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345/125" + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: "Should not be able to pass an elided IPV6 CIDR with only a single empty segment to IPV6 internalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345::/125" + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + \ No newline at end of file diff --git a/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml new file mode 100644 index 00000000000..27108a3af18 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml @@ -0,0 +1,62 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreview] Etcd" +crd: 0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create with Standard hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Standard + - name: Should be able to create with Slower hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Slower + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Slower + onUpdate: + - name: Should be able to create with Standard, then set to Slower + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Slower + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Slower + - name: Should not be allowed to try to set invalid hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: foo + expectedError: Unsupported value diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go index f0b525a40da..f763556b878 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go +++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go @@ -28,12 +28,41 @@ type Etcd struct { type EtcdSpec struct { StaticPodOperatorSpec `json:",inline"` + // HardwareSpeed allows user to change the etcd tuning profile which configures + // the latency parameters for heartbeat interval and leader election timeouts + // allowing the cluster to tolerate longer round-trip-times between etcd members. + // Valid values are "", "Standard" and "Slower". + // "" means no opinion and the platform is left to choose a reasonable default + // which is subject to change without notice. + // +kubebuilder:validation:Optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +optional + HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` } type EtcdStatus struct { StaticPodOperatorStatus `json:",inline"` + HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` } +const ( + // StandardHardwareSpeed provides the normal tolerances for hardware speed and latency. + // Currently sets (values subject to change at any time): + // ETCD_HEARTBEAT_INTERVAL: 100ms + // ETCD_LEADER_ELECTION_TIMEOUT: 1000ms + StandardHardwareSpeed ControlPlaneHardwareSpeed = "Standard" + // SlowerHardwareSpeed provides more tolerance for slower hardware and/or higher latency networks. + // Sets (values subject to change): + // ETCD_HEARTBEAT_INTERVAL: 5x Standard + // ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard + SlowerHardwareSpeed ControlPlaneHardwareSpeed = "Slower" +) + +// ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels +// +enum +// +kubebuilder:validation:Enum:="";Standard;Slower +type ControlPlaneHardwareSpeed string + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeAPISOperatorConfigList is a collection of items diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index ffa8e063629..17fbbed0dc0 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -507,6 +507,63 @@ type GatewayConfig struct { // The supported values are "Restricted" and "Global". // +optional IPForwarding IPForwardingMode `json:"ipForwarding,omitempty"` + // ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + // configuration is used. Check individual members fields within ipv4 for details of default values. + // +optional + IPv4 IPv4GatewayConfig `json:"ipv4,omitempty"` + // ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + // configuration is used. Check individual members fields within ipv6 for details of default values. + // +optional + IPv6 IPv6GatewayConfig `json:"ipv6,omitempty"` +} + +// IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes +type IPv4GatewayConfig struct { + // internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + // ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + // addresses, as well as the shared gateway bridge interface. The values can be changed after + // installation. The subnet chosen should not overlap with other networks specified for + // OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + // be large enough to accommodate 6 IPs (maximum prefix length /29). + // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + // The current default subnet is 169.254.169.0/29 + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="self.indexOf('/') == self.lastIndexOf('/')",message="CIDR format must contain exactly one '/'" + // +kubebuilder:validation:XValidation:rule="[int(self.split('/')[1])].all(x, x <= 29 && x >= 0)",message="subnet must be in the range /0 to /29 inclusive" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split('.').size() == 4",message="a valid IPv4 address must contain 4 octets" + // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[0]].all(x, x != '0' && int(x) <= 255 && !x.startsWith('0'))",message="first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" + // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[1], self.findAll('[0-9]+')[2], self.findAll('[0-9]+')[3]].all(x, int(x) <= 255 && (x == '0' || !x.startsWith('0')))",message="IP address octets must not contain leading zeros, and must be less or equal to 255" + // +optional + InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` +} + +// IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes +type IPv6GatewayConfig struct { + // internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + // ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + // addresses, as well as the shared gateway bridge interface. The values can be changed after + // installation. The subnet chosen should not overlap with other networks specified for + // OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + // be large enough to accommodate 6 IPs (maximum prefix length /125). + // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + // The current default subnet is fd69::/125 + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:XValidation:rule="self.indexOf('/') == self.lastIndexOf('/')",message="CIDR format must contain exactly one '/'" + // +kubebuilder:validation:XValidation:rule="self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0)",message="subnet must be in the range /0 to /125 inclusive" + // +kubebuilder:validation:XValidation:rule="self.indexOf('::') == self.lastIndexOf('::')",message="IPv6 addresses must contain at most one '::' and may only be shortened once" + // +kubebuilder:validation:XValidation:rule="self.contains('::') ? self.split('/')[0].split(':').size() <= 8 : self.split('/')[0].split(':').size() == 8",message="a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=1 ? [self.split('/')[0].split(':', 8)[0]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=2 ? [self.split('/')[0].split(':', 8)[1]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=3 ? [self.split('/')[0].split(':', 8)[2]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=4 ? [self.split('/')[0].split(':', 8)[3]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=5 ? [self.split('/')[0].split(':', 8)[4]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=6 ? [self.split('/')[0].split(':', 8)[5]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=7 ? [self.split('/')[0].split(':', 8)[6]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=8 ? [self.split('/')[0].split(':', 8)[7]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8" + // +kubebuilder:validation:XValidation:rule="!self.contains('.')",message="IPv6 dual addresses are not permitted, value should not contain `.` characters" + // +optional + InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` } type ExportNetworkFlows struct { diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 3f47cd44167..a0f4c1a8975 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -1533,6 +1533,8 @@ func (in *GCPLoadBalancerParameters) DeepCopy() *GCPLoadBalancerParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GatewayConfig) DeepCopyInto(out *GatewayConfig) { *out = *in + out.IPv4 = in.IPv4 + out.IPv6 = in.IPv6 return } @@ -1764,6 +1766,38 @@ func (in *IPsecConfig) DeepCopy() *IPsecConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv4GatewayConfig) DeepCopyInto(out *IPv4GatewayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv4GatewayConfig. +func (in *IPv4GatewayConfig) DeepCopy() *IPv4GatewayConfig { + if in == nil { + return nil + } + out := new(IPv4GatewayConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv6GatewayConfig) DeepCopyInto(out *IPv6GatewayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv6GatewayConfig. +func (in *IPv6GatewayConfig) DeepCopy() *IPv6GatewayConfig { + if in == nil { + return nil + } + out := new(IPv6GatewayConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressController) DeepCopyInto(out *IngressController) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index d10bbd51f2a..f0becd86101 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -686,6 +686,14 @@ func (EtcdList) SwaggerDoc() map[string]string { return map_EtcdList } +var map_EtcdSpec = map[string]string{ + "controlPlaneHardwareSpeed": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.", +} + +func (EtcdSpec) SwaggerDoc() map[string]string { + return map_EtcdSpec +} + var map_AWSClassicLoadBalancerParameters = map[string]string{ "": "AWSClassicLoadBalancerParameters holds configuration parameters for an AWS Classic load balancer.", "connectionIdleTimeout": "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", @@ -1301,6 +1309,8 @@ var map_GatewayConfig = map[string]string{ "": "GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides", "routingViaHost": "RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.", "ipForwarding": "IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to \"Global\". The supported values are \"Restricted\" and \"Global\".", + "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.", + "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.", } func (GatewayConfig) SwaggerDoc() map[string]string { @@ -1334,6 +1344,24 @@ func (IPFIXConfig) SwaggerDoc() map[string]string { return map_IPFIXConfig } +var map_IPv4GatewayConfig = map[string]string{ + "": "IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes", + "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format", +} + +func (IPv4GatewayConfig) SwaggerDoc() map[string]string { + return map_IPv4GatewayConfig +} + +var map_IPv6GatewayConfig = map[string]string{ + "": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", + "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted", +} + +func (IPv6GatewayConfig) SwaggerDoc() map[string]string { + return map_IPv6GatewayConfig +} + var map_KuryrConfig = map[string]string{ "": "KuryrConfig configures the Kuryr-Kubernetes SDN", "daemonProbesPort": "The port kuryr-daemon will listen for readiness and liveness requests.", diff --git a/vendor/modules.txt b/vendor/modules.txt index 26d1f66456f..e182a022056 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -8688,7 +8688,7 @@ github.com/opencontainers/go-digest ## explicit; go 1.11 github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 -# github.com/openshift/api v0.0.0-20230807132801-600991d550ac +# github.com/openshift/api v0.0.0-20230829144734-edd317298780 ## explicit; go 1.20 github.com/openshift/api/config/v1 github.com/openshift/api/config/v1alpha1